CVE-2014-1552 Information

Description

Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect.

Reference

http://secunia.com/advisories/59760 http://secunia.com/advisories/60628 http://www.mozilla.org/security/announce/2014/mfsa2014-66.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securitytracker.com/id/1030619 http://www.securitytracker.com/id/1030620 https://bugzilla.mozilla.org/show_bug.cgi?id=985135 https://security.gentoo.org/glsa/201504-01