Red Hat Bugzilla – Bug 977611
CVE-2013-1695 Mozilla: Sandbox restrictions not applied to nested frame elements (MFSA 2013-57)
Last modified: 2013-06-26 02:55:51 EDT
Mozilla community member Bob Owen reported that <iframe sandbox> restrictions are not applied to a frame element contained within a sandboxed iframe. As a result, content hosted within a sandboxed iframe could use a frame element to bypass the restrictions that should be applied.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bob Owen as the original reporter.
This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6