A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. External References: https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9070
Acknowledgments: Name: the Mozilla project Upstream: Abdulrahman Alqabandi
Statement: This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.