Critical Vulnerability Information Vulnerability Overview Vulnerability ID: Bug 82909 (CVE-2014-1511) Vulnerability Type: Pop-up blocker bypass (pop-up control bypass) Severity: sec-critical Status: Closed, Fixed Affected Versions and Fixes Affected Versions: Specific version not specified, but discussions involve multiple versions including Firefox 28, Firefox 29, etc. Fix Status: Verified fixes implemented across multiple versions, including Firefox 27, Firefox 28, Firefox 29, etc. Tracking Flags: Multiple version-specific tracking and fix status updates were recorded. Technical Details Vulnerability Description: - Issue: After frame navigation, unloaded windows could still execute scripts if the parent window held a reference to the outer window (e.g., via ). This was constrained by limitations such as forward navigation operations. - Impact: Methods like were affected, but bypass techniques existed. - Exploitation Method: Exploited the behavior of —when called with three or more parameters, the call is forwarded to . Discussions included permission checks and potential bypasses of security checks. Fixing Measures and Discussions Fixing Actions: - An "obvious patch" was proposed and underwent multiple revisions and evaluations, eventually being accepted and applied. - The fix involved restructuring and security enhancements to classes such as , ensuring no privilege escalation or data leakage due to pop-up control issues. Follow-up Tracking: Included verification and release status updates of the patch across multiple versions, ensuring the fix was effective in widespread usage. ``` The core of this vulnerability lies in security flaws within the pop-up blocking mechanism. It has been successfully fixed and validated across multiple patch versions, ensuring users are protected from such security threats during usage.