Mozilla Firefox CVE-2014-1529 Privilege Escalation Vulnerability
Description
Security researcher Mariusz Mlynski discovered an issue where sites that have been given notification permissions by a user can bypass security checks on source components for the Web Notification API. This allows for script to be run in a privileged context through notifications, leading to arbitrary code execution on these sites.
Affected Applications
Firefox
Firefox ESR