Loading privileged content through Reader mode
Security researcher Armin Razmdjou reported a flaw in Reader mode on Firefox for Android. Reader mode reformats web content for easy readability and operates as unprivileged content that is the equivalent of the formatted content. When Reader mode is unable to process content, it displays the original web pages. Since it is unprivileged, there are no restrictions on pages linking to or framing Reader mode content. The reported flaw is that privileged URLs can be passed to Reader mode and bypass the normal restrictions that prevent web pages from obtaining references to privileged contexts. If this issue was combined with another flaw that allowed for a violation of the same-origin policy, then the resulting combination could lead to arbitrary code execution.