Endpoint Vulnerability

getUserMedia permission dialog incorrectly displays location

Description

Mozilla engineer Matt Wobensmith discovered that when the getUserMedia permission dialog for an iframe appears in one domain, it will display its origin as that of the top-level document and not the calling framed page. This could lead to users incorrectly giving camera or microphone permissions when confusing the requesting page's location for a hosting one's.

Affected Products

Firefox

References

CVE-2013-1698,