Same-origin bypass with web workers and XMLHttpRequest
Description
Mozilla community member Federico Lanusse reported a mechanism where a web worker can violate same-origin policy and bypass cross-origin checks through XMLHttpRequest. This could allow for cross-site scripting (XSS) attacks by web workers.
Affected Applications
Thunderbird
Thunderbird ESR