Endpoint Vulnerability

Same-origin policy violation using performance.getEntries and history navigation


Security researcher cgvwzq reported that it is possible to read cross-origin URLs following a redirect if performance.getEntries() is used along with an iframe to host a page. Navigating back in history through script, content is pulled from the browser cache for the redirected location instead of going to the original location. This is a same-origin policy violation and could allow for data theft.

Affected Products

Firefox,Firefox ESR