A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries()
. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.
The product does not properly verify that the source of data or communication is valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | * | 106.0 (excluding) |
Firefox_esr | Mozilla | * | 102.4 (excluding) |
Thunderbird | Mozilla | * | 102.4 (excluding) |