A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries(). This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchfirefox-esr< 102.4.0-r0UNKNOWN
Alpine3.18-communitynoarchfirefox-esr< 102.4.0-r0UNKNOWN
Alpine3.19-communitynoarchfirefox-esr< 102.4.0-r0UNKNOWN
Alpine3.20-communitynoarchfirefox-esr< 102.4.0-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	firefox-esr	< 102.4.0-r0	UNKNOWN
Alpine	3.18-community	noarch	firefox-esr	< 102.4.0-r0	UNKNOWN
Alpine	3.19-community	noarch	firefox-esr	< 102.4.0-r0	UNKNOWN
Alpine	3.20-community	noarch	firefox-esr	< 102.4.0-r0	UNKNOWN