A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries()
. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 106.0 | |
firefox_esr | lt | 102.4 | |
thunderbird | lt | 102.4 |