13 matches found
Design/Logic Flaw
A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...
CVE-2022-42927
A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...
CVE-2022-42927
A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...
CVE-2022-42927
A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...
The vulnerability of the performance.getEntries() method in browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird allows a malicious actor to bypass security restrictions and gain unauthorized access to protected information.
The vulnerability of the performance.getEntries method in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to the inclusion of functions from an unverified controlled area. Exploiting this vulnerability could allow a remote attacker to obtain URL records from various...
CVE-2022-42927
A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...
Oracle Linux 7 : firefox (ELSA-2022-7069)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-7069 advisory. - Fix for expat CVE-2022-40674 and non functional webrtc - Added expat backports of CVE-2022-25235, CVE-2022-25236 and CVE-2022-25315 - Added fix for...
AlmaLinux 9 : firefox (ALSA-2022:7071)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:7071 advisory. - A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries...
CVE-2022-42927
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a same-origin policy violation that could have allowed the theft of cross-origin URL entries, leaking the result of a redirect via performance.getEntries...
Insecure Same-Origin Policy
Mozilla Firefox is vulnerable to insecure same-origin policy vulnerability. The vulnerability exists due to the redirection of theft of cross-origin URL entries to another site using performance.getEntries when using the Javascript location property allowing data theft...
CVE-2018-18494
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...
openSUSE Security Update : MozillaFirefox / mozilla-nspr / mozilla-nss (openSUSE-2016-332)
This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : MozillaFirefox was updated to Firefox 45.0 boo969894 - requires NSPR 4.12 / NSS 3.21.1 - Instant browser tab sharing through Hello - Synced Tabs button in button bar - Tabs synced via Firefox Accounts from othe...
Same-origin policy violation using performance.getEntries and history navigation — Mozilla
Security researcher cgvwzq reported that it is possible to read cross-origin URLs following a redirect if performance.getEntries is used along with an iframe to host a page. Navigating back in history through script, content is pulled from the browser cache for the redirected location instead of...