Mozilla Firefox CVE-2015-7207 Information Disclosure Vulnerability

description-logoDescription

Security researcher cgvwzq reported that it is possible to read cross-origin URLs following a redirect if performance.getEntries() is used along with an iframe to host a page. Navigating back in history through script, content is pulled from the browser cache for the redirected location instead of going to the original location. This is a same-origin policy violation and could allow for data theft.

affected-products-logoAffected Applications

Firefox
Firefox ESR

CVE References

CVE-2015-7207