Same-origin policy violation using performance.getEntries and history navigation
- December 15, 2015
- Firefox, Firefox ESR
- Fixed in
- Firefox 43
- Firefox ESR 38.7
Security researcher cgvwzq reported that it is possible to read
cross-origin URLs following a redirect if
performance.getEntries() is used
along with an iframe to host a page. Navigating back in history through script, content is
pulled from the browser cache for the redirected location instead of going to the original
location. This is a same-origin policy violation and could allow for data theft.
This issue affects other browsers as well and is not limited to Mozilla products.