Red Hat Bugzilla – Bug 1291581
CVE-2015-7207 Mozilla: Same-origin policy violation using perfomance.getEntries and history navigation (MFSA 2015-136)
Last modified: 2015-12-16 04:03:31 EST
Security researcher cgvwzq reported that it is possible to read cross-origin URLs following a redirect if perfomance.getEntries() is used along with an iframe to host a page. Navigating back in history through script, content is pulled from the browser cache for the redirected location instead of going to the original location. This is a same-origin policy violation and could allow for data theft.
This issue affects other browsers as well and is not limited to Mozilla products.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges cgvwzq as the original reporter.
This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.