Amazon software engineer Catalin Dumitru reported that the URLs of resources loaded after a navigation started (such as in an unload event handler) were leaked to the following page through the Resource Timing API. This leads to potential information disclosure. External Reference: https://www.mozilla.org/security/advisories/mfsa2016-84/ https://www.mozilla.org/security/advisories/mfsa2016-86/ Acknowledgements: Name: the Mozilla project Upstream: Catalin Dumitru
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2016:1912 https://rhn.redhat.com/errata/RHSA-2016-1912.html