Mozilla Developer Rob Wu discovered that a redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15655
Acknowledgments: Name: the Mozilla project Upstream: Rob Wu
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-15655