The HTTP Alternative Services header, `Alt-Svc`, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded.
Name: the Mozilla project
Upstream: Trishita Tiwari, Ari Trachtenberg
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):