The Resource Timing API in Firefox before 57.0 and Thunderbird before 52.5 incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users.
The Resource Timing API in Firefox before 57.0 and Thunderbird before 52.5 incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users.
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7830 https://bugzilla.mozilla.org/show_bug.cgi?id=1408990