Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2016-5250

Source

Mozilla Foundation Security Advisory 2016-84

Information disclosure through Resource Timing API during page navigation

Announced

August 2, 2016

Reporter

Catalin Dumitru

Impact

Moderate

Products

Firefox

Fixed in

Firefox 48

Description

Amazon software engineer Catalin Dumitru reported that the URLs of resources loaded after a navigation started (such as in an unload event handler) were leaked to the following page through the Resource Timing API. This leads to potential information disclosure.

References

Resource Timing API is storing resources sent by the previous page (CVE-2016-5250)

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Information disclosure through Resource Timing API during page navigation

Information disclosure through Resource Timing API during page navigation

Description

References

Vulmon Search

About

Products

Connect