Mozilla Firefox prior to 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote malicious users to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a related issue to CVE-2015-1300.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
opensuse leap 42.1 |
||
opensuse opensuse 13.2 |
||
opensuse opensuse 13.1 |
||
fedoraproject fedora 22 |
||
fedoraproject fedora 23 |