Endpoint Vulnerability

Information disclosure through Resource Timing API during page navigation

Description

Amazon software engineer Catalin Dumitru reported that the URLs of resources loaded after a navigation started (such as in an unload event handler) were leaked to the following page through the Resource Timing API. This leads to potential information disclosure.

Affected Products

Firefox

References

CVE-2016-5250,