This issue has been fixed in Firefox version 101.
In Firefox 101, the Performance API incorrectly returned false when the user navigated from an origin that has redirected to the same origin to a different resource. This happened because the API was not aware of the redirection and did not follow the request. This issue has been fixed and now the API correctly returns the status code of the observed redirects.
CVE-2023-29922
This issue has been fixed in Firefox version 101.
In Firefox 101, the Performance API incorrectly returns a response when the user navigates to a different domain while performing analytics. This happened because the API was not aware of the redirection and did not follow the request. This issue has been fixed and now the API correctly returns the status code of the observed redirects.
CVE-2021-29897
This vulnerability has been fixed in Firefox version 103.
In Firefox 103, when the user clicked on an image with an external source, the responseString was not properly sanitized. This allowed remote attackers to bypass security restrictions and possible execute arbitrary code via unspecified vectors. This issue has been fixed and now the responseString is properly sanitized for any images with an external source.
CVE-2023-29916
This issue is not fixed in Firefox version 101.
In Firefox 101, the Performance API incorrectly returned false when the user navigated from an origin that has redirected to the same origin to a different resource. This happened because the API was not aware of the redirection and did not follow the request. This issue has been fixed and now the API correctly returns the status code of the observed redirects.
Timeline
Published on: 12/22/2022 20:15:00 UTC
Last modified on: 01/03/2023 14:46:00 UTC