Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR <