PoC steal URL x-domain

It is possible to read a x-domain URL after a redirect using perfomance.getEntries() if the page can be iframed.

Specific PoC for Firefox