Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-9815

Опубликовано: 23 июл. 2019
Источник: nvd
CVSS3: 8.1
CVSS2: 6.8
EPSS Низкий

Описание

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. Note: users need to update to macOS 10.14.5 in order to take advantage of this change.. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Версия до 67.0 (исключая)
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
Версия до 60.7 (исключая)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Версия до 60.7 (исключая)
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

EPSS

Процентиль: 77%
0.0102
Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-203

Связанные уязвимости

ubuntu логотип

CVE-2019-9815

CVSS3: 8.1
ubuntu
больше 6 лет назад

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

redhat логотип

CVE-2019-9815

CVSS3: 7.5
redhat
больше 6 лет назад

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

debian логотип

CVE-2019-9815

CVSS3: 8.1
debian
больше 6 лет назад

If hyperthreading is not disabled, a timing attack vulnerability exist ...

github логотип

GHSA-crxf-6fx4-jr2j

github
больше 3 лет назад

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

suse-cvrf логотип

SUSE-SU-2019:1405-1

suse-cvrf
больше 6 лет назад

Security update for MozillaFirefox

EPSS

Процентиль: 77%
0.0102
Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-203