Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-12367

Опубликовано: 26 июн. 2018
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-385
https://bugzilla.redhat.com/show_bug.cgi?id=1595032Mozilla: Timing attack mitigation of PerformanceNavigationTiming

EPSS

Процентиль: 79%
0.01271
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-12367

CVSS3: 4.3
ubuntu
больше 7 лет назад

In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

nvd логотип

CVE-2018-12367

CVSS3: 4.3
nvd
больше 7 лет назад

In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

debian логотип

CVE-2018-12367

CVSS3: 4.3
debian
больше 7 лет назад

In the previous mitigations for Spectre, the resolution or precision o ...

github логотип

GHSA-q3w3-fw86-hj52

CVSS3: 4.3
github
больше 3 лет назад

In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

fstec логотип

BDU:2019-03469

CVSS3: 4.3
fstec
больше 7 лет назад

Уязвимость компонента PerformanceNavigationTiming браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 79%
0.01271
Низкий

4.3 Medium

CVSS3