CVE-2018-12367

Name
CVE-2018-12367
Description
In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2018-19/
Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2018-16/
Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2018-15/
Issue Tracking https://bugzilla.mozilla.org/show_bug.cgi?id=1462891
Third Party Advisory https://www.debian.org/security/2018/dsa-4295
Third Party Advisory https://usn.ubuntu.com/3705-1/
Third Party Advisory http://www.securitytracker.com/id/1041193
Third Party Advisory http://www.securityfocus.com/bid/104561
Third Party Advisory https://security.gentoo.org/glsa/201810-01
Mailing List https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html
Third Party Advisory https://security.gentoo.org/glsa/201811-13

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* debian_linux == None == 9.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* debian_linux == None == 8.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status