CVE-2018-12367

CVE-2018-12367

Name

CVE-2018-12367

Description

In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://www.mozilla.org/security/advisories/mfsa2018-19/
Vendor Advisory	https://www.mozilla.org/security/advisories/mfsa2018-16/
Vendor Advisory	https://www.mozilla.org/security/advisories/mfsa2018-15/
Issue Tracking	https://bugzilla.mozilla.org/show_bug.cgi?id=1462891
Third Party Advisory	https://www.debian.org/security/2018/dsa-4295
Third Party Advisory	https://usn.ubuntu.com/3705-1/
Third Party Advisory	http://www.securitytracker.com/id/1041193
Third Party Advisory	http://www.securityfocus.com/bid/104561
Third Party Advisory	https://security.gentoo.org/glsa/201810-01
Mailing List	https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html
Third Party Advisory	https://security.gentoo.org/glsa/201811-13

Type

URI

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2018-19/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2018-16/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2018-15/

Issue Tracking

https://bugzilla.mozilla.org/show_bug.cgi?id=1462891

Third Party Advisory

https://www.debian.org/security/2018/dsa-4295