In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/104561 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1041193 | Third Party Advisory VDB Entry |
https://bugzilla.mozilla.org/show_bug.cgi?id=1462891 | Issue Tracking Permissions Required Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/201810-01 | Third Party Advisory |
https://security.gentoo.org/glsa/201811-13 | Third Party Advisory |
https://usn.ubuntu.com/3705-1/ | Third Party Advisory |
https://www.debian.org/security/2018/dsa-4295 | Third Party Advisory |
https://www.mozilla.org/security/advisories/mfsa2018-15/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2018-16/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2018-19/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2018-10-18T13:00:00
Updated: 2018-11-25T10:57:01
Reserved: 2018-06-14T00:00:00
Link: CVE-2018-12367
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-10-18T13:29:03.087
Modified: 2018-12-06T15:10:55.787
Link: CVE-2018-12367
JSON object: View
Redhat Information
No data.
CWE