Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-12367

Date: October 18, 2018

In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

Language: Unix

Severity Score

Related Resources (15)

http://www.securitytracker.com/id/1041193
https://www.mozilla.org/security/advisories/mfsa2018-16/
https://security.gentoo.org/glsa/201810-01
https://www.mozilla.org/security/advisories/mfsa2018-15/
http://www.securityfocus.com/bid/104561
https://security.gentoo.org/glsa/201811-13
https://nvd.nist.gov/vuln/detail/CVE-2018-12367
https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12367
https://security-tracker.debian.org/tracker/CVE-2018-12367
https://www.debian.org/security/2018/dsa-4295
https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1462891
https://www.mozilla.org/security/advisories/mfsa2018-19/
https://usn.ubuntu.com/3705-1/
https://www.mend.io/vulnerability-database/CVE-2018-12367

Severity Score

Weakness Type (CWE)

Input Validation

CWE-20

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us