CVE-2018-12367
Last modified
CVE-2018-12367 is a vulnerability of currently unknown severity. In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. EPSS estimates a 1.98% chance of exploitation in the next 30 days.
Description
In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | 8.0 |
| Debian | Debian Linux | 9.0 |
| Canonical | Ubuntu Linux | 14.04 |
| Canonical | Ubuntu Linux | 16.04 |
| Canonical | Ubuntu Linux | 17.10 |
| Canonical | Ubuntu Linux | 18.04 |
| Mozilla | Firefox | < 60.1.0 |
| Mozilla | Firefox | < 61.0 |
| Mozilla | Thunderbird | < 60.0 |
References
- http://www.securityfocus.com/bid/104561Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1041193Third Party Advisory, VDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1462891Issue Tracking, Permissions Required, Vendor Advisory
- https://lists.debian.org/debian-lts-announce/2018/11/msg00011.htmlMailing List, Third Party Advisory
- https://security.gentoo.org/glsa/201810-01Third Party Advisory
- https://security.gentoo.org/glsa/201811-13Third Party Advisory
- https://usn.ubuntu.com/3705-1/Third Party Advisory
- https://www.debian.org/security/2018/dsa-4295Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-15/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-16/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-19/Vendor Advisory
- http://www.securityfocus.com/bid/104561Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1041193Third Party Advisory, VDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1462891Issue Tracking, Permissions Required, Vendor Advisory
- https://lists.debian.org/debian-lts-announce/2018/11/msg00011.htmlMailing List, Third Party Advisory
- https://security.gentoo.org/glsa/201810-01Third Party Advisory
- https://security.gentoo.org/glsa/201811-13Third Party Advisory
- https://usn.ubuntu.com/3705-1/Third Party Advisory
- https://www.debian.org/security/2018/dsa-4295Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-15/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-16/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-19/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-12367?
How severe is CVE-2018-12367?
How do I fix CVE-2018-12367?
Are you affected by CVE-2018-12367?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST