Home

CVE-2018-12367

Description

In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

Risk Information

Base Score
4.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
1.271

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Mozilla Firefox 60.7.3Windows
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 60.7.3Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 60.0.2Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 60.0.2Mac
Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 59.0-beta2Mac
thunderbird security update(DSA-4295-1) thunderbird_60.0-3~deb9u1_i386.debLinux
thunderbird security update(DSA-4295-1) thunderbird_60.0-3~deb9u1_amd64.debLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-343015Mozilla Firefox (132.0.2)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611807Mozilla Thunderbird For Mac (142.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234