#VU13489 Timing attack in Mozilla Firefox - CVE-2018-12367
Published: June 27, 2018
Vulnerability identifier: #VU13489
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-12367
CWE-ID: CWE-208
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Mozilla Firefox
Mozilla Firefox
Software vendor:
Mozilla
Mozilla
Description
The vulnerability allows a remote attacker to conduct timing attack.
The weakness exists due to in the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. A remote attacker can use PerformanceNavigationTiming as a precision timer and conduct timing attack and gain access to arbitrary data.
The weakness exists due to in the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. A remote attacker can use PerformanceNavigationTiming as a precision timer and conduct timing attack and gain access to arbitrary data.
Remediation
Update to version 61.0.