Main Vulnerability Database Vulnerabilities #VU13489

Timing attack in Mozilla Firefox - CVE-2018-12367

Published: June 27, 2018

Vulnerability identifier: #VU13489

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-12367

CWE-ID: CWE-208

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to conduct timing attack.

The weakness exists due to in the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. A remote attacker can use PerformanceNavigationTiming as a precision timer and conduct timing attack and gain access to arbitrary data.

How to mitigate CVE-2018-12367

Update to version 61.0.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/

Timing attack in Mozilla Firefox - CVE-2018-12367

Detailed vulnerability description

How to mitigate CVE-2018-12367

Sources

Please verify you're human