#VU18549 Race condition in Mozilla Firefox - CVE-2019-9815
Published: May 21, 2019
Vulnerability identifier: #VU18549
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-9815
CWE-ID: CWE-362
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Mozilla Firefox
Mozilla Firefox
Software vendor:
Mozilla
Mozilla
Description
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to enabled hyperthreading in applications running untrusted code in a thread through a new sysctl on macOS. A remote attacker can perform timing attack, similar to previous Spectre attacks and execute arbitrary code on the target system.
The vulnerability affects macOS users.
For this mitigation to take effect, users must install macOS 10.14.5.
Remediation
Install updates from vendor's website.