CVE-2015-7327 — Sensitive Information Exposure in Mozilla Firefox

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 39.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedSep 24

Latest updateMay 17

Description

Mozilla Firefox before 41.0 does not properly restrict the availability of High Resolution Time API times, which allows remote attackers to track last-level cache access, and consequently obtain sensitive information, via crafted JavaScript code that makes performance.now calls.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/firefox40.0.3

🔴Vulnerability Details

GHSA

GHSA-gpjh-cmj6-fjw9: Mozilla Firefox before 41↗2022-05-17

▶

📋Vendor Advisories

Red Hat

Mozilla: Information disclosure via the High Resolution Time API (MFSA 2015-114)↗2015-09-22

▶

💬Community

Bugzilla

CVE-2015-7327 Mozilla: Information disclosure via the High Resolution Time API (MFSA 2015-114)↗2015-09-23

▶