CVE-2018-12367 — Improper Input Validation in Mozilla Firefox
Severity
4.3MEDIUMNVD
EPSS
1.3%
top 20.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 18
Latest updateMay 14
Description
In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4
Affected Packages9 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, 18.04
🔴Vulnerability Details
4GHSA▶
GHSA-q3w3-fw86-hj52: In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time↗2022-05-14
OSV▶
CVE-2018-12367: In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time↗2018-10-18