CVE-2015-7327

Published: Sep 24, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Mozilla Firefox before 41.0 does not properly restrict the availability of High Resolution Time API times, which allows remote attackers to track last-level cache access, and consequently obtain sensitive information, via crafted JavaScript code that makes performance.now calls.

Affected (1)

Products: Mozilla: Firefox

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 40.0.3

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://arxiv.org/abs/1502.07373

Source: security@mozilla.org

Exploit

http://www.mozilla.org/security/announce/2015/mfsa2015-114.html

Source: security@mozilla.org

Vendor Advisory

http://www.securitytracker.com/id/1033640

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1153672

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1167489

Source: security@mozilla.org

http://arxiv.org/abs/1502.07373

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.mozilla.org/security/announce/2015/mfsa2015-114.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1033640

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1153672

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1167489

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.