CVE-2018-12367

Published: Oct 18, 2018Modified: Nov 25, 2025

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

Affected (9)

Products: Debian: Debian Linux · Canonical: Ubuntu Linux · Mozilla: Firefox, Thunderbird

1 product

1 product

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 17.10
Canonical Ubuntu Linux	Version 18.04

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 60.1.0
Mozilla Firefox	Before 61.0
Mozilla Thunderbird	Before 60.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (22)

http://www.securityfocus.com/bid/104561

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041193

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

https://bugzilla.mozilla.org/show_bug.cgi?id=1462891

Source: security@mozilla.org

Issue TrackingPermissions RequiredVendor Advisory

https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/201810-01

Source: security@mozilla.org

Third Party Advisory

https://security.gentoo.org/glsa/201811-13

Source: security@mozilla.org

Third Party Advisory

https://usn.ubuntu.com/3705-1/

Source: security@mozilla.org

Third Party Advisory

https://www.debian.org/security/2018/dsa-4295

Source: security@mozilla.org

Third Party Advisory

https://www.mozilla.org/security/advisories/mfsa2018-15/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2018-16/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2018-19/

Source: security@mozilla.org

Vendor Advisory

http://www.securityfocus.com/bid/104561

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041193

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.mozilla.org/show_bug.cgi?id=1462891

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPermissions RequiredVendor Advisory

https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/201810-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.gentoo.org/glsa/201811-13

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3705-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2018/dsa-4295

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.mozilla.org/security/advisories/mfsa2018-15/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2018-16/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2018-19/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.