CVE-2018-12367

Source
Severity Medium
Remote Yes
Type Information disclosure
Description
A security issue has been found in Firefox before 61.0 and Thunderbird before 60.0. In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work, PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer.
Group Package Affected Fixed Severity Status Ticket
AVG-751 thunderbird 52.9.1-1 60.0-1 Critical Fixed
AVG-727 firefox 60.0.2-1 61.0-1 Critical Fixed
Date Advisory Group Package Severity Description
10 Aug 2018 ASA-201808-8 AVG-751 thunderbird Critical multiple issues
27 Jun 2018 ASA-201806-14 AVG-727 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12367
https://bugzilla.mozilla.org/show_bug.cgi?id=1462891