Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-12367

In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

Related bugs and status

CVE-2018-12367 (Candidate) is related to these bugs:

Bug #1791477: Thunderbird Multiple Security Vulnerabilities

Summary				In	Importance	Status
	1791477	Thunderbird Multiple Security Vulnerabilities		thunderbird (Ubuntu)	Undecided	New

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.mozil...
CONFIRM: https://www.mozilla.or...
CONFIRM: https://www.mozilla.or...
CONFIRM: https://www.mozilla.or...
DEBIAN: DSA-4295
UBUNTU: USN-3705-1
BID: 104561
SECTRACK: 1041193
GENTOO: GLSA-201810-01
MLIST: [debian-lts-announce] ...
GENTOO: GLSA-201811-13