DEBIAN-CVE-2018-12367

DEBIAN-CVE-2018-12367 PUBLISHED CVSS 4.300000190734863 MEDIUM

In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

Risk Scores

CVSS v3.0

4.300000190734863

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:11	thunderbird	0, 0, 0
Debian:13	thunderbird	0, 0, 0
Debian:14	thunderbird	0, 0, 0
Debian:12	thunderbird	0, 0, 0

Timeline

Oct 18, 2018 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2018-12367 advisory

Open in Interactive Console →