Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.1
CVSSv3

CVE-2019-9815

Published: 23/07/2019 Updated: 08/09/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Firefox

Vulnerability Summary

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox

mozilla firefox_esr

mozilla thunderbird

Vendor Advisories

Mozilla: Security vulnerabilities fixed in Thunderbird 60.7
Mozilla Foundation Security Advisory 2019-15 Security vulnerabilities fixed in Thunderbird 607 Announced May 21, 2019 Impact high Products Thunderbird Fixed in Thunderbird 607 ...
Mozilla: Security vulnerabilities fixed in Firefox ESR 60.7
Mozilla Foundation Security Advisory 2019-14 Security vulnerabilities fixed in Firefox ESR 607 Announced May 21, 2019 Impact critical Products Firefox ESR Fixed in Firefox ESR 607 ...
Mozilla: Security vulnerabilities fixed in Firefox 67
Mozilla Foundation Security Advisory 2019-13 Security vulnerabilities fixed in Firefox 67 Announced May 21, 2019 Impact critical Products Firefox Fixed in Firefox 67 ...

References

CWE-203https://bugzilla.mozilla.org/show_bug.cgi?id=1546544https://www.mozilla.org/security/advisories/mfsa2019-15/https://www.mozilla.org/security/advisories/mfsa2019-14/https://www.mozilla.org/security/advisories/mfsa2019-13/https://mdsattacks.com/https://nvd.nist.govhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-15/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook