PT-2017-16765 · W3C · W3C High Resolution Time Api

Publicado

2017-02-27

Atualizado

2021-09-13

CVE-2017-5928

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions W3C High Resolution Time API (affected versions not specified)

Description The issue concerns the W3C High Resolution Time API implementation in web browsers, where memory-reference times can be measured using a performance.now "Time to Tick" approach. This allows remote attackers to conduct AnC attacks via crafted JavaScript code, despite the presence of a protection mechanism.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2017-5928

Produtos afetados

W3C High Resolution Time Api

PT-2017-16765 · W3C · W3C High Resolution Time Api

CVE-2017-5928

Identificadores relacionados

Produtos afetados

Referências · 4