PT-2019-19875 · Mozilla+3 · Firefox Esr+5

Publicado

2019-05-31

Atualizado

2024-12-12

CVE-2019-9815

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 67 Firefox ESR versions prior to 60.7 Thunderbird versions prior to 60.7

Description A timing attack vulnerability exists, similar to previous Spectre attacks, if hyperthreading is not disabled. This issue can be mitigated by disabling hyperthreading in applications running untrusted code. Apple has introduced an option to disable hyperthreading in macOS 10.14.5. Firefox has been updated to utilize this option on the main thread and any worker threads.

Recommendations For Firefox versions prior to 67, update to version 67 or later. For Firefox ESR versions prior to 60.7, update to version 60.7 or later. For Thunderbird versions prior to 60.7, update to version 60.7 or later.

Correção

Side Channel Attack

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-203

Identificadores relacionados

ALT-PU-2019-1941

CVE-2019-9815

OPENSUSE-SU-2019:1534-1

OPENSUSE-SU-2019:1664-1

OPENSUSE-SU-2019_1484-1

OPENSUSE-SU-2019_1534-1

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:10601-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2019:1388-1

SUSE-SU-2019:1405-1

SUSE-SU-2019:1458-1

SUSE-SU-2019_1405-1

Produtos afetados

Alt Linux

Firefox

Firefox Esr

Suse

Thunderbird

Apple Macos

PT-2019-19875 · Mozilla+3 · Firefox Esr+5

CVE-2019-9815

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1980