PT-2019-19875 · Mozilla+3 · Firefox Esr+5

Published

2019-05-31

Updated

2024-12-12

CVE-2019-9815

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 67 Firefox ESR versions prior to 60.7 Thunderbird versions prior to 60.7

Description A timing attack vulnerability exists, similar to previous Spectre attacks, if hyperthreading is not disabled. This issue can be mitigated by disabling hyperthreading in applications running untrusted code. Apple has introduced an option to disable hyperthreading in macOS 10.14.5. Firefox has been updated to utilize this option on the main thread and any worker threads.

Recommendations For Firefox versions prior to 67, update to version 67 or later. For Firefox ESR versions prior to 60.7, update to version 60.7 or later. For Thunderbird versions prior to 60.7, update to version 60.7 or later.

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

ALT-PU-2019-1941

CVE-2019-9815

OPENSUSE-SU-2019:1534-1

OPENSUSE-SU-2019:1664-1

OPENSUSE-SU-2019_1484-1

OPENSUSE-SU-2019_1534-1

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:10601-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2019:1388-1

SUSE-SU-2019:1405-1

SUSE-SU-2019:1458-1

SUSE-SU-2019_1405-1

Affected Products

Alt Linux

Firefox

Firefox Esr

Suse

Thunderbird

Apple Macos

PT-2019-19875 · Mozilla+3 · Firefox Esr+5

CVE-2019-9815

Weakness Enumeration

Related Identifiers

Affected Products

References · 1980