What is the severity of CVE-2018-12367?

CVE-2018-12367 has a medium severity rating due to its potential to expose sensitive information through precision timing attacks.

How do I fix CVE-2018-12367?

To resolve CVE-2018-12367, users should upgrade their affected software to the latest version provided by Mozilla and the respective distributors.

Which software is affected by CVE-2018-12367?

CVE-2018-12367 affects older versions of Mozilla Firefox, Firefox ESR, and Thunderbird, specifically versions prior to 61, 60.1, and 60, respectively.

Can CVE-2018-12367 be exploited remotely?

CVE-2018-12367 can potentially be exploited remotely through JavaScript running in the browser, making it a concern for web users.

Is there a workaround for CVE-2018-12367?

There is no effective workaround for CVE-2018-12367, and the best course of action is to update the software to the patched versions.

Vulnerability/
CVE-2018-12367

medium

4.3

CWE

26/6/2018

18/10/2018

21/11/2024

CVE-2018-12367: Input Validation

First published: Tue Jun 26 2018(Updated: )

In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

Credit: security@mozilla.org

Affected Software	Affected Version	How to fix
Debian	=8.0
Debian	=9.0
Ubuntu	=14.04
Ubuntu	=16.04
Ubuntu	=17.10
Ubuntu	=18.04
Firefox	<61.0
Firefox ESR	<60.1.0
Thunderbird	<60.0
Thunderbird	<60	60
Firefox	<61	61
Firefox ESR	<60.1	60.1
debian/firefox		135.0.1-1
debian/thunderbird		1:115.12.0-1~deb11u1 1:128.7.0esr-1~deb11u1 1:128.5.0esr-1~deb12u1 1:128.7.0esr-1~deb12u1 1:128.7.0esr-1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2018-12367?
CVE-2018-12367 has a medium severity rating due to its potential to expose sensitive information through precision timing attacks.
How do I fix CVE-2018-12367?
To resolve CVE-2018-12367, users should upgrade their affected software to the latest version provided by Mozilla and the respective distributors.
Which software is affected by CVE-2018-12367?
CVE-2018-12367 affects older versions of Mozilla Firefox, Firefox ESR, and Thunderbird, specifically versions prior to 61, 60.1, and 60, respectively.
Can CVE-2018-12367 be exploited remotely?
CVE-2018-12367 can potentially be exploited remotely through JavaScript running in the browser, making it a concern for web users.
Is there a workaround for CVE-2018-12367?
There is no effective workaround for CVE-2018-12367, and the best course of action is to update the software to the patched versions.

agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/weakness
agent/severity
collector/mitre-cve
source/MITRE
collector/usn-cve
source/Ubuntu
agent/description
agent/references
agent/last-modified-date
agent/trending
agent/source
agent/author
agent/event
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
collector/mozilla-advisory
source/Mozilla
agent/tags
agent/softwarecombine
collector/security-tracker-debian
source/Debian
vendor/debian
canonical/debian
version/debian/8.0
version/debian/9.0
vendor/canonical
canonical/ubuntu
version/ubuntu/14.04
version/ubuntu/16.04
version/ubuntu/17.10
version/ubuntu/18.04
vendor/mozilla
canonical/firefox
canonical/firefox esr
canonical/thunderbird
package-manager/debian