Rapid7 Vulnerability & Exploit Database

MFSA2015-114 SeaMonkey: Information disclosure via the High Resolution Time API

Back to Search

MFSA2015-114 SeaMonkey: Information disclosure via the High Resolution Time API

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
09/22/2015
Created
07/25/2018
Added
10/22/2015
Modified
04/05/2017

Description

Mozilla identified and fixed an issue where the browser engine does not properly restrict the availability of High Resolution Time API times, which allows remote attackers to track last-level cache access, and consequently obtain sensitive information, via crafted JavaScript code that makes performance.now calls.

Solution(s)

  • mozilla-seamonkey-upgrade-2_38_0

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;