vulnerability
Oracle Solaris 11: CVE-2019-9815: Vulnerability in Firefox, Thunderbird
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Jun 26, 2019 | Jun 26, 2019 | Feb 17, 2022 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Jun 26, 2019
Added
Jun 26, 2019
Modified
Feb 17, 2022
Description
If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
Solutions
oracle-solaris-11-4-upgrade-mail-thunderbird-60-7-0-11-4-10-0-1-2-0oracle-solaris-11-4-upgrade-mail-thunderbird-plugin-thunderbird-lightning-60-7-0-11-4-10-0-1-2-0oracle-solaris-11-4-upgrade-web-browser-firefox-60-7-0-11-4-10-0-1-2-0oracle-solaris-11-4-upgrade-web-data-firefox-bookmarks-60-7-0-11-4-10-0-1-2-0
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.