Main Vulnerability Database Vulnerabilities #VU18549

#VU18549 Race condition in Mozilla Firefox - CVE-2019-9815

Published: May 21, 2019

Vulnerability identifier: #VU18549

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-9815

CWE-ID: CWE-362

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to enabled hyperthreading in applications running untrusted code in a thread through a new sysctl on macOS. A remote attacker can perform timing attack, similar to previous Spectre attacks and execute arbitrary code on the target system.

The vulnerability affects macOS users.

For this mitigation to take effect, users must install macOS 10.14.5.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/