QwikSec

Security Database

CVE

CWE

Training

CVE-2019-9815

Published: Jul 23, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

Vendor	Product	Versions
Mozilla	Thunderbird	affected `unspecified - < 60.7`
Mozilla	Firefox	affected `unspecified - < 67`
Mozilla	Firefox ESR	affected `unspecified - < 60.7`

References

https://www.mozilla.org/security/advisories/mfsa2019-13/

x_refsource_MISC

https://www.mozilla.org/security/advisories/mfsa2019-15/

x_refsource_MISC

https://www.mozilla.org/security/advisories/mfsa2019-14/

x_refsource_MISC

https://bugzilla.mozilla.org/show_bug.cgi?id=1546544

x_refsource_MISC

https://mdsattacks.com/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2019-9815 - Security Vulnerability | QwikSec