HIGH 8.1
CVE-2019-9815
EN If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
CVSS v3
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Apps suivies affectées
Configurations CPE vulnérables
| Vendor | Produit | Plateforme | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| mozilla | thunderbird | Windows | <60.7 | cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* |