Lucene search

K
alpinelinuxAlpine Linux Development TeamALPINE:CVE-2019-9815
HistoryJul 23, 2019 - 2:15 p.m.

CVE-2019-9815

2019-07-2314:15:17
Alpine Linux Development Team
security.alpinelinux.org
31
timing attack
macos 10.14.5
hyperthreading
spectre
sysctl
firefox
thunderbird
firefox esr

AI Score

6.5

Confidence

High

EPSS

0.007

Percentile

80.0%

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. Note: users need to update to macOS 10.14.5 in order to take advantage of this change.. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.