MiracleLinux 7 : firefox-52.6.0-1.0.1.el7.AXS7 (AXSA:2018-2522:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-2522:01 advisory. Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or,...

MiracleLinux 4 : firefox-52.6.0-1.0.1.AXS4 (AXSA:2018-2539:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-2539:01 advisory. Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or,...

RedHat Update for firefox RHSA-2018:0122-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

mozilla -- Speculative execution side-channel attack

Mozilla Foundation reports: Jann Horn of Google Project Zero Security reported that speculative execution performed by modern CPUs could leak information through a timing side-channel attack. Microsoft Vulnerability Research extended this attack to browser JavaScript engines and demonstrated that...

CVE-2017-5928

The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the https://bugzilla.mozilla.org/showbug.cgi?id=1167489c9 protection mechanism in place, which makes it...

Code injection

The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the https://bugzilla.mozilla.org/showbug.cgi?id=1167489c9 protection mechanism in place, which makes it...

Mozilla Firefox 'performance.now' function information disclosure vulnerability

Mozilla Firefox is an open source web browser. An information disclosure vulnerability exists in the Mozilla Firefox 'performance.now' function due to the program failing to properly limit the availability of High Resolution Time API time, allowing remote attackers to call the ' performance.now'...

Information disclosure via the High Resolution Time API — Mozilla

Security researchers Yossef Oren, Vasileios P. Kemerlis, Simha Sethumadhavan, Angelos D. Keromytis of Columbia University's Network Security Lab reported a method of using the High Resolution Time API for side channel attacks. This attack uses JavaScript loaded through a hostile web page to track...