CVE-2017-5928 - The W3C High Resolution Time API, as implemented in various web browsers, does not consider that mem

CVE-2017-5928

Summary

The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the https://bugzilla.mozilla.org/show_bug.cgi?id=1167489#c9 protection mechanism in place, which makes it easier for remote attackers to conduct AnC attacks via crafted JavaScript code.

References

Vulnerable Configurations

cpe:2.3:a:w3:high_resolution_time_api:-:*:*:*:*:*:*:*
cpe:2.3:a:w3:high_resolution_time_api:-:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 13-09-2021 - 12:04)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

refmap via4

bid	97036
misc	http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf https://www.vusec.net/projects/anc

Last major update

13-09-2021 - 12:04

Published

27-02-2017 - 07:59

Last modified

13-09-2021 - 12:04