Candidate: CVE-2015-7327
PublicDate: 2015-09-24 04:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7327
 https://bugzilla.mozilla.org/show_bug.cgi?id=1167489
 https://bugzilla.mozilla.org/show_bug.cgi?id=1153672
 http://www.mozilla.org/security/announce/2015/mfsa2015-114.html
 http://arxiv.org/abs/1502.07373
Description:
 Mozilla Firefox before 41.0 does not properly restrict the availability of
 High Resolution Time API times, which allows remote attackers to track
 last-level cache access, and consequently obtain sensitive information, via
 crafted JavaScript code that makes performance.now calls.
Ubuntu-Description:
Notes:
 seth-arnold> Windows-specific issue doesn't affect Linux or OS X
Bugs:
Priority: medium
Discovered-by: Yossef Oren, Vasileios P. Kemerlis, Simha Sethumadhavan, Angelos D. Keromytis, Amit Klein
Assigned-to: chrisccoulson
CVSS: 

Patches_firefox:
upstream_firefox: released (41.0)
precise_firefox: not-affected
trusty_firefox: not-affected
trusty/esm_firefox: DNE (trusty was not-affected)
vivid_firefox: not-affected
devel_firefox: not-affected

Patches_thunderbird:
Priority_thunderbird: low
upstream_thunderbird: needs-triage
precise_thunderbird: not-affected
trusty_thunderbird: not-affected
trusty/esm_thunderbird: DNE (trusty was not-affected)
vivid_thunderbird: not-affected
devel_thunderbird: not-affected