Vulnerabilities > CVE-2017-5928 - Unspecified vulnerability in W3 High Resolution Time API

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
w3

Summary

The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the https://bugzilla.mozilla.org/show_bug.cgi?id=1167489#c9 protection mechanism in place, which makes it easier for remote attackers to conduct AnC attacks via crafted JavaScript code.

Vulnerable Configurations

Part Description Count
Application
W3
1

The Hacker News

idTHN:55DCE5151C7426765AA8AC26030C6B03
last seen2018-01-27
modified2017-02-16
published2017-02-16
reporterSwati Khandelwal
sourcehttps://thehackernews.com/2017/02/bypass-aslr-browser-javascript.html
titleA Simple JavaScript Exploit Bypasses ASLR Protection On 22 CPU Architectures