Meltdown, Spectre Patches in Firefox Release

Monday, January 8, 2018 @ 03:01 PM gHale

Mozilla released an updated Firefox browser that includes fixes for the most recent Meltdown and Spectre bugs discovered in Intel, AMD, and ARM processors.

Firefox 57.0.4 doesn’t include any other change, as Mozilla prioritized patches for the two vulnerabilities in this release.

RELATED STORIES
Chrome Release Offers Site Isolation
Anonymity Becomes Visible in Tor Browser
Firefox to Block Browser Fingerprinting
Chrome Extension can ‘Catch All’

Just like Microsoft, which released updates to mitigate web-based attacks launched through the browser, Mozilla implemented two different changes in the new Firefox version.

Mozilla said Firefox 57.0.4 reduces the precision of several time sources in the browser in order to minimize the likelihood of successful attacks. This means performance.now() has been reduced from 5μs to 20μs, while the SharedArrayBuffer feature is now disabled by default in the application. The same changes were made in Microsoft Edge as well.

“Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. This includes both explicit sources, like performance.now(), and implicit sources that allow building high-resolution timers, viz., SharedArrayBuffer,” Mozilla said.

At some point in the future SharedArrayBuffer could be re-enabled, as its teams are currently looking into other ways to mitigate the two vulnerabilities.



Leave a Reply

You must be logged in to post a comment.