Mozilla Foundation Security Advisory 2018-01

Speculative execution side-channel attack ("Spectre")

Announced
January 4, 2018
Reporter
Jann Horn (Google Project Zero); Microsoft Vunerability Research
Impact
High
Products
Firefox, Firefox ESR
Fixed in
  • Firefox 57.0.4
  • Firefox ESR 52.6

Description

Jann Horn of Google Project Zero Security reported that speculative execution performed by modern CPUs could leak information through a timing side-channel attack. Microsoft Vulnerability Research extended this attack to browser JavaScript engines and demonstrated that code on a malicious web page could read data from other web sites (violating the same-origin policy) or private data from the browser itself.

Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. The precision of performance.now() has been reduced from 5μs to 20μs, and the SharedArrayBuffer feature has been disabled because it can be used to construct a high-resolution timer.

SharedArrayBuffer is already disabled in Firefox 52 ESR.

References