Rapid7 Vulnerability & Exploit Database

MFSA2018-01 Firefox: Speculative execution side-channel attack ("Spectre")

Back to Search

MFSA2018-01 Firefox: Speculative execution side-channel attack ("Spectre")

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
01/04/2018
Created
07/25/2018
Added
01/05/2018
Modified
07/04/2019

Description

Jann Horn of Google Project Zero Security reported that speculative execution performed by modern CPUs could leak information through a timing side-channel attack. Microsoft Vulnerability Research extended this attack to browser JavaScript engines and demonstrated that code on a malicious web page could read data from other web sites (violating the same-origin policy) or private data from the browser itself. Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. The precision of performance.now() has been reduced from 5μs to 20μs, and the SharedArrayBuffer feature has been disabled because it can be used to construct a high-resolution timer. This is also known as Spectre

Solution(s)

  • mozilla-firefox-esr-upgrade-52_6
  • mozilla-firefox-upgrade-57_0_4

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;