[kwlug-disc] Meltdown and Spectre, on Firefox
Khalid Baheyeldin
kb at 2bits.com
Mon Jan 8 11:28:25 EST 2018
One thing I noticed is that vulnerabilities just keep getting worse every
year.
We had Heartbleed in OpenSSL, and now we have the really scary Meltdown
(Intel) and Spectre (multiple).
Your browser can also be affected! Carefully crafted Javascript loaded from
a web site can be made to exploit some of these.
If you are running Firefox ESR, you are not "less at risk".
If you are running Firefox 57, you can disable a parameter, if you have not
applied the update that was pushed a few days ago.
https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
--
Khalid M. Baheyeldin
2bits.com, Inc.
Fast Reliable Drupal
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra
Simplicity is the ultimate sophistication. -- Leonardo da Vinci
For every complex problem, there is an answer that is clear, simple, and
wrong." -- H.L. Mencken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20180108/e5bb7a76/attachment.htm>
More information about the kwlug-disc
mailing list