MozillaZine

Security flaws in Intel, AMD, ARM chips

Discuss various technical topics not related to Mozilla.

Virtual_ManPL

User avatar
 
Posts: 1923
Joined: July 24th, 2008, 5:52 am

Post Posted January 5th, 2018, 4:59 am

Fix for:
- Mozilla Firefox - 57.0.4
- Mozilla Firefox Mobile - 57.0.4
- Windows 7 Service Pack 1 - KB4056897 (Security-only update) or KB4056894 (Monthly Rollup) [with botnet aka diagnostics, telemetry and data gathering included]
- Windows 8.1 - KB4056898 (Security-only update)
- Windows 10 Version 1709 - KB4056892
- Windows 10 Version 1703 - KB4056891
- Windows 10 version 1607 - KB4056890
- Windows 10 Version 1511 - KB4056888
- Windows 10 LTSB - KB4056893
- Windows Server 2016 - KB4056890
- Windows Server 2012 R2 - KB4056898 (Security-only update)
- Windows Server 2012 - KB4056899 (Security-only update) or KB4056896 (Monthly Rollup)
- Windows Server 2008 R2 Service Pack 1 - KB4056897 (Security-only update) or KB4056894 (Monthly Rollup) [with botnet aka diagnostics, telemetry and data gathering included]
+ look for updated drivers and firmware

Chromium and Chrome aren't patched yet ](*,) [-X #-o [-(
Virtualfox persona

Are you ready for deprecation of XUL & XBL & XPCOM extensions? Not?! Try Firefox ESR

Mouse4
 
Posts: 69
Joined: December 27th, 2017, 4:03 am
Location: Australia

Post Posted January 5th, 2018, 1:53 pm

there is something you can turn on to secure Chrome. let me look again an i shall reply here but i believe it'll be on by default in 64 anyway

its called
Strict Site isolation look for that an enable it

https://www.neowin.net/news/google-chro ... -the-month

Virtual_ManPL

User avatar
 
Posts: 1923
Joined: July 24th, 2008, 5:52 am

Post Posted January 5th, 2018, 3:13 pm

Mouse4 wrote:there is something you can turn on to secure Chrome. let me look again an i shall reply here but i believe it'll be on by default in 64 anyway

its called
Strict Site isolation look for that an enable it

https://www.neowin.net/news/google-chro ... -the-month

I know, as it's in hyperlink I posted
Virtual_ManPL wrote:[...] Chrome aren't patched yet [...]
What's more, it's not enabled by default and it's only temporary measure, not full and complete mitigation.

Point is that Google won't be releasing ASAP patched version of Chrome 63.
Google will wait for next release cycle, so till Chrome 64, which will be released on 2018-01-23.
So looks like the security is not Google priority. ](*,) [-X #-o [-(
Virtualfox persona

Are you ready for deprecation of XUL & XBL & XPCOM extensions? Not?! Try Firefox ESR

James
Moderator

User avatar
 
Posts: 27206
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted January 5th, 2018, 3:24 pm

AMD CPUs are safe against the current version of Meltdown, which focuses primarily on Intel’s architecture.

Depending on how the final patched for the Intel CPU kernel bug vulnerability are implemented the AMD CPU's may still suffer a performance hit as collateral damage. It was requested for Linux kernel to make an exception for AMD cpu's since they are not vulnerable to current meltdown.

Mouse4
 
Posts: 69
Joined: December 27th, 2017, 4:03 am
Location: Australia

Post Posted January 7th, 2018, 5:08 pm

Linux creator Linus Torvalds has harsh words for Intel over chip design https://www.neowin.net/news/linux-creat ... hip-design

morat
 
Posts: 2565
Joined: February 3rd, 2009, 6:29 pm

Post Posted January 9th, 2018, 7:32 pm

Bruce Schneier comments on Spectre and Meltdown
http://www.schneier.com/blog/archives/2 ... mel_1.html

Grumpus

User avatar
 
Posts: 11748
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Post Posted January 11th, 2018, 1:06 pm


Mouse4
 
Posts: 69
Joined: December 27th, 2017, 4:03 am
Location: Australia

Post Posted January 25th, 2018, 2:50 pm


Return to MozillaZine Tech


Who is online

Users browsing this forum: No registered users and 1 guest