MozillaZine

Why did ESR 52 not get a Meltdown / Spectre patch like Fx57?

User Help for Mozilla Firefox
c627627

User avatar
 
Posts: 562
Joined: April 3rd, 2005, 12:58 pm
Location: Kansas

Post Posted January 5th, 2018, 2:45 pm

Why did Fx ESR 52 not get a patch but Fx57 did?

Can you post on the way Meltdown and Spectre exploits operate, as far as getting sensitive information, specifically, if we close all web browsers and only open a single web page, banking web page for example, which we then completely close when finished, does that prevent speculative execution exploits? Does cleaner software which purges cookies etc. help/affect this exploit?
Open the pod bay doors, Cortana.

James
Moderator

User avatar
 
Posts: 27487
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted January 5th, 2018, 2:50 pm

https://www.mozilla.org/security/advisories/mfsa2018-01/

Fixed in Firefox 57.0.4, SharedArrayBuffer is already disabled in Firefox 52 ESR.

https://www.mozilla.org/firefox/57.0.4/releasenotes/

c627627

User avatar
 
Posts: 562
Joined: April 3rd, 2005, 12:58 pm
Location: Kansas

Post Posted January 5th, 2018, 2:56 pm

When we read the security advisory, it first states that "The precision of performance.now() has been reduced from 5μs to 20μs."
Does disabling SharedArrayBuffer make performance.now precision irrelevant?

In other words the advisory lists two things, only one of which is already disabled in Firefox 52 ESR.
Open the pod bay doors, Cortana.

Brummelchen
 
Posts: 4002
Joined: March 19th, 2005, 10:51 am

Post Posted January 5th, 2018, 4:41 pm

please lock because of
viewtopic.php?f=7&t=3037088

kukla
 
Posts: 842
Joined: December 30th, 2008, 3:59 pm

Post Posted January 6th, 2018, 10:37 am

Brummelchen wrote:please lock because of
viewtopic.php?f=7&t=3037088

It might be time for you to remember once again, that you are not a moderator here. There are quite capable moderators here, who can see just what you see. There may be some duplication, but that is not the end of the world. I for one would not like to see this thread locked, your opinion notwithstanding.

RobertJ
Moderator

User avatar
 
Posts: 10765
Joined: October 15th, 2003, 7:40 pm
Location: Chicago IL/Oconomowoc WI

Post Posted January 6th, 2018, 1:10 pm

.
kukla, you are at risk running Mac OS X 10.11 according to Apple. At this time only OS 10.13.2 has the fix.

.
FF 65.0.1 - FF 66b10 - FF 67a - TB 60.5 - Mac OSX 10.13.6
Computers I've used: IBM 7094/UNIVAC 1108/IBM 360/DEC PDP11/DEC VAX-11 780/DEC VAXstation 8000/Sun SPARCstation 2/Mac from 1984 to 2019

Brummelchen
 
Posts: 4002
Joined: March 19th, 2005, 10:51 am

Post Posted January 6th, 2018, 2:03 pm

@kukla - you got problems, really...mind your own business please.
people not using forum search dont have fortune.

kukla
 
Posts: 842
Joined: December 30th, 2008, 3:59 pm

Post Posted January 6th, 2018, 2:27 pm

Brummelchen wrote:....really...mind your own business please.

Best if you take your own advice.

RobertJ
Moderator

User avatar
 
Posts: 10765
Joined: October 15th, 2003, 7:40 pm
Location: Chicago IL/Oconomowoc WI

Post Posted January 6th, 2018, 2:33 pm

.
This is a support forum. Not a debating club.

.
FF 65.0.1 - FF 66b10 - FF 67a - TB 60.5 - Mac OSX 10.13.6
Computers I've used: IBM 7094/UNIVAC 1108/IBM 360/DEC PDP11/DEC VAX-11 780/DEC VAXstation 8000/Sun SPARCstation 2/Mac from 1984 to 2019

kukla
 
Posts: 842
Joined: December 30th, 2008, 3:59 pm

Post Posted January 6th, 2018, 2:35 pm

RobertJ wrote:.
kukla, you are at risk running Mac OS X 10.11 according to Apple. At this time only OS 10.13.2 has the fix.

.

Thanks, but not ready to upgrade to HSierra. Think it's too buggy still. Look what happened with root password, and who knows what else lurks to be discovered there. Apple seems to be getting sloppy. I never upgrade until all, or almost all, point releases are in the bag. Would think that there will be a security update for 10.12, or even El Cap, before long, at which time I will upgrade--have 10.12.6 completely ready to go on an external--just needs cloning over to the internal.

But Spectre-Meltdown, still only PoC. Nothing reported in the wild...yet. And 52esr not supposed to be wide open.

Anyway, running NoScript, which should protect to some extent. See

https://forums.informaction.com/viewtop ... =8&t=24391

RobertJ
Moderator

User avatar
 
Posts: 10765
Joined: October 15th, 2003, 7:40 pm
Location: Chicago IL/Oconomowoc WI

Post Posted January 6th, 2018, 3:04 pm

.
A bit off topic but running HSierra since its release and so has my wife. Solid as a rock and root password was a bug that only could be an issue with physical access to the machine and, fixed in days.

Cheers

.
FF 65.0.1 - FF 66b10 - FF 67a - TB 60.5 - Mac OSX 10.13.6
Computers I've used: IBM 7094/UNIVAC 1108/IBM 360/DEC PDP11/DEC VAX-11 780/DEC VAXstation 8000/Sun SPARCstation 2/Mac from 1984 to 2019

kukla
 
Posts: 842
Joined: December 30th, 2008, 3:59 pm

Post Posted January 6th, 2018, 3:25 pm

As always with any new OS, YMMV. Some users like you run the first release with zero problems, others may get hit hard.

RobertJ
Moderator

User avatar
 
Posts: 10765
Joined: October 15th, 2003, 7:40 pm
Location: Chicago IL/Oconomowoc WI

Post Posted January 6th, 2018, 3:35 pm

.
Last comment on this before a mod dings me :-"

I have two SSD's on my system. After a week or so monitoring the Apple forums and other Apple focused sites for issues I install the new OS on one of them while keeping the other SSD on the old OS. If all goes well for a couple of weeks I use CCC to update the second SSD.


.
FF 65.0.1 - FF 66b10 - FF 67a - TB 60.5 - Mac OSX 10.13.6
Computers I've used: IBM 7094/UNIVAC 1108/IBM 360/DEC PDP11/DEC VAX-11 780/DEC VAXstation 8000/Sun SPARCstation 2/Mac from 1984 to 2019

Return to Firefox Support


Who is online

Users browsing this forum: Google [Bot] and 9 guests