Why did ESR 52 not get a Meltdown / Spectre patch like Fx57?
- c627627
- Posts: 642
- Joined: April 3rd, 2005, 12:58 pm
- Location: Kansas City, Missouri
- Contact:
Why did ESR 52 not get a Meltdown / Spectre patch like Fx57?
Why did Fx ESR 52 not get a patch but Fx57 did?
Can you post on the way Meltdown and Spectre exploits operate, as far as getting sensitive information, specifically, if we close all web browsers and only open a single web page, banking web page for example, which we then completely close when finished, does that prevent speculative execution exploits? Does cleaner software which purges cookies etc. help/affect this exploit?
Can you post on the way Meltdown and Spectre exploits operate, as far as getting sensitive information, specifically, if we close all web browsers and only open a single web page, banking web page for example, which we then completely close when finished, does that prevent speculative execution exploits? Does cleaner software which purges cookies etc. help/affect this exploit?
Open the pod bay doors, Cortana.
- James
- Moderator
- Posts: 28004
- Joined: June 18th, 2003, 3:07 pm
- Location: Made in Canada
Re: Why did ESR 52 not get a Meltdown / Spectre patch like F
https://www.mozilla.org/security/adviso ... sa2018-01/
Fixed in Firefox 57.0.4, SharedArrayBuffer is already disabled in Firefox 52 ESR.
https://www.mozilla.org/firefox/57.0.4/releasenotes/
Fixed in Firefox 57.0.4, SharedArrayBuffer is already disabled in Firefox 52 ESR.
https://www.mozilla.org/firefox/57.0.4/releasenotes/
- c627627
- Posts: 642
- Joined: April 3rd, 2005, 12:58 pm
- Location: Kansas City, Missouri
- Contact:
Re: Why did ESR 52 not get a Meltdown / Spectre patch like F
When we read the security advisory, it first states that "The precision of performance.now() has been reduced from 5μs to 20μs."
Does disabling SharedArrayBuffer make performance.now precision irrelevant?
In other words the advisory lists two things, only one of which is already disabled in Firefox 52 ESR.
Does disabling SharedArrayBuffer make performance.now precision irrelevant?
In other words the advisory lists two things, only one of which is already disabled in Firefox 52 ESR.
Open the pod bay doors, Cortana.
-
- Posts: 4480
- Joined: March 19th, 2005, 10:51 am
-
- Posts: 968
- Joined: December 30th, 2008, 3:59 pm
Re: Why did ESR 52 not get a Meltdown / Spectre patch like F
It might be time for you to remember once again, that you are not a moderator here. There are quite capable moderators here, who can see just what you see. There may be some duplication, but that is not the end of the world. I for one would not like to see this thread locked, your opinion notwithstanding.Brummelchen wrote:please lock because of
http://forums.mozillazine.org/viewtopic ... &t=3037088
- RobertJ
- Moderator
- Posts: 10880
- Joined: October 15th, 2003, 7:40 pm
- Location: Chicago IL/Oconomowoc WI
Re: Why did ESR 52 not get a Meltdown / Spectre patch like F
.
kukla, you are at risk running Mac OS X 10.11 according to Apple. At this time only OS 10.13.2 has the fix.
.
kukla, you are at risk running Mac OS X 10.11 according to Apple. At this time only OS 10.13.2 has the fix.
.
FF 92.0 - TB 78.13 - Mac OSX 10.13.6
-
- Posts: 4480
- Joined: March 19th, 2005, 10:51 am
Re: Why did ESR 52 not get a Meltdown / Spectre patch like F
@kukla - you got problems, really...mind your own business please.
people not using forum search dont have fortune.
people not using forum search dont have fortune.
-
- Posts: 968
- Joined: December 30th, 2008, 3:59 pm
Re: Why did ESR 52 not get a Meltdown / Spectre patch like F
Best if you take your own advice.Brummelchen wrote:....really...mind your own business please.
- RobertJ
- Moderator
- Posts: 10880
- Joined: October 15th, 2003, 7:40 pm
- Location: Chicago IL/Oconomowoc WI
Re: Why did ESR 52 not get a Meltdown / Spectre patch like F
.
This is a support forum. Not a debating club.
.
This is a support forum. Not a debating club.
.
FF 92.0 - TB 78.13 - Mac OSX 10.13.6
-
- Posts: 968
- Joined: December 30th, 2008, 3:59 pm
Re: Why did ESR 52 not get a Meltdown / Spectre patch like F
Thanks, but not ready to upgrade to HSierra. Think it's too buggy still. Look what happened with root password, and who knows what else lurks to be discovered there. Apple seems to be getting sloppy. I never upgrade until all, or almost all, point releases are in the bag. Would think that there will be a security update for 10.12, or even El Cap, before long, at which time I will upgrade--have 10.12.6 completely ready to go on an external--just needs cloning over to the internal.RobertJ wrote:.
kukla, you are at risk running Mac OS X 10.11 according to Apple. At this time only OS 10.13.2 has the fix.
.
But Spectre-Meltdown, still only PoC. Nothing reported in the wild...yet. And 52esr not supposed to be wide open.
Anyway, running NoScript, which should protect to some extent. See
https://forums.informaction.com/viewtop ... =8&t=24391
- RobertJ
- Moderator
- Posts: 10880
- Joined: October 15th, 2003, 7:40 pm
- Location: Chicago IL/Oconomowoc WI
Re: Why did ESR 52 not get a Meltdown / Spectre patch like F
.
A bit off topic but running HSierra since its release and so has my wife. Solid as a rock and root password was a bug that only could be an issue with physical access to the machine and, fixed in days.
Cheers
.
A bit off topic but running HSierra since its release and so has my wife. Solid as a rock and root password was a bug that only could be an issue with physical access to the machine and, fixed in days.
Cheers
.
FF 92.0 - TB 78.13 - Mac OSX 10.13.6
-
- Posts: 968
- Joined: December 30th, 2008, 3:59 pm
Re: Why did ESR 52 not get a Meltdown / Spectre patch like F
As always with any new OS, YMMV. Some users like you run the first release with zero problems, others may get hit hard.
- RobertJ
- Moderator
- Posts: 10880
- Joined: October 15th, 2003, 7:40 pm
- Location: Chicago IL/Oconomowoc WI
Re: Why did ESR 52 not get a Meltdown / Spectre patch like F
.
Last comment on this before a mod dings me
I have two SSD's on my system. After a week or so monitoring the Apple forums and other Apple focused sites for issues I install the new OS on one of them while keeping the other SSD on the old OS. If all goes well for a couple of weeks I use CCC to update the second SSD.
.
Last comment on this before a mod dings me
I have two SSD's on my system. After a week or so monitoring the Apple forums and other Apple focused sites for issues I install the new OS on one of them while keeping the other SSD on the old OS. If all goes well for a couple of weeks I use CCC to update the second SSD.
.
FF 92.0 - TB 78.13 - Mac OSX 10.13.6