Meltdown and Specter: Mozilla confirms that an attack based on JavaScript is possible
A few hours ago we knew the vulnerabilities of Specter and Meltdown, two worrying weaknesses in the processors that could leave our private information in the hands of an attacker.
Some companies have already reacted to this important design flaw, which affects both computers with Intel processors and those with AMD and ARM. Through an entry in his blog, Mozilla also wanted to make clear how this problem affects their products.
The entry is signed by Luke Wagner, an engineer of the company specializing in JavaScript and WebAssembly. He affirms that “according to his internal experiments they confirm that it is possible to use similar techniques from web content to read private information from different sources”.
“We are already working on a solution”
To reassure users of this browser, he adds that “they are investigating this type of attack, working with security experts to understand this threat and find solutions.”
We recall that this problem is rooted in the so-called “speculative execution”. To make processes run faster, the chip will “guess” what information the computer needs to perform the next function.
Wagner affirms that, “since these types of attacks are based on accurately measuring time intervals”, they have applied a series of corrections that could serve as a provisional patch. These types of measures are already available in Firefox 57.
This again reminds us that it is important to update all the software we use in our computers, and surely in the next few days we will see more patches that will seek to reduce the possible risks of these two vulnerabilities.