Firefox Quantum has been updated to address Meltdown and Spectre timing attacks
Firefox Quantum has been updated to address Meltdown and Spectre timing attacks
The solution is fairly simple; software needs to be updated to address many of the potential issues that both Spectre and Meltdown can exploit, making changes that will help to prevent information leaks. With Firefox 57.0.4, Mozilla has disabled their SharedArrayBuffer and decreased the resolution of several time sources within Firefox Quantum, making the browser more secure by disabling timers and making others a lot less precise.
Over time Mozilla plans to implement more permanent solutions to the problems posed by Spectre and Meltdown with future updates. These concerns will be something that software creators will have to consider for quite some time, at least until solutions to the problem are available at a hardware level.
Google is currently working on a similar update for their Chrome browser, though at the time of writing this update is not available to download.
You can join the discussion on Firefox Quantum’s latest security update on the OC3D Forums.