Reply to post: Re: Ends-Means

Who wants dynamic dancing animations and code in their emails? Everyone! says Google

Michael Wojcik Silver badge

Re: Ends-Means

I was under the distinct impression that the timer resolution making those exploits possible has been not so much reduced but rather obliterated in Palemoon specifically, and that the other browsers also did more or less the same thing already.

There are many timing channels for Javascript. Eliminating them all is probably infeasible (without crippling Javascript, and users willing to do that are already blocking it). There's ample research on this, and I've posted a link to the best-known paper before, if you want to search for details.

I don't believe I've seen a Javascript Meltdown exploit. Meltdown is a subset of the Spectre class, but all the Javascript Spectre exploits I've seen have been reading unprivileged data.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019