Meltdown and Spectre reveal Firefox passwords

Chris Burns - Jan 4, 2018, 1:29pm CST
Meltdown and Spectre reveal Firefox passwords

Firefox creator Mozilla confirmed Meltdown and Spectre flaws could be used to extract login info from users online. The chances of this happening to the average user are slim, but still most certainly significant. This adds to the already-massive set of devices and situations in which either Meltdown or Spectre could have effects on computer users.

Mozilla’s confirmation dealt with JavaScript files. With malicious intent, a webpage creator could potentially extract information from any visitor – just so long as their software and firmware weren’t updated and their hardware was made in… say… the past 20 years or so.

Mozilla software engineer Luke Wagner confirmed in the Mozilla Blog the following on Mozilla’s behalf: “Several recently-published research articles have demonstrated a new class of timing attacks (Meltdown and Spectre) that work on modern CPUs,” said Wagner. “Our internal experiments confirm that it is possible to use similar techniques from Web content to read private information between different origins.”

Wagner emphasized the timing aspects of Meltdown and Spectre, suggesting that Firefox would first mitigate the potential for attacks with timing elements specifically. “Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox.”

Lucky you, the vast majority of Firefox downloads in the past several years update automatically, by default. Just in case you’re one of the few that do not have a recent version of Firefox, there is a simple process to updating.

On the Menu Bar, tap the Firefox menu and tap About Firefox. Firefox should immediately begin checking for updates, downloading updates, and employing updates automatically. Once they’re installed, the About Firefox page should display a “Restart to update Firefox.” If no update is available, chances are you’re already set to go with what’s newest.

While you’re at it, make sure you’ve got the latest version of every web browser you have on your computer or mobile device. Every responsible set of developers in the world either has an update already or will have one imminently.


Must Read Bits & Bytes