Mozilla has just released an updated version of Firefox browser that includes fixes for the Meltdown and Spectre bugs discovered in Intel, AMD, and ARM processors.
The new version is Firefox 57.0.4 and it doesn’t include any other change, as Mozilla prioritized patches for the two vulnerabilities in this release.
Just like Microsoft, who rolled out updates yesterday to mitigate web-based attacks launched through the browser, Mozilla implemented two different changes in the new Firefox version in order to deal with the two security flaws.
Security changes made in Firefox 57.0.4
First and foremost, the company says Firefox 57.0.4 reduces the precision of several time sources in the browser in order to minimize the likelihood of successful attacks against its users. This means performance.now() has been reduced from 5μs to 20μs, while the SharedArrayBuffer feature is now disabled by default in the application. The same changes were made in Microsoft Edge as well.
“Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. This includes both explicit sources, like performance.now(), and implicit sources that allow building high-resolution timers, viz., SharedArrayBuffer,” Mozilla explains.
The software developing firm says at some point in the future SharedArrayBuffer could be re-enabled, as its teams are currently looking into other ways to mitigate the two vulnerabilities.
“In the longer term, we have started experimenting with techniques to remove the information leak closer to the source, instead of just hiding the leak by disabling timers. This project requires time to understand, implement and test, but might allow us to consider reenabling SharedArrayBuffer and the other high-resolution timers as these features provide important capabilities to the Web platform,” it says.
As for the overly-discussed performance impact these patches might have, April King, Mozilla’s head of website security, said in a tweet that this should be minor, “although the operating system upgrades will have mixed effects depending upon your workload.”
As it’s the case with the other updates for Meltdown and Spectre vulnerabilities, users are recommended to install this new version as soon as possible to remain protected. You can download Firefox 57.0.4 for Windows, Linux, Mac, and Android from Softpedia using these links.