Hacker News new | ask | show | jobs
by benol 2650 days ago
Considering the recent "Spectre is here to stay" paper [1], can anyone comment on whether Firefox should be considered secure until the work on process-per-site lands (I believe they are working on it)?

[1] https://arxiv.org/abs/1902.05178
2 comments
pcwalton 2650 days ago
We don't see Spectre vulnerabilities in the wild, and in any case Firefox has mitigations for it such as lowering timer resolution.

The ongoing Fission work is basically defense in depth against future potential Spectre-like vulnerabilities.

link
hannob 2650 days ago
> can anyone comment on whether Firefox should be considered secure until the work on process-per-site lands

No and Yes.

No, theoretically there could be spectre vulns. Practically we have seen zero spectre-based attacks in the wild. It's not a big deal.

link