I only heard about a newly found security risk to spy on IFRAME content; Firefox and Chrome are known to be vulnerable.
Evonide Security Research: Side-channel attacking browsers through CSS3 features
Not to cause panic, just to have it mentioned. Maybe you can imagine a strategy in case your render engine is affected too.
The description sounds like it depends delicately on timings in transparency calculations.
New side channel attack via CSS3 feature "mix-blend-mode"
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
-
- Fanatic
- Posts: 122
- Joined: 2013-02-22, 19:08
- Location: rural central Germany
New side channel attack via CSS3 feature "mix-blend-mode"
Last edited by LigH1L on 2018-05-31, 19:59, edited 2 times in total.
Fun and success!
-
- Lunatic
- Posts: 369
- Joined: 2015-07-28, 11:10
- Location: Earth
Re: New side channel attack via CSS3 feature "mix-blend-mode"
no SmartName? no dedicated site? meh, that's not how it is done these days!
-
- Pale Moon guru
- Posts: 35647
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: New side channel attack via CSS3 feature "mix-blend-mode"
As far as I've seen, none of these pixel stealing attacks work on Pale Moon, and "just in case" some DiD measures were put in place months ago. Combine that with a cautious approach to performance timers and it's at most impractical, but more likely just never works.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
- Fanatic
- Posts: 122
- Joined: 2013-02-22, 19:08
- Location: rural central Germany
Re: New side channel attack via CSS3 feature "mix-blend-mode"
I hoped to hear that. Thank you.
Fun and success!