If it's the one I'm thinking about, it was about malicious actors exploiting high-precision clocks to get access to another (and unrelated to the browser) exploit.Keirnoth wrote: ↑2021-04-02, 20:29If you want an example of why you should use Pale Moon as your daily driver - I vaguely remember that that there was a huge security exploit that affected FF, Chrome, and what was then Internet Explorer, but PM was already hardened against it because of their proactive dev cycle. I'm trying to remember what the exploit is but I believe it was in the news either last year or the year before then and I remember going directly to the PM frontpage to see an announcement about it and the devs proudly stating that they already took care of it a long time ago.
At the time when this usage of the clocks was discovered, Pale Moon (because if I remember correctly, UXP was still to be released, but don't quote me on that) had its high-precision clocks made less fine-grained, so that they could still provide the requested details compared to normal clocks, but they were not so precise as to allow for the exploit to take place (as timing-based attacks rely on nanoseconds and it can take very little to stop them.)
But that was the most famous: there were a few others in which other browsers ended up removing features or hard-code some value (instead of allowing a configuration flag), while Pale Moon (or UXP in general) just carried on unaffected as it was already protected, either from defenses being added already, or because the exploit simply relied on behaviours that the application doesn't have.
