Reducing the accuracy of timers to mitigate Intel CPU flaw

[yereverluvinuncleber]

Question:

Browser developers such as firefox are reducing the accuracy of timing functions as precise timing is required to exploit the Intel CPU side exploit flaw, reduction in timer accuracy means that drive-by web based exploits would be harder to carry out using javascript on the web.

Are the PaleMoon developers planning on doing the same? It seems to me that it would be a positive marketing change to do so as well as a sensible security precaution?

If it isn't done then two issues arise: Firstly, Firefox devs could point out that they are the only people who can be trusted to secure the web from exploits in the wild and as a result all should use real firefox instead of forks...
Secondly, that in not doing the change that browsers such as Palemoon are in fact potential Trojan Horses.

I would strongly suggest the the PM devs look at what Firefox are doing to mitigate web-based drive-by exploits and see if it can replicated in PM if only for the sake of looking good in the browser community and to the world in general. I am not a developer of these things so I cannot suggest more. It just needed to be raised.

[dark_moon]

See viewtopic.php?f=4&t=17909 & viewtopic.php?f=5&t=17919

[yereverluvinuncleber]

Thanks for that, I wasn't aware of topic no.2 - Mitigate Speculative Side-Channel Attack Techniques

I'm glad I'm on-stream - I hope the importance of this change is acknowledged by the Devs and when we implement it we do so loud and clear and make a fanfare of it too. A minor patch just for this would seem a good thing.