Pale Moon isn't vulnerable
Pale Moon already set the granularity for the performance timers sufficiently coarse in Oct 2016 when it became clear that this could be used to perform hardware-timing based attacks and fingerprinting.
Even so, we will be adding some additional defense-in-depth changes to the upcoming version 27.7 to be absolutely sure there is no further room for any of these sorts of hardware-timing based attacks in the future.
Basilisk has been updated
Basilisk has been updated with a release (2018.01.05) to mitigate these timing attacks.
It has been patched to make the performance timers sufficiently coarse to make them unusable for these kinds of attacks. This patch was already slated for Basilisk, but was now given high priority.
After updating Basilisk you should be fully protected from any potential exploits based on these CPU flaws. We'll continue to keep a close eye on developments in other browsers and update the developing platform as-necessary.
Pale Moon releases and site news
- Pale Moon guru
- Posts: 24176
- Joined: 2011-08-28, 17:27
- Location: 58°2'16"N 14°58'31"E
Last edited by Moonchild on 2018-01-05, 11:47, edited 1 time in total.