On Fri, 15 May 2020 17:32:10 +0530 Sreyan Chakravarty <sreyan32@xxxxxxxxx> wrote: > On 5/15/20 1:32 AM, stan via users wrote: > > After posting, I vaguely recalled that there was a javascript > > implementation of the sample exploit code. > > Now this is really scary. > > This makes it a potential web attack. I can't obviously live like a > hermit and visit only sites that have no javascript in it, can I ? > Because the attack is so sophisticated, it depends on very precise timing. I *think* I read that firefox, at least, changed their javascript so the timing accuracy was too fuzzy for the attack to work. This would only have required changing accuracy to millisecond (or tenths (hundredths?) of millisecond) timing rather than nanosecond timing. Also, firefox has sandboxing on javascript plugins. So, if the javascript is restricted from sending anything over the web, it would be impotent because it would have no way of communicating its results. Plugins also only get access to the components they need to perform their function, so might not have access to the necessary system calls to allow the attack. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
