Mozilla has rolled Firefox v57.0.4 update which comes with security fixes for recent meltdown and spectre bugs. These two bugs were reported by Google’s project zero team, and Google claimed it effected almost all Intel, AMD, ARM processors. Meltdown security flaw lets hacker to access user’s data stored in a computer by bypassing the hardware security barrier. Google has already issued security updates to fix the meltdown and spectre bug, but still updates need to be pushed into browsers to prevent attacks.
While Mozilla has announced, Firefox v57.0.4 has the ability to protect user’s data from Meltdown an spectre attacks. The browser is available to download for several platforms including windows, iOS desktop and android mobile. However, no such update has been issued by Mozilla for Firefox for iOS.
In a blog post, Mozilla software engineer Luke Wagner said,”Our internal experiments confirm that it is possible to use similar techniques from Web content to read private information between different origins. The full extent of this class of attack is still under investigation and we are working with security researchers and other browser vendors to fully understand the threat and fixes.”
“In the longer term, we have started experimenting with techniques to remove the information leak closer to the source, instead of just hiding the leak by disabling timers. This project requires time to understand, implement”, Luke also added.
As per Mozilla, the SharedArrayBuffer feature has been disabled by default as of now, which could be re-enabled in future as these feature provides important capabilities to the web platform.
Recently Apple has announced that iOS and Mac OS devices have also been affected, And apple will issue update for safari in the upcoming days to prevent devices against the meltdown and spectre attacks.