Fuzzyfox[0] is an implementation of a research idea that severely
limits the data that can be extracted by timing side channels
exploited by untrusted JavaScript. It effectively provides a knob that
allows one to control the amount of data that can be extracted by
controlling the coarseness and fuzziness of the clock used by the
browser. In comparison to our existing clock fuzziness enabled now, it
operates in the context of the entire browser, rather than just the
explicit timers and clocks exposed to untrusted JavaScript - therefore
it also mitigates the data that can be extracted by constructed clocks
relying on e.g. web animations.

Unfortunately it does not address the fact that Shared Array Buffer
can be turned into a precise timer, it was written in the early days
of SAB and produces its results by disabling it.

We landed it two years ago[1], and had intended to explore it further
if needed for Spectre, as well as see if it could be used practically
to mitigate the multiple and various timing attacks that have been
demonstrated in browsers to steal user browser history,
cross-application user activity, cross-origin images or frame data,
etc etc.

We've never gotten to that examination, and it seems that we might
never; so in the interest of clarity and cleanliness it makes sense to
remove it.

Presently, if you enable privacy.fuzzyfox.enabled you will switch over
to Fuzzyfox mode. You will probably experience some jank and bowser
slowdown. Fuzzyfox affects the entire browser, and that does include
sleeping on the main thread[2] in certain circumstances. Had time been
available, the next steps would have been to get profiles of poor
browser behavior under Fuzzyfox, and try to understand why they were
occuring. (Setting privacy.fuzzyfox.clockgrainus too coarse would
cause expected slowness, but 250 ought to be a usable number, ideally

This work will be done in https://bugzilla.mozilla.org/show_bug.cgi?id=1666222


[1] https://bugzilla.mozilla.org/show_bug.cgi?id=fuzzyfox
dev-platform mailing list

Reply via email to