On 1/6/18, WaltS48 <walt...@removecomcast.net> wrote: > On 1/6/18 2:36 AM, Ray_Net wrote: >> I have read: >> >> "Disable Javascript until browser company comes out with patch for >> vulnerable Javascript."
Disabling javascript is a good idea regardless. The problem with disabling javascript is that a large number of sites are broken without javascript, so you need an addon that can selectively enable javascript. Noscript is the best known addon for that (noscript + requestpolicy continued is even better), uMatrix seems easier to use as well as giving more control. Is anyone using something else to selectively allow javascript? >> So, will SM issue a patch against the Spectre exploit ? > > SeaMonkey 2.49.1 is based on Firefox 52 ESR code, and Firefox 52 ESR > doesn't have SharedBufferArray enabled. > || > ||SharedArrayBuffer| is already disabled in Firefox 52 ESR. > || > |REF: https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/ "Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. The precision of performance.now() has been reduced from 5μs to 20μs, and the SharedArrayBuffer feature has been disabled because it can be used to construct a high-resolution timer." But SeaMonkey 2.49.1 does have the high resolution performance.now() timer - correct? And the FF "partial, short-term, mitigation" seems to be pretty partial - see https://gruss.cc/files/fantastictimers.pdf Regards, Lee _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
