TL;DR: Firefox used to have a great extension mechanism based on the XUL and XPCOM. This mechanism served us well for a long time. However, it came at an ever-growing cost in terms of maintenance for both Firefox developers and add-on developers. On one side, this growing cost progressively killed any effort to make Firefox secure, fast or to try new things. On the other side, this growing cost progressively killed the community of add-on developers. Eventually, after spending years trying to protect this old add-on mechanism, Mozilla made the hard choice of removing this extension mechanism and replacing this with the less powerful but much more maintainable WebExtensions API. Thanks to this choice, Firefox developers can once again make the necessary changes to improve security, stability or speed.
During the past few days, I’ve been chatting with Firefox users, trying to separate fact from rumor regarding the consequences of the August 2020 Mozilla layoffs. One of the topi
Google: This Spectre proof-of-concept shows how dangerous these attacks can be
Google issues a new warning about Spectre attacks using JavaScript to leak data from one site to another.
March 15, 2021 11:27 GMT (04:27 PDT) | Topic: Security
Google has released a proof of concept (PoC) code to demonstrate the practicality of Spectre side-channel attacks against a browser s JavaScript engine to leak information from its memory.
Google in 2018 detailed two variants of Spectre, one of which – dubbed variant 1 (CVE-2017-5753) – concerned Javascript exploitation against browsers. Spectre targeted the process in modern CPUs called speculative execution to leak secrets such as passwords from one site to another malicious site.
Google engineer urges web devs to step up and secure their code in this data-spilling Spectre-haunted world theregister.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from theregister.com Daily Mail and Mail on Sunday newspapers.