Re: Spectre exploit

2018-01-14 Thread Mason83
On 12/01/2018 22:38, Mark wrote: > Don't the OS kernel / BIOS / CPU updates just mitigate against Meltdown, > preventing applications (executing in ring3) from inferring content of > kernel memory (in ring0)? AFAIU, the kernel work-around for Meltdown is /not/ mapping the kernel inside an

Re: Spectre exploit

2018-01-13 Thread Lee
On 1/12/18, mozilla-lists.mbou...@spamgourmet.com wrote: > Lee wrote: >> I've got a dell, so I started here: >>

Re: Spectre exploit

2018-01-12 Thread mozilla-lists . mbourne
Lee wrote: I've got a dell, so I started here: https://www.dell.com/support/article/us/en/19/sln308587/microprocessor-side-channel-vulnerabilities--cve-2017-5715--cve-2017-5753--cve-2017-5754---impact-on-dell-products?lang=en Apply the update, do the powershell bit: PS

Re: Spectre exploit

2018-01-10 Thread Ray_Net
avascript until browser company comes out with patch for vulnerable Javascript." So, will SM issue a patch against the Spectre exploit ? Mozilla needs to come up with a patch first. What they have now only blocks the obvious timing attack methods. SeaMonkey 2.49.1 is based on Firefo

Re: Spectre exploit

2018-01-10 Thread Lee
Block Origin or whatever other addon combo >>>>>>>>>> that allows javascript from only whitelisted sites. >>>>>>>>>> >>>>>>>>>> On 1/7/18, Ray_Net <tbrraymond.schmit...@tbrscarlet.be> wro

Re: Spectre exploit

2018-01-09 Thread Ray_Net
m only whitelisted sites. On 1/7/18, Ray_Net <tbrraymond.schmit...@tbrscarlet.be> wrote: WaltS48 wrote on 06-01-18 18:05: On 1/6/18 2:36 AM, Ray_Net wrote: I have read: "Disable Javascript until browser company comes out with patch for vulnerable Javascript." So, will SM i

Re: Spectre exploit

2018-01-09 Thread Lee
On 1/7/18, Ray_Net <tbrraymond.schmit...@tbrscarlet.be> wrote: >>>>>>>>> WaltS48 wrote on 06-01-18 18:05: >>>>>>>>>> On 1/6/18 2:36 AM, Ray_Net wrote: >>>>>>>>>>> I have read: >>

Re: Spectre exploit

2018-01-09 Thread Ray_Net
wrote on 06-01-18 18:05: On 1/6/18 2:36 AM, Ray_Net wrote: I have read: "Disable Javascript until browser company comes out with patch for vulnerable Javascript." So, will SM issue a patch against the Spectre exploit ? Mozilla needs to come up with a patch first. What they have

Re: Spectre exploit

2018-01-09 Thread Lee
only whitelisted sites. >>>>>> >>>>>> On 1/7/18, Ray_Net <tbrraymond.schmit...@tbrscarlet.be> wrote: >>>>>>> WaltS48 wrote on 06-01-18 18:05: >>>>>>>> On 1/6/18 2:36 AM, Ray_Net wrote: >>>&

Re: Spectre exploit

2018-01-08 Thread Ray_Net
t until browser company comes out with patch for vulnerable Javascript." So, will SM issue a patch against the Spectre exploit ? Mozilla needs to come up with a patch first. What they have now only blocks the obvious timing attack methods. SeaMonkey 2.49.1 is based on Firefox 52 ESR code

Re: Spectre exploit

2018-01-08 Thread Lee
wrote on 06-01-18 18:05: >>>>>> On 1/6/18 2:36 AM, Ray_Net wrote: >>>>>>> I have read: >>>>>>> >>>>>>> "Disable Javascript until browser company comes out with patch for >>>>>>>

Re: Spectre exploit

2018-01-08 Thread Ray_Net
issue a patch against the Spectre exploit ? Mozilla needs to come up with a patch first. What they have now only blocks the obvious timing attack methods. SeaMonkey 2.49.1 is based on Firefox 52 ESR code, and Firefox 52 ESR doesn't have SharedBufferArray enabled. || ||SharedArrayBuffer| is already disa

Re: Spectre exploit

2018-01-07 Thread Lee
avascript until browser company comes out with patch for >>>>> vulnerable Javascript." >>>>> >>>>> So, will SM issue a patch against the Spectre exploit ? >> Mozilla needs to come up with a patch first. What they have no

Re: Spectre exploit

2018-01-07 Thread Mason83
;> >> On 1/7/18, Ray_Net <tbrraymond.schmit...@tbrscarlet.be> wrote: >>> WaltS48 wrote on 06-01-18 18:05: >>>> On 1/6/18 2:36 AM, Ray_Net wrote: >>>>> I have read: >>>>> >>>>> "Disable Javascript until browser company co

Re: Spectre exploit

2018-01-07 Thread Ray_Net
wrote on 06-01-18 18:05: On 1/6/18 2:36 AM, Ray_Net wrote: I have read: "Disable Javascript until browser company comes out with patch for vulnerable Javascript." So, will SM issue a patch against the Spectre exploit ? Mozilla needs to come up with a patch first. What they have

Re: Spectre exploit

2018-01-07 Thread Lee
>> On 1/6/18 2:36 AM, Ray_Net wrote: >>> I have read: >>> >>> "Disable Javascript until browser company comes out with patch for >>> vulnerable Javascript." >>> >>> So, will SM issue a patch against the Spectre exploit ? Mozilla n

Re: Spectre exploit

2018-01-07 Thread David E. Ross
On 1/7/2018 2:48 AM, Ray_Net wrote: > WaltS48 wrote on 06-01-18 18:05: >> On 1/6/18 2:36 AM, Ray_Net wrote: >>> I have read: >>> >>> "Disable Javascript until browser company comes out with patch for >>> vulnerable Javascript." >>&g

Re: Spectre exploit

2018-01-07 Thread WaltS48
On 1/7/18 5:48 AM, Ray_Net wrote: WaltS48 wrote on 06-01-18 18:05: On 1/6/18 2:36 AM, Ray_Net wrote: I have read: "Disable Javascript until browser company comes out with patch for vulnerable Javascript." So, will SM issue a patch against the Spectre exploit ? SeaMonkey 2.49.

Re: Spectre exploit

2018-01-07 Thread Ray_Net
WaltS48 wrote on 06-01-18 18:05: On 1/6/18 2:36 AM, Ray_Net wrote: I have read: "Disable Javascript until browser company comes out with patch for vulnerable Javascript." So, will SM issue a patch against the Spectre exploit ? SeaMonkey 2.49.1 is based on Firefox 52 ESR code, a

Re: Spectre exploit

2018-01-06 Thread WaltS48
ing more control. Is anyone using something else to selectively allow javascript? So, will SM issue a patch against the Spectre exploit ? SeaMonkey 2.49.1 is based on Firefox 52 ESR code, and Firefox 52 ESR doesn't have SharedBufferArray enabled. || ||SharedArrayBuffer| is already disabled i

Re: Spectre exploit

2018-01-06 Thread Lee
ll as giving more control. Is anyone using something else to selectively allow javascript? >> So, will SM issue a patch against the Spectre exploit ? > > SeaMonkey 2.49.1 is based on Firefox 52 ESR code, and Firefox 52 ESR > doesn't have SharedBufferArray enabled. > || > ||Share

Re: Spectre exploit

2018-01-06 Thread Paul B. Gallagher
WaltS48 wrote: On 1/6/18 2:36 AM, Ray_Net wrote: I have read: "Disable Javascript until browser company comes out with patch for vulnerable Javascript." So, will SM issue a patch against the Spectre exploit ? SeaMonkey 2.49.1 is based on Firefox 52 ESR code, and Firefox 52 ES

Re: Spectre exploit

2018-01-06 Thread WaltS48
On 1/6/18 2:36 AM, Ray_Net wrote: I have read: "Disable Javascript until browser company comes out with patch for vulnerable Javascript." So, will SM issue a patch against the Spectre exploit ? SeaMonkey 2.49.1 is based on Firefox 52 ESR code, and Firefox 52 ESR do

Spectre exploit

2018-01-05 Thread Ray_Net
I have read: "Disable Javascript until browser company comes out with patch for vulnerable Javascript." So, will SM issue a patch against the Spectre exploit ? ___ support-seamonkey mailing list support-seamonkey@lists.mozilla