Off-Topic :
K-Meleon Web Browser Forum
Web Browser Spectre Check
https://xlab.tencent.com/special/spectre/spectre_check.html
https://www.ghacks.net/2018/01/11/find-out-if-your-browser-is-vulnerable-to-spectre-attacks/
Find out if your browser is vulnerable to Spectre attacks
by Martin Brinkmann on January 11, 2018 in Security
Web browsers are the main target for attacks targeting the recently disclosed Spectre vulnerability. For home systems, one could argue that web browsers are the major attack vector. Why? Because browsers connect to remote sites, and these sites may run JavaScript to exploit the vulnerability.
Some browser makers pushed out patches fast. Mozilla and Microsoft did for instance whereas Google and the whole Chromium-based group of browsers are not patched yet.
There are ways to mitigate the issue in Chrome and other Chromium-based browsers such as Opera or Vivaldi. To mitigate known attack forms, users or admins have to enable strict site isolation in the web browser to do so.
While you can check whether your Windows operating system is vulnerable, you could not check whether your web browser is patched or vulnerable up until now.
This uncertainty is a thing of the past however as Tencent’s XUANWU Lab released an online tester that checks whether web browsers are vulnerable to Spectre.
Visit the Lab’s website to get started. You find a “click to check†button at the top that you need to activate to run the test.
It does not take long to test browsers. Some checks complete almost right away while others take longer to complete and involve cache processing.
...
Edited 2 time(s). Last edit at 01/12/2018 08:08AM by callahan.
All K-Meleons are not vulnerable.
Firefox, Basilisk, IceWeasel and so on - ARE vulnerable.
TheWorld 7 and IE11 - NOT vulnerable
Thanks rodocop ... I did not know that for sure. If that was already posted somewhere I didn't see it.
My browsers tested OK but I posted this in the 'Off-Topic' location in case there are other browsers that people want to test.
...
I tested with Firefox ESR 52.5.3 and the test says that it's not vulnerable.
AFAIK Firefox 57 pushed some fixes, so it might come up clean in that test as well.
G-R-E-A-T to hear!
(I mean line-1. The second is not so great, but interesting)
(PS: did you test as old as KM1.5.4/1.6 too? Am hesitant to test myself with doors wide open)
Edited 1 time(s). Last edit at 01/12/2018 12:54PM by siria.
I cannot even run the test there on 1.6. Some modern script...
@siria
None of the FirefoxESR branch is affected by Spectre.
They simply lack the necessary (new) feature for being affected by Spectre.
Oh, very interesting! Thanks!
I kept reading that those new risks would affect just about all (Intel) CPUs as far back as 1995 (or such, IIRC)
And kept reading that ALL components absolutely "must" be fixed by firmware updates AND browser updates AND whatnot... (as usual)
But if already the first entry door, the browser, is safe, would the rest of the chain still matter?
And should all those highly scaring warning articles, instead of saying "Update everything to all newest stuff", rather say "...or downgrade to an older browser"?? :cool:
Or what they always "forget" to say since years, at each round of "scare-people-enough-to-get-new equipment-with-more-spytools-inside", add a little note "...or alternatively just block javascript" ??
It's not about Intel allone but Intel has the most severe design flaws and it's not for the first time!
Some of those "design flaws" look like deliberately placed backdoors.
Unfortunately, yes. At least, depending on what you are using your device for, how much sensitive data is stored on it, encryption keys, e.t.c.
Downgrade to an old browser, to old pre-1995 hardware & OS and what then?
To block JavaScript? Are you crazy?
The below image doesn't limit only to FaceBook but to a wide part of today's Internet and there are more than enough lemmings to follow.
"The most dangerous threat of the recent Spectre Attack(CVE-2017-5753ã€CVE-2017-5715) for individual users is attacking from web browser to steal your personal accounts and information, such as your emails, dropbox, etc.
This tool can detect whether your browser is vulnerable to Spectre Attack and can be easily exploited.
If the result is VULNERABLE, it is definitely true. However, if the result is NOT VULNERABLE, it doesn't mean your browser is absolutely not vulnerable because there might be other unknown attacking methods.
This tool is still in developing, stay tuned...
2018-01-08
Tencent's Xuanwu Lab"
¬_¬
New problems on the way...
"... A total of eight new vulnerabilities in Intel CPUs have been reported to several researcher teams to the manufacturer, which are currently still kept secret. All eight are essentially due to the same design problem that the "Meltdown and Specter for Dummies" section details - they are, so to speak, Specter Next Generation...":
https://translate.googleusercontent.com/translate_c?depth=1&hl=de&nv=1&rurl=translate.google.de&sl=de&sp=nmt4&tl=en&u=https://www.heise.de/ct/artikel/Super-GAU-fuer-Intel-Weitere-Spectre-Luecken-im-Anflug-4039134.html&xid=25657,15700002,15700021,15700122,15700124,15700149,15700168,15700186,15700189,15700201&usg=ALkJrhjYQiQOi5MFAzu-N8uaLAQMCgsMmg
https://borncity.com/win/2018/05/03/new-spectre-ng-vulnerabilities-in-intel-cpus/
Edited 2 time(s). Last edit at 05/03/2018 10:00AM by panzer.
and how does this topic follow? https://xlab.tencent.com/special/spectre/spectre_check.html still works?
All which isn't K-Meleon related.
Web Browser Spectre Check
Posted by:
callahan
Date: January 12, 2018 08:03AM
Web Browser Spectre Check
https://xlab.tencent.com/special/spectre/spectre_check.html
https://www.ghacks.net/2018/01/11/find-out-if-your-browser-is-vulnerable-to-spectre-attacks/
Find out if your browser is vulnerable to Spectre attacks
by Martin Brinkmann on January 11, 2018 in Security
Web browsers are the main target for attacks targeting the recently disclosed Spectre vulnerability. For home systems, one could argue that web browsers are the major attack vector. Why? Because browsers connect to remote sites, and these sites may run JavaScript to exploit the vulnerability.
Some browser makers pushed out patches fast. Mozilla and Microsoft did for instance whereas Google and the whole Chromium-based group of browsers are not patched yet.
There are ways to mitigate the issue in Chrome and other Chromium-based browsers such as Opera or Vivaldi. To mitigate known attack forms, users or admins have to enable strict site isolation in the web browser to do so.
While you can check whether your Windows operating system is vulnerable, you could not check whether your web browser is patched or vulnerable up until now.
This uncertainty is a thing of the past however as Tencent’s XUANWU Lab released an online tester that checks whether web browsers are vulnerable to Spectre.
Visit the Lab’s website to get started. You find a “click to check†button at the top that you need to activate to run the test.
It does not take long to test browsers. Some checks complete almost right away while others take longer to complete and involve cache processing.
...
Edited 2 time(s). Last edit at 01/12/2018 08:08AM by callahan.
Re: Web Browser Spectre Check
Posted by:
rodocop
Date: January 12, 2018 10:59AM
All K-Meleons are not vulnerable.
Firefox, Basilisk, IceWeasel and so on - ARE vulnerable.
TheWorld 7 and IE11 - NOT vulnerable
Re: Web Browser Spectre Check
Posted by:
callahan
Date: January 12, 2018 12:15PM
Thanks rodocop ... I did not know that for sure. If that was already posted somewhere I didn't see it.
My browsers tested OK but I posted this in the 'Off-Topic' location in case there are other browsers that people want to test.
...
Re: Web Browser Spectre Check
Posted by:
Yogi
Date: January 12, 2018 12:45PM
Quote
rodocop
Firefox, Basilisk, IceWeasel and so on - ARE vulnerable.
I tested with Firefox ESR 52.5.3 and the test says that it's not vulnerable.
AFAIK Firefox 57 pushed some fixes, so it might come up clean in that test as well.
Re: Web Browser Spectre Check
Posted by:
siria
Date: January 12, 2018 12:53PM
Quote
rodocop
All K-Meleons are not vulnerable.
Firefox, Basilisk, IceWeasel and so on - ARE vulnerable.
G-R-E-A-T to hear!
(I mean line-1. The second is not so great, but interesting)
(PS: did you test as old as KM1.5.4/1.6 too? Am hesitant to test myself with doors wide open)
Edited 1 time(s). Last edit at 01/12/2018 12:54PM by siria.
Re: Web Browser Spectre Check
Posted by:
rodocop
Date: January 12, 2018 01:02PM
I cannot even run the test there on 1.6. Some modern script...
Re: Web Browser Spectre Check
Posted by:
Yogi
Date: January 12, 2018 01:09PM
@siria
None of the FirefoxESR branch is affected by Spectre.
They simply lack the necessary (new) feature for being affected by Spectre.
Re: Web Browser Spectre Check
Posted by:
siria
Date: January 12, 2018 01:19PM
Oh, very interesting! Thanks!
I kept reading that those new risks would affect just about all (Intel) CPUs as far back as 1995 (or such, IIRC)
And kept reading that ALL components absolutely "must" be fixed by firmware updates AND browser updates AND whatnot... (as usual)
But if already the first entry door, the browser, is safe, would the rest of the chain still matter?
And should all those highly scaring warning articles, instead of saying "Update everything to all newest stuff", rather say "...or downgrade to an older browser"?? :cool:
Or what they always "forget" to say since years, at each round of "scare-people-enough-to-get-new equipment-with-more-spytools-inside", add a little note "...or alternatively just block javascript" ??
Re: Web Browser Spectre Check
Posted by:
Yogi
Date: January 12, 2018 02:22PM
Quote
siria
I kept reading that those new risks would affect just about all (Intel) CPUs as far back as 1995 (or such, IIRC)
It's not about Intel allone but Intel has the most severe design flaws and it's not for the first time!
Some of those "design flaws" look like deliberately placed backdoors.
Quote
siria
But if already the first entry door, the browser, is safe, would the rest of the chain still matter?
Unfortunately, yes. At least, depending on what you are using your device for, how much sensitive data is stored on it, encryption keys, e.t.c.
Quote
siria
And should all those highly scaring warning articles, instead of saying "Update everything to all newest stuff", rather say "...or downgrade to an older browser"?? :cool:
Downgrade to an old browser, to old pre-1995 hardware & OS and what then?
Quote
siria
Or what they always "forget" to say since years, at each round of "scare-people-enough-to-get-new equipment-with-more-spytools-inside", add a little note "...or alternatively just block javascript" ??
To block JavaScript? Are you crazy?
The below image doesn't limit only to FaceBook but to a wide part of today's Internet and there are more than enough lemmings to follow.
Re: Web Browser Spectre Check
Posted by:
J.G.
Date: January 12, 2018 02:45PM
"The most dangerous threat of the recent Spectre Attack(CVE-2017-5753ã€CVE-2017-5715) for individual users is attacking from web browser to steal your personal accounts and information, such as your emails, dropbox, etc.
This tool can detect whether your browser is vulnerable to Spectre Attack and can be easily exploited.
If the result is VULNERABLE, it is definitely true. However, if the result is NOT VULNERABLE, it doesn't mean your browser is absolutely not vulnerable because there might be other unknown attacking methods.
This tool is still in developing, stay tuned...
2018-01-08
Tencent's Xuanwu Lab"
¬_¬
Re: Web Browser Spectre Check
Posted by:
panzer
Date: May 03, 2018 08:32AM
New problems on the way...
"... A total of eight new vulnerabilities in Intel CPUs have been reported to several researcher teams to the manufacturer, which are currently still kept secret. All eight are essentially due to the same design problem that the "Meltdown and Specter for Dummies" section details - they are, so to speak, Specter Next Generation...":
https://translate.googleusercontent.com/translate_c?depth=1&hl=de&nv=1&rurl=translate.google.de&sl=de&sp=nmt4&tl=en&u=https://www.heise.de/ct/artikel/Super-GAU-fuer-Intel-Weitere-Spectre-Luecken-im-Anflug-4039134.html&xid=25657,15700002,15700021,15700122,15700124,15700149,15700168,15700186,15700189,15700201&usg=ALkJrhjYQiQOi5MFAzu-N8uaLAQMCgsMmg
https://borncity.com/win/2018/05/03/new-spectre-ng-vulnerabilities-in-intel-cpus/
Edited 2 time(s). Last edit at 05/03/2018 10:00AM by panzer.
Re: Web Browser Spectre Check
Posted by:
jo
Date: February 22, 2021 06:10PM
and how does this topic follow? https://xlab.tencent.com/special/spectre/spectre_check.html still works?
English