Closed Bug 1131288 Opened 10 years ago Closed 4 years ago

Pixelstealing and history-stealing through floating-point timing side channel.

Categories

(Core :: Security, defect)

27 Branch
x86_64
All
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: dkohlbre, Unassigned)

Details

(Keywords: sec-other, Whiteboard: [pixel-stealing])

See section 3 of attached paper. (This paper has been accepted to IEEE S&P 2015, but has not yet been published; please do not distribute)

Our PoC demonstrates the attack only on CSS transforms using the CPU, not the GPU. Thus it affects versions 24-27 of Firefox on both x86 and x86-64 on all operating systems.
Exciting work. Thanks for sharing ahead of time. roc, you should check this out.
Product: Firefox → Core
Whiteboard: Unpublished research, do not redistribute
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: sec-other
Group: core-security → dom-core-security
Whiteboard: Unpublished research, do not redistribute → Unpublished research, do not redistribute [pixel-stealing]

I'm marking the prelim version of the paper private, but otherwise opening this up as the paper is now public: https://cseweb.ucsd.edu/~dkohlbre/papers/subnormal.pdf

Group: dom-core-security
Whiteboard: Unpublished research, do not redistribute [pixel-stealing] → [pixel-stealing]

Fixed in Bug 1632765

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.