Endpoint Vulnerability

Information disclosure via the High Resolution Time API

Description

Security researchers Yossef Oren, Vasileios P. Kemerlis, Simha Sethumadhavan, Angelos D. Keromytis of Columbia University's Network Security Lab reported a method of using the High Resolution Time API for side channel attacks. This attack uses JavaScript loaded through a hostile web page to track access to the last-level cache over a period of time as a user engages in other browser activity. This attack takes advantage of the performance.now() API's use of single nanosecond resolution for timing.

Affected Products

SeaMonkey

References

,