News: 0000826623

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Safely reviving shared memory (Mozilla Hacks)

([Development] Jul 21, 2020 17:03 UTC (Tue) (corbet))


The Mozilla Hacks blog [1]covers some recent Firefox changes that will allow code from web sites to use shared memory and high-resolution timers in a (hopefully) safe manner. " Together with others in the WHATWG community, we designed a set of headers that meet these requirements. The Cross-Origin-Opener-Policy header allows you to process-isolate yourself from attackers. It also has the desirable effect that attackers cannot have access to your global object if they were to open you in a popup. This prevents XS-Leaks and various navigation attacks. Adopt this header even if you have no intention of using shared memory! "



[1] https://hacks.mozilla.org/2020/07/safely-reviving-shared-memory/

Everything you've learned in school as "obvious" becomes less and less
obvious as you begin to study the universe. For example, there are no
solids in the universe. There's not even a suggestion of a solid.
There are no absolute continuums. There are no surfaces. There are no
straight lines.
-- R. Buckminster Fuller