In short: security researchers found flaws in processors that attackers can use to read data in memory that they should not have access to.
The patching requires updates to firmware, operating systems and even other programs such as browsers.
Microsoft released out of band security updates for Windows to address the issue and Mozilla released a patch for Firefox that mitigated it as well.
Waterfox 56.0.2 incorporates the same patch that Mozilla released. Spectre, Speculative execution side-channel attack, relies on exact timing to function. Mozilla reduced the precision of some of the time sources that Firefox uses to mitigate the issue.
Tip: The following articles may also be of interest to you:
Waterfox includes the December 7, 2017 security patches for Firefox as well according to the changelog.
Waterfox 56.0.2 includes changes and bug fixes as well. The biggest change in the new browser version impacts multi-process Firefox (e10s, Electrolysis). Waterfox will disable e10s automatically if add-ons are installed in the browser that are not marked as compatible with the multi-process architecture.
It is unfortunately difficult to find out which of the installed add-ons are not multi-process compatible.
Here is what you need to do:
The remaining changes in Waterfox 56.0.2
Waterfox users should update the web browser asap to the new version to protect the browser and their data against exploits. You can run a check for updates with a click on Menu > Questionmark > About Waterfox. The browser runs a check for updates when you open the about window. The new version is available for all supported desktop operating systems on the website as well.
If you like our content, and would like to help, please consider making a contribution: