Jann Horn of Google Project Zero
Security reported that speculative execution performed
by modern CPUs could leak information through a timing
side-channel attack. Microsoft Vulnerability Research
extended this attack to browser JavaScript engines and
demonstrated that code on a malicious web page could
read data from other web sites (violating the
same-origin policy) or private data from the browser
itself.
Since this new class of attacks involves measuring
precise time intervals, as a parti al, short-term,
mitigation we are disabling or reducing the precision of
several time sources in Firefox. The precision of
performance.now() has been reduced from 5μs
to 20μs, and the SharedArrayBuffer feature
has been disabled because it can be used to construct a
high-resolution timer.