Security researchers Yossef Oren, Vasileios P. Kemerlis, Simha Sethumadhavan, Angelos D. Keromytis of Columbia University's Network Security Lab reported a method of using the High Resolution Time API for side channel attacks. This attack uses JavaScript loaded through a hostile web page to track access to the last-level cache over a period of time as a user engages in other browser activity. This attack takes advantage of the performance.now() API's use of single nanosecond resolution for timing. Security researcher Amit Klein independently reported use of the performance.now() API on Windows systems to extract the Windows counter frequency as an avenue for side channel attacks. Both of these flaws allow for the disclosure of private information, user fingerprinting, and data leakage. They have been addressed by reducing the resolution of the performance.now()API to 5 microseconds to remove the precision in resolution available to attackers. The Windows counter frequency issue does not affect Linux or OS X systems. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2015-114/
Closed by mistake, opening again.
Acknowledgements: Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Yossef Oren, Vasileios P. Kemerlis, Simha Sethumadhavan, and Angelos D. Keromytis of Columbia University's Network Security Lab, and Amit Klein as the original reporters.
This issue was fixed in Firefox version 41.