Spring (Spectre Returning) shows that by reverse engineering details of the return stack buffer on certain Intel microprocessors and some new tricks for bypassing modern timer mitigations in the browser, we could re-enable Spectre-RSB attacks in the browser. Our efforts have led to a bug bounty by Mozilla and a patch that is deployed in the latest versions of the Firefox browser.

More information

Spring is published at the Workshop On Offensive Technologies (WOOT’22) co-located with IEEE S&P’22. You can read the paper if you like to know more.