I continue to wonder whether this can be legal at all. It's pretty clear they've been looking at the disassembled code, so it's not clean-room reverse-engineered.
There are some instructions that are not privileged but may leak information about the host environment to the VM. Such instructions are referred to as sensitive instructions. To prevent sensitive instructions from being misused inside the VM, they are emulated.
Another explanation is that some older x86 processors may not have full hardware virtualization support, so Xen emulates the instructions to support a wider number of host configurations.
The x86 instruction set wasn't designed with hardware virtualisation in mind. Some of its instructions are defined to leak state from higher privileged levels into lower privileged levels. As hypervisor Xen must preserve these semantics. One way to achieve this is to trap all possible leaks and emulate the leak in the hypervisor. This is what Xen tried and failed to implement correctly.
An other possible solution to similar problems is to complicate the CPU even further and have it virtualise the corner cases in hardware or microcode.
I thought so too at first, but I'd expect non-x86 host systems running x86 guests to be vulnerable if that were the case. The advisory seems to indicate otherwise.
Firefox on macOS. It feels like the page is trying to do its own smooth scrolling in Javascript, on top of the browser's existing smooth scrolling or something.
Not on my PC where the crash occurred. I'm using Intel graphics on my Ubuntu laptop, and there it's working perfectly. Disabling AddblockPlus seems to solve the problem though.
I can confirm this is the behavior I'm seeing on Firefox. However, it's important to note that YouTube seems to force https if you're logged in, meaning logged-in Firefox users ALWAYS get the Flash player. I've resolved this for now by installing the YouTube ALL HTML5 add-on ( https://addons.mozilla.org/en-US/firefox/addon/youtube-all-h... ).
