[CentOS] C5 : Firefox 38 bug

Sat Jun 13 18:11:21 UTC 2015
jd1008 <jd1008 at gmail.com>


On 06/12/2015 11:57 AM, Jonathan Billings wrote:
> On Sat, Jun 13, 2015 at 10:55:47AM -0600, jd1008 wrote:
>> The most offensive problems of using browsers is that
>> they do not tell you nor ask your permission when javascripts
>> spy on your entire storage contents.
> Huh?  You've been misinformed.  Certainly there have been exploits
> against browsers to bypass the sandbox, but this isn't the default
> configuration in any browser I know of.guration or no,
Configuration or no, the developer told me the bottom line
scoop. FF, SM, IE, ....etc, all execute javascripts like obedient
slaves.

>
>> I had asked a java developer at Sun Microsystems about
>> what Sun means when it says that Java runs in a sandbox?
>> Just what is the sandbox?
>> I also asked if browsers that execute javascripts are retricted
>> to this notion of a sandbox that does not leak out into
>> the rest of the system.
>>
>> He said the "sandbox" is the entire storage on your computer.
> Java != JavaScript.  It's a common misconception.  Perhaps that's why
> this java developer might have answered the way he did, although I'm
> fairly certain Java sandboxes can also be restricted (although I'm norowsers
> Java developer) so they don't have access to the entire storage of
> your computer.  Certainly, simple UNIX permissions prevent both Java
> and browsers from getting access to the *entire* storage on your
> computer, unless they're used to exploit some other vulnerability.
>
> If you're concerned about JavaScript, I suggest looking into the
> NoScript firefox extension.
All your browsing history, all cookies ...etc are open books
as far as many javascripts are concerned.
For example, all browsers execute the javascript called
googleusercontent.com

Please read this page:
http://www.google.com/safebrowsing/diagnostic?site=googleusercontent.com

Be INFORMED!!