[CentOS] C5 : Firefox 38 bug

Gordon Messmer gordon.messmer at gmail.com
Fri Jun 12 19:40:25 UTC 2015


On 06/13/2015 12:11 PM, jd1008 wrote:
> Why do you make such statements without knowing the intrinsics???
> How in tarnation do you explain this:
> http://www.google.com/safebrowsing/diagnostic?site=googleusercontent.com

That site doesn't say anything about Java or Javascript.  Or cookies for 
that matter.  You're connecting unrelated things.

There are flaws in software.  It's probably safe to say "all software" 
since we can't really prove otherwise.  Browsers are software.  Software 
flaws in browsers may be used to cause the download and execution of 
malware.  That is not, however, an indication that Java or Javascript 
"allow" access to the filesystem or cookies.  They do not.  At least, 
not any more than images do.  Several browser bugs have allowed code 
execution as a result of malformed images.  Do you also disable image 
rendering in your browser?  The justification for both is the same: bugs 
might allow arbitrary execution of code.

> Malware is installed where it can be executed.
> Since that is the case, what makes you think JS cannot
> access your browsing history??

You're connecting unrelated things.



More information about the CentOS mailing list