[CentOS] C5 : Firefox 38 bug

Fri Jun 12 19:50:13 UTC 2015
jd1008 <jd1008 at gmail.com>


On 06/12/2015 01:40 PM, Gordon Messmer wrote:
> On 06/13/2015 12:11 PM, jd1008 wrote:
>> Why do you make such statements without knowing the intrinsics???
>> How in tarnation do you explain this:
>> http://www.google.com/safebrowsing/diagnostic?site=googleusercontent.com
>
> That site doesn't say anything about Java or Javascript.  Or cookies 
> for that matter.  You're connecting unrelated things.
>
> There are flaws in software.  It's probably safe to say "all software" 
> since we can't really prove otherwise.  Browsers are software.  
> Software flaws in browsers may be used to cause the download and 
> execution of malware.  That is not, however, an indication that Java 
> or Javascript "allow" access to the filesystem or cookies.  They do 
> not.  At least, not any more than images do.  Several browser bugs 
> have allowed code execution as a result of malformed images.  Do you 
> also disable image rendering in your browser?  The justification for 
> both is the same: bugs might allow arbitrary execution of code.
>
>> Malware is installed where it can be executed.
>> Since that is the case, what makes you think JS cannot
>> access your browsing history??
>
> You're connecting unrelated things.
> _
No!! I am not connecting unrelated things.
Noscript shows you the NAME (ostensibly the domain name
from which it comes) of the javascript.
Many websites and even internet providers
push javascripts from other domains.

But, feel free to allow it on all of your browsing.