[CentOS] C5 : Firefox 38 bug

Fri Jun 12 23:50:03 UTC 2015
Always Learning <centos at u64.u22.net>

On Fri, 2015-06-12 at 14:38 -0600, Warren Young wrote:

> The main point of blocking JavaScript is that it throws a spike strip
>  in the path of many other types of attacks.  For instance, a Flash
>  exploit often relies on some JS probing code to run before it can run,
>  so blocking JS provides a second layer of protection while you’re
>  waiting for Adobe to get around to patching the Flash plugin.

Never had Flash (Macromedia or Adobe) on any computer system - Windoze
3, 95's and 98 (my last) or on Centos.  Prefer to miss something
requiring Flash. Now FF 38 has HTML5, I can view YouTube for the first
time ever.  Other European countries official sites seem to use MP4
which FF's mplayer add-on displays.

> There is some minor evil possible directly from JavaScript.  Some examples:
> * A script can probe your surfing history by dynamically generating
>  hyperlinks in a hidden browser DOM, then checking how the browser
>  styled those elements to infer whether you’ve clicked on that URL
>  before.  It’s a brute-force kind of thing, so it’s not too serious in
>  practice, but it is a privacy leak.

History, cookies etc. are deleted every time FF closes. Whilst FF is
running they are on a RAM disk.

Thanks for the input.


England, EU.      England's place is in the European Union.