Mozilla confirms this bug is exploitable. I am making sure JavaScript is off by default and only enabled in pages where I want it to. https://www.bleepingcomputer.com/news/security/mozilla-confirms-web-based-execution-vector-for-meltdown-and-spectre-attacks/ On Fri, Jan 5, 2018 at 1:36 AM, der.hans wrote: > Am 05. Jan, 2018 schwätzte Herminio Hernandez, Jr. so: > > moin moin, > > Yeah, JavaScript's annoying. I've been using NoScript to block it outright > for years. I only allow certain sites to have JavaScript. Some of those > sites only get JavaScript when I'm trying to checkout. Some get their own > browser instance before I allow them to have JavaScript. > > Recently JavaScript has been used to do bitcoin mining via web browsers > and it's had several security issues over the years. > > It can't escape the sandbox if it never runs :). > > ciao, > > der.hans > > > Damn Stallman was right again >> >> https://www.gnu.org/philosophy/po/javascript-trap.ja-en.html >> >> On Thu, Jan 4, 2018 at 10:52 PM, Andrew McRobb >> wrote: >> >> JavaScript being the Raccoon? heh >>> >>> Andrew McRobb >>> Full-time Software Developer >>> Part-time Freelancer >>> mcrobb.info >>> >>> On Thu, Jan 4, 2018 at 8:46 PM, Ed wrote: >>> >>> More like raccoons to oranges... >>>> 8) >>>> >>>> On Thu, Jan 4, 2018 at 4:59 PM, der.hans wrote: >>>> >>>>> Am 04. Jan, 2018 schwätzte Andrew McRobb so: >>>>> >>>>> moin moin Andrew, >>>>> >>>>> cool, sounds like having umatrix or NoScript blocking javascript is >>>>> >>>> still >>>> >>>>> sufficient. >>>>> >>>>> Need to make sure