From plug-discuss-bounces@lists.phxlinux.org Fri Jan 5 01:45:50 2018 Return-Path: X-Original-To: lurker@lists.phxlinux.org Delivered-To: lurker@lists.phxlinux.org Received: from phxlinux.org (localhost [127.0.0.1]) by phxlinux.org (Postfix) with ESMTP id 7B50432A01BC; Fri, 5 Jan 2018 01:45:50 -0700 (MST) X-Original-To: plug-discuss@lists.phxlinux.org Delivered-To: plug-discuss@lists.phxlinux.org Received: from mail-wm0-f45.google.com (mail-wm0-f45.google.com [74.125.82.45]) by phxlinux.org (Postfix) with ESMTPS id 20FED32A01B6 for ; Fri, 5 Jan 2018 01:45:49 -0700 (MST) Received: by mail-wm0-f45.google.com with SMTP id g75so1090383wme.0 for ; Fri, 05 Jan 2018 00:45:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=XzEhWbsrRFh22pHvlCy8JjMJAMMAhrt9/euWKbI4R+s=; b=QDXsdUYGZE+wpAAXnsoJnmgaGQ7JgIYDim+/eG1TCl2goHhWw08d4cHMPiqDEEI7xG JaT7dnRDf5o7VjB0bCthOqgwNVUcynM1TmSPbd3FbJ7SlLW9OR0jIdSKfIVq+UhPEYmc qXtPfojQbQe+9GkILUwxEsD9rPiR/iorVvFrGFgiRo1dBf/nrINgapd4ekrD38x5BrEH EyM3oXbkIhUu4/kUhIUZzu1953wBFZ/gTHOWgn9dMCH86YTXz0xJ9yAWqsXI73aFsAY+ 8Xpu0L8kDqisnanXkPk18y7jKomPzHmn2yoxy+vIWyPyRreW9vBQASamiAVWSxYmxazY y+FQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=XzEhWbsrRFh22pHvlCy8JjMJAMMAhrt9/euWKbI4R+s=; b=CadDQgO20CyiKUbYSMKaXVKjcKJdVeBFDZZxkwpyWZozZ4l4baMalkyuZ1owEiWTAq +wFUJD5L6b+egBCYbn4HgxzLVV7SulJDKcPPNuoQ9D9qXRDJMWqsFmLXS3yogrchN01Q m/slCEy8T/gN+PqtCbv/vhQnxSdpHW6fh7vt6aaXHtg1ZmDQRjd0t33pOFQ1PCMvtXP9 qLlzLEA8bNCKxkErp+dudbihyIVSY6k4LOj4xxBfIfQjBatuM3GxIpRWR2S4vx3A7PT2 fEMzp6bGGILC4XcTcXmam/QePtEFsKybVOpdF+rCQy1rjqrGQ1FHxV4/Q18Qt2Yv2oI8 K3SA== X-Gm-Message-State: AKGB3mKK1gGSvR9nSqxNQekvekONfz6jxRgy6gk/wlqqshUqVFnh4jY2 mxTb7AbL+8EGtEyvwhtAwVSOhLIBiJPwWUygzj8jjKqW X-Google-Smtp-Source: ACJfBov8PX9mdhZ/lQ096GIud4b57JUVB9fpyJxR/edgtCn3Ols9gwfpnt7TtTsw3iXfFnNPT6JIf4nFTa3QwtE2xog= X-Received: by 10.80.169.104 with SMTP id m37mr3089756edc.15.1515141947654; Fri, 05 Jan 2018 00:45:47 -0800 (PST) MIME-Version: 1.0 Received: by 10.80.168.100 with HTTP; Fri, 5 Jan 2018 00:45:47 -0800 (PST) In-Reply-To: References: From: "Herminio Hernandez, Jr." Date: Fri, 5 Jan 2018 01:45:47 -0700 Message-ID: Subject: Re: HTML5 as JS To: Main PLUG discussion list X-BeenThere: plug-discuss@lists.phxlinux.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Main PLUG discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Main PLUG discussion list Content-Type: multipart/mixed; boundary="===============7599718310475289311==" Errors-To: plug-discuss-bounces@lists.phxlinux.org Sender: "PLUG-discuss" --===============7599718310475289311== Content-Type: multipart/alternative; boundary="94eb2c0c39dc93056905620379d4" --94eb2c0c39dc93056905620379d4 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Mozilla confirms this bug is exploitable. I am making sure JavaScript is off by default and only enabled in pages where I want it to. https://www.bleepingcomputer.com/news/security/mozilla-confirms-web-based-e= xecution-vector-for-meltdown-and-spectre-attacks/ On Fri, Jan 5, 2018 at 1:36 AM, der.hans wrote: > Am 05. Jan, 2018 schw=C3=A4tzte Herminio Hernandez, Jr. so: > > moin moin, > > Yeah, JavaScript's annoying. I've been using NoScript to block it outrigh= t > for years. I only allow certain sites to have JavaScript. Some of those > sites only get JavaScript when I'm trying to checkout. Some get their own > browser instance before I allow them to have JavaScript. > > Recently JavaScript has been used to do bitcoin mining via web browsers > and it's had several security issues over the years. > > It can't escape the sandbox if it never runs :). > > ciao, > > der.hans > > > Damn Stallman was right again >> >> https://www.gnu.org/philosophy/po/javascript-trap.ja-en.html >> >> On Thu, Jan 4, 2018 at 10:52 PM, Andrew McRobb >> wrote: >> >> JavaScript being the Raccoon? heh >>> >>> Andrew McRobb >>> Full-time Software Developer >>> Part-time Freelancer >>> mcrobb.info >>> >>> On Thu, Jan 4, 2018 at 8:46 PM, Ed wrote: >>> >>> More like raccoons to oranges... >>>> 8) >>>> >>>> On Thu, Jan 4, 2018 at 4:59 PM, der.hans wrote: >>>> >>>>> Am 04. Jan, 2018 schw=C3=A4tzte Andrew McRobb so: >>>>> >>>>> moin moin Andrew, >>>>> >>>>> cool, sounds like having umatrix or NoScript blocking javascript is >>>>> >>>> still >>>> >>>>> sufficient. >>>>> >>>>> Need to make sure