>
> Users are recommended to update to Firefox 57
>
>
Looks like I'm good here. I'm honestly surprised you can pull this off in
JavaScript. Must be a true JS wizard if you can pull this off. Looks like
I'm setting my Updates Manager to check every 30 days now, until all this
stuff has been resolved, since some apps don't look like they can get a
patch until near the end of the month.
Andrew McRobb
Full-time Software Developer
Part-time Freelancer
mcrobb.info
On Fri, Jan 5, 2018 at 1:45 AM, Herminio Hernandez, Jr. <
herminio.hernandezjr@gmail.com> wrote:
> Mozilla confirms this bug is exploitable. I am making sure JavaScript is
> off by default and only enabled in pages where I want it to.
>
> https://www.bleepingcomputer.com/news/security/mozilla-
> confirms-web-based-execution-vector-for-meltdown-and-spectre-attacks/
>
> On Fri, Jan 5, 2018 at 1:36 AM, der.hans <PLUGd@lufthans.com> wrote:
>
>> Am 05. Jan, 2018 schwätzte Herminio Hernandez, Jr. so:
>>
>> moin moin,
>>
>> Yeah, JavaScript's annoying. I've been using NoScript to block it outright
>> for years. I only allow certain sites to have JavaScript. Some of those
>> sites only get JavaScript when I'm trying to checkout. Some get their own
>> browser instance before I allow them to have JavaScript.
>>
>> Recently JavaScript has been used to do bitcoin mining via web browsers
>> and it's had several security issues over the years.
>>
>> It can't escape the sandbox if it never runs :).
>>
>> ciao,
>>
>> der.hans
>>
>>
>> Damn Stallman was right again
>>>
>>> https://www.gnu.org/philosophy/po/javascript-trap.ja-en.html
>>>
>>> On Thu, Jan 4, 2018 at 10:52 PM, Andrew McRobb <andrewmcrobb@gmail.com>
>>> wrote:
>>>
>>> JavaScript being the Raccoon? heh
>>>>
>>>> Andrew McRobb
>>>> Full-time Software Developer
>>>> Part-time Freelancer
>>>> mcrobb.info
>>>>
>>>> On Thu, Jan 4, 2018 at 8:46 PM, Ed <plug@0x1b.com> wrote:
>>>>
>>>> More like raccoons to oranges...
>>>>> 8)
>>>>>
>>>>> On Thu, Jan 4, 2018 at 4:59 PM, der.hans <PLUGd@lufthans.com> wrote:
>>>>>
>>>>>> Am 04. Jan, 2018 schwätzte Andrew McRobb so:
>>>>>>
>>>>>> moin moin Andrew,
>>>>>>
>>>>>> cool, sounds like having umatrix or NoScript blocking javascript is
>>>>>>
>>>>> still
>>>>>
>>>>>> sufficient.
>>>>>>
>>>>>> Need to make sure <script> is blocked as well as the external JS.
>>>>>>
>>>>>> https://www.w3schools.com/html/html_scripts.asp
>>>>>>
>>>>>> ciao,
>>>>>>
>>>>>> der.hans
>>>>>>
>>>>>> No, HTML5 is a markup at the end of the day. Comparing JS and HTML, is
>>>>>>> like
>>>>>>> comparing apples to oranges. All HTML5 does is include new tags to
>>>>>>> use
>>>>>>> when
>>>>>>> building a web app for you or search engines to use:
>>>>>>> https://www.w3schools.com/html/html5_intro.asp. It doesn't at all
>>>>>>>
>>>>>> handle
>>>>>
>>>>>> any logic like JS would, if that's what you are asking.
>>>>>>>
>>>>>>> Same can almost go for CSS. It's a description language, it doesn't
>>>>>>>
>>>>>> handle
>>>>>
>>>>>> any logic (except for select queries). However, CSS is starting to
>>>>>>> implement variables, but you can only use those for *attributes*. Not
>>>>>>> write
>>>>>>>
>>>>>>> a fully functional app with CSS alone.
>>>>>>>
>>>>>>> Andrew McRobb
>>>>>>> Full-time Software Developer
>>>>>>> Part-time Freelancer
>>>>>>> mcrobb.info
>>>>>>>
>>>>>>> On Thu, Jan 4, 2018 at 10:21 AM, der.hans <PLUGd@lufthans.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>> moin moin,
>>>>>>>>
>>>>>>>> I haven't paid much attention to HTML and CSS standards for many
>>>>>>>>
>>>>>>> years.
>>>>>
>>>>>>
>>>>>>>> As I understand it, HTML5 is script-like to lesson use of
>>>>>>>> javascript.
>>>>>>>>
>>>>>>>> Does that mean plain HTML ( no javascript ) is sufficient to exploit
>>>>>>>> browsers in light of #meltdown and #spectre ?
>>>>>>>>
>>>>>>>> https://blog.mozilla.org/security/2018/01/03/mitigations-
>>>>>>>> landing-new-class-timing-attack/
>>>>>>>>
>>>>>>>> https://sites.google.com/a/chromium.org/dev/Home/chromium-
>>>>>>>>
>>>>>>> security/ssca
>>>>>
>>>>>>
>>>>>>>> What about CSS?
>>>>>>>>
>>>>>>>> ciao,
>>>>>>>>
>>>>>>>> der.hans
>>>>>>>> --
>>>>>>>> # https://www.LuftHans.com https://www.PhxLinux.org
>>>>>>>> # As we enjoy great Advantages from the
>>>>>>>> # Inventions of others we should be glad of an
>>>>>>>> # Opportunity to serve others by any Invention of ours,
>>>>>>>> # and this we should do freely and generously.
>>>>>>>> # -- Benjamin Franklin (1706-1790), on his refusal to patent his
>>>>>>>> inventions.
>>>>>>>> ---------------------------------------------------
>>>>>>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> --
>>>>>> # https://www.LuftHans.com https://www.PhxLinux.org
>>>>>> # Nobody grows old merely by living a number of years.
>>>>>> # We grow old by deserting our ideals.
>>>>>> # Years may wrinkle the skin, but to give up enthusiasm
>>>>>> # wrinkles the soul. -- Samuel Ullman
>>>>>> ---------------------------------------------------
>>>>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>>
>>>
>> --
>> # https://www.LuftHans.com https://www.PhxLinux.org
>> # It's up to the reader to make the book interesting.
>> # An author has only the opportunity to make it uninteresting. - der.hans
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)