Mozilla confirms this bug is exploitable. I am making sure JavaScript is off by default and only enabled in pages where I want it to.
https://www.bleepingcomputer.com/news/security/mozilla-confirms-web-based-execution-vector-for-meltdown-and-spectre-attacks/ On Fri, Jan 5, 2018 at 1:36 AM, der.hans <pl...@lufthans.com> wrote: > Am 05. Jan, 2018 schwätzte Herminio Hernandez, Jr. so: > > moin moin, > > Yeah, JavaScript's annoying. I've been using NoScript to block it outright > for years. I only allow certain sites to have JavaScript. Some of those > sites only get JavaScript when I'm trying to checkout. Some get their own > browser instance before I allow them to have JavaScript. > > Recently JavaScript has been used to do bitcoin mining via web browsers > and it's had several security issues over the years. > > It can't escape the sandbox if it never runs :). > > ciao, > > der.hans > > > Damn Stallman was right again >> >> https://www.gnu.org/philosophy/po/javascript-trap.ja-en.html >> >> On Thu, Jan 4, 2018 at 10:52 PM, Andrew McRobb <andrewmcr...@gmail.com> >> wrote: >> >> JavaScript being the Raccoon? heh >>> >>> Andrew McRobb >>> Full-time Software Developer >>> Part-time Freelancer >>> mcrobb.info >>> >>> On Thu, Jan 4, 2018 at 8:46 PM, Ed <p...@0x1b.com> wrote: >>> >>> More like raccoons to oranges... >>>> 8) >>>> >>>> On Thu, Jan 4, 2018 at 4:59 PM, der.hans <pl...@lufthans.com> wrote: >>>> >>>>> Am 04. Jan, 2018 schwätzte Andrew McRobb so: >>>>> >>>>> moin moin Andrew, >>>>> >>>>> cool, sounds like having umatrix or NoScript blocking javascript is >>>>> >>>> still >>>> >>>>> sufficient. >>>>> >>>>> Need to make sure <script> is blocked as well as the external JS. >>>>> >>>>> https://www.w3schools.com/html/html_scripts.asp >>>>> >>>>> ciao, >>>>> >>>>> der.hans >>>>> >>>>> No, HTML5 is a markup at the end of the day. Comparing JS and HTML, is >>>>>> like >>>>>> comparing apples to oranges. All HTML5 does is include new tags to use >>>>>> when >>>>>> building a web app for you or search engines to use: >>>>>> https://www.w3schools.com/html/html5_intro.asp. It doesn't at all >>>>>> >>>>> handle >>>> >>>>> any logic like JS would, if that's what you are asking. >>>>>> >>>>>> Same can almost go for CSS. It's a description language, it doesn't >>>>>> >>>>> handle >>>> >>>>> any logic (except for select queries). However, CSS is starting to >>>>>> implement variables, but you can only use those for *attributes*. Not >>>>>> write >>>>>> >>>>>> a fully functional app with CSS alone. >>>>>> >>>>>> Andrew McRobb >>>>>> Full-time Software Developer >>>>>> Part-time Freelancer >>>>>> mcrobb.info >>>>>> >>>>>> On Thu, Jan 4, 2018 at 10:21 AM, der.hans <pl...@lufthans.com> wrote: >>>>>> >>>>>> moin moin, >>>>>>> >>>>>>> I haven't paid much attention to HTML and CSS standards for many >>>>>>> >>>>>> years. >>>> >>>>> >>>>>>> As I understand it, HTML5 is script-like to lesson use of javascript. >>>>>>> >>>>>>> Does that mean plain HTML ( no javascript ) is sufficient to exploit >>>>>>> browsers in light of #meltdown and #spectre ? >>>>>>> >>>>>>> https://blog.mozilla.org/security/2018/01/03/mitigations- >>>>>>> landing-new-class-timing-attack/ >>>>>>> >>>>>>> https://sites.google.com/a/chromium.org/dev/Home/chromium- >>>>>>> >>>>>> security/ssca >>>> >>>>> >>>>>>> What about CSS? >>>>>>> >>>>>>> ciao, >>>>>>> >>>>>>> der.hans >>>>>>> -- >>>>>>> # https://www.LuftHans.com https://www.PhxLinux.org >>>>>>> # As we enjoy great Advantages from the >>>>>>> # Inventions of others we should be glad of an >>>>>>> # Opportunity to serve others by any Invention of ours, >>>>>>> # and this we should do freely and generously. >>>>>>> # -- Benjamin Franklin (1706-1790), on his refusal to patent his >>>>>>> inventions. >>>>>>> --------------------------------------------------- >>>>>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>>>>>> To subscribe, unsubscribe, or to change your mail settings: >>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >>>>>>> >>>>>> >>>>>> >>>>>> >>>>> -- >>>>> # https://www.LuftHans.com https://www.PhxLinux.org >>>>> # Nobody grows old merely by living a number of years. >>>>> # We grow old by deserting our ideals. >>>>> # Years may wrinkle the skin, but to give up enthusiasm >>>>> # wrinkles the soul. -- Samuel Ullman >>>>> --------------------------------------------------- >>>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>>>> To subscribe, unsubscribe, or to change your mail settings: >>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >>>>> >>>> --------------------------------------------------- >>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>>> To subscribe, unsubscribe, or to change your mail settings: >>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >>>> >>>> >>> >>> --------------------------------------------------- >>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>> To subscribe, unsubscribe, or to change your mail settings: >>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >>> >>> >> > -- > # https://www.LuftHans.com https://www.PhxLinux.org > # It's up to the reader to make the book interesting. > # An author has only the opportunity to make it uninteresting. - der.hans > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss >
--------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss