On Wed, 2016-02-10 at 10:53 -0700, jd1008 wrote: > > On 02/10/2016 10:27 AM, Patrick O'Callaghan wrote: > > On Wed, 2016-02-10 at 10:17 -0700, jd1008 wrote: > > > A malefic website can and does user JS to fork out processes that > > > can > > > sudo whatever they want. > > Are you sure? If so, please give a reference. > > > > poc > Some years ago, the reference came directly from google website > analysis > (obtained via the noscript add-on). > to paraphrase what I read then (as I am sorry I did not keep that > link), > stated > .... it installs malware without the user's knowledge or permission > .... > > I will strive to locate that analysis and share it with th list. > > Unless of course, it has been sanitized or removed - because google > re-analyzes websites > once every 90 days.
I suspect you're thinking of a bug in some earlier version of JS (or Java). Normally these things are supposed to run in a sandbox precisely to prevent this. That's probably the main reason Google has just announced they'll be blocking Flash content in the near future, as it's notorious for this kind of problem. poc -- users mailing list [email protected] To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
