Security and Javascript

• Previous message (by thread): Security and Javascript
• Next message (by thread): Security and Javascript
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 29/06/13 14:10, Otto Kekäläinen wrote:
> I am not afraid of JavaScript. If we look at the security record of
> many browser related technologies, almost all security issues where
> somebody has managed to privilege them self up to the OS level from
> the browser sandbox has been related to Active X, Java applets or
> Flash.

Is the above true?  It certainly goes against the impression I get from
sites like http://nakedsecurity.sophos.com even if some of them are
using javascript to trigger other types of attacks like user-assisted
ones where they make things look like a legitimate-but-confusing system
request.

But please remember, almost no-one is suggesting campaigning against all
javascript - just that users should be given more control with good free
software like noscript.

Hope that explains,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/

• Previous message (by thread): Security and Javascript
• Next message (by thread): Security and Javascript
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]