On 07/03/2011 11:32 AM, JD wrote:
At the very least, javascript should be blocked just because it is invasive!
That is the conclusion you've reached for yourself based on your knowledge of the subject matter.
So, by all means, disable javascript in your browser. Also, you'll need to do it in thunderbird as well. Which I notice you are using. I could not find a check-box for that. So, you'll have to go to Preferences-->Advanced-->General and select "Config Editor". Filter on "javascript" and change the boolean value of javascript.enabled to "false".
There are certainly vulnerabilities in any code. Certainly there are implementation bugs. But that isn't limited to javascript.
You may want to spend some time at http://web.nvd.nist.gov/view/vuln/search?execution=e2s1
One which may be of particular interest is CVE-2011-2373. The description is....
Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.
So, be advised that there may be other vulnerabilities when javascript is *disabled*.
Maybe it is best to stop using computers all together. :-) :-)