DAMNED Re: Fedora Security and the Uverse 3800HGV-B router
Ed Greshko
Ed.Greshko at greshko.com
Sun Jul 3 03:51:51 UTC 2011
On 07/03/2011 11:32 AM, JD wrote:
> At the very least, javascript should be blocked just because
> it is invasive!
That is the conclusion you've reached for yourself based on your
knowledge of the subject matter.
So, by all means, disable javascript in your browser. Also, you'll need
to do it in thunderbird as well. Which I notice you are using. I
could not find a check-box for that. So, you'll have to go to
Preferences-->Advanced-->General and select "Config Editor". Filter on
"javascript" and change the boolean value of javascript.enabled to "false".
There are certainly vulnerabilities in any code. Certainly there are
implementation bugs. But that isn't limited to javascript.
You may want to spend some time at
http://web.nvd.nist.gov/view/vuln/search?execution=e2s1
One which may be of particular interest is CVE-2011-2373. The
description is....
Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x
through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14,
when JavaScript is disabled, allows remote attackers to execute
arbitrary code via a crafted XUL document.
So, be advised that there may be other vulnerabilities when javascript
is *disabled*.
Maybe it is best to stop using computers all together. :-) :-)
--
Even if you do learn to speak correct English, whom are you going to
speak it to? -- Clarence Darrow
More information about the users
mailing list