On 07/03/2011 11:32 AM, JD wrote: > At the very least, javascript should be blocked just because > it is invasive! That is the conclusion you've reached for yourself based on your knowledge of the subject matter. So, by all means, disable javascript in your browser. Also, you'll need to do it in thunderbird as well. Which I notice you are using. I could not find a check-box for that. So, you'll have to go to Preferences-->Advanced-->General and select "Config Editor". Filter on "javascript" and change the boolean value of javascript.enabled to "false". There are certainly vulnerabilities in any code. Certainly there are implementation bugs. But that isn't limited to javascript. You may want to spend some time at http://web.nvd.nist.gov/view/vuln/search?execution=e2s1 One which may be of particular interest is CVE-2011-2373. The description is.... Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document. So, be advised that there may be other vulnerabilities when javascript is *disabled*. Maybe it is best to stop using computers all together. :-) :-) -- Even if you do learn to speak correct English, whom are you going to speak it to? -- Clarence Darrow -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
