On 06/12/2015 11:57 AM, Jonathan Billings wrote:
On Sat, Jun 13, 2015 at 10:55:47AM -0600, jd1008 wrote:
The most offensive problems of using browsers is that
they do not tell you nor ask your permission when javascripts
spy on your entire storage contents.
Huh? You've been misinformed. Certainly there have been exploits
against browsers to bypass the sandbox, but this isn't the default
configuration in any browser I know of.guration or no,
Configuration or no, the developer told me the bottom line
scoop. FF, SM, IE, ....etc, all execute javascripts like obedient
slaves.
I had asked a java developer at Sun Microsystems about
what Sun means when it says that Java runs in a sandbox?
Just what is the sandbox?
I also asked if browsers that execute javascripts are retricted
to this notion of a sandbox that does not leak out into
the rest of the system.
He said the "sandbox" is the entire storage on your computer.
Java != JavaScript. It's a common misconception. Perhaps that's why
this java developer might have answered the way he did, although I'm
fairly certain Java sandboxes can also be restricted (although I'm norowsers
Java developer) so they don't have access to the entire storage of
your computer. Certainly, simple UNIX permissions prevent both Java
and browsers from getting access to the *entire* storage on your
computer, unless they're used to exploit some other vulnerability.
If you're concerned about JavaScript, I suggest looking into the
NoScript firefox extension.
All your browsing history, all cookies ...etc are open books
as far as many javascripts are concerned.
For example, all browsers execute the javascript called
googleusercontent.com
Please read this page:
http://www.google.com/safebrowsing/diagnostic?site=googleusercontent.com
Be INFORMED!!
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
