Questions on Security
NoOp
glgxg at sbcglobal.net
Sun Jun 6 22:04:17 UTC 2010
On 06/06/2010 11:01 AM, Brian wrote:
> On Thu 03 Jun 2010 at 18:03:34 -0400, Nathan Bahn wrote:
>
>> Attention all--
>
> We're all ears!
>
>> I have read (at least, insofar as Windows operating systems are concerned)
>> that Java Script should be disabled on web browsers whenever possible
>> because of drive-by infections from infected websites. Does this also apply
>> to Linux?
>
> Drive-by infections are triggered by a vulnerability in the browser. Firefox
> on Linux doesn't appear to have any at present, so using JavaScript is not an
> issue.
>
I like the "at present" part... Perhaps you missed my earlier post in
this thread:
<http://www.google.com/search?hl=en&complete=0&q=site%3Ahttp%3A%2F%2Fwww.ubuntu.com%2Fusn+%2Bjavascript&btnG=Search>
and note that it's not just browsers.
Here, let me give you a sample:
http://www.ubuntu.com/usn/usn-586-1
[USN-586-1: mailman vulnerability]
<quote>
Multiple cross-site scripting flaws were discovered in mailman. A
malicious list administrator could exploit this to execute arbitrary
JavaScript, potentially stealing user credentials.
</quote>
That said: Mozilla (IMO) does an excellent job of addressing security
issues as soon as they are found. Better than Cisco, Adobe, HP, Apple,
Google & Oracle:
<http://www.mercurynews.com/portlet/article/html/imageDisplay.jsp?contentItemRelationshipId=3010398>
More information about the ubuntu-users
mailing list