Questions on Security

NoOp glgxg at
Sun Jun 6 22:04:17 UTC 2010

On 06/06/2010 11:01 AM, Brian wrote:
> On Thu 03 Jun 2010 at 18:03:34 -0400, Nathan Bahn wrote:
>> Attention all--
> We're all ears!
>> I have read (at least, insofar as Windows operating systems are concerned)
>> that Java Script should be disabled on web browsers whenever possible
>> because of drive-by infections from infected websites.  Does this also apply
>> to Linux?
> Drive-by infections are triggered by a vulnerability in the browser. Firefox
> on Linux doesn't appear to have any at present, so using JavaScript is not an
> issue.

I like the "at present" part... Perhaps you missed my earlier post in
this thread:


and note that it's not just browsers.

Here, let me give you a sample:
[USN-586-1: mailman vulnerability]
Multiple cross-site scripting flaws were discovered in mailman. A
malicious list administrator could exploit this to execute arbitrary
JavaScript, potentially stealing user credentials.

That said: Mozilla (IMO) does an excellent job of addressing security
issues as soon as they are found. Better than Cisco, Adobe, HP, Apple,
Google & Oracle:


More information about the ubuntu-users mailing list