Re: How does GMail know I use Firebug extension in Iceweasel?

From: "Douglas A. Tutty" <dtutty@xxxxxxxxxxxxx>
Date: Thu, 29 Nov 2007 09:41:29 -0500

On Wed, Nov 28, 2007 at 09:11:39PM -0800, Kelly Clowers wrote:

On Nov 28, 2007 7:06 PM, Douglas A. Tutty <dtutty@xxxxxxxxxxxxx> wrote:

<snip>

AIUI, enabling JavaScript enables the remote site to run javascript on
your box. It doesn't do any sort of audit of what it will run. So I
would assume tht it can do whatever javascript is capable of.

Can javascript read my .ssh directory and grab my id_rsa or id_dsa?

Javascript the language can - i.e. you could write a script file in JS
instead of Perl. However, JS that is run in a web page is sandboxed.
If it could read your files it would be considered a (very) major security
flaw in that browser's JS implementation and the news would be all
over the tech sites.

So how big is the sandbox? What is the worst that a mal JS could do?
So we don't keep site passwords in the browser's "shall I remember this
for the future" but instead keep it in a separate file in the home
directory. I would assume then that after visiting a site where I had
to enter a password, I should exit and restart the browser before
visiting another site?

Doug.

--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

References:
- How does GMail know I use Firebug extension in Iceweasel?
  - From: Raj Kiran Grandhi
- Re: How does GMail know I use Firebug extension in Iceweasel?
  - From: Ron Johnson
- Re: How does GMail know I use Firebug extension in Iceweasel?
  - From: Raj Kiran Grandhi
- Re: How does GMail know I use Firebug extension in Iceweasel?
  - From: Douglas A. Tutty
- Re: How does GMail know I use Firebug extension in Iceweasel?
  - From: Kelly Clowers

Prev by Date: Re: Is it exist a mailing-list for console only users ?
Next by Date: Re: Problems booting AMD64 Dual Core
Previous by thread: Re: How does GMail know I use Firebug extension in Iceweasel?
Next by thread: Re: How does GMail know I use Firebug extension in Iceweasel?
Index(es):
- Date
- Thread

Relevant Pages

Re: risks of using net apps as a user in wheel or adm?
... Would it be better to have a separate user not a member of any special ... some risk having any user on a box run iceweasel, javascript, and flash? ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
(Debian-User)
Re: firefox keeps grabbing huge chunks of my system
... Could be java or javascript running. ... what plugins are installed etc etc etc ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
(Debian-User)
risks of using net apps as a user in wheel or adm?
... flash or piece of javascript really do you files in your home directory? ... What are the security implications of this if you are also a member of ... has to keep up with features to be useable is more ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
(Debian-User)
Re: Websites which insist upon Adobe Acrobat
... firebug might be useful to debug their Javascript. ... I'll give that a shot - if that doesn't work then I might just ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
(Debian-User)
Re: Opinion: Scripting in a Ruby program
... The important question for me is, why does this need to be a sandbox? ... bits of script from an external source with. ... Ruby code with full privileges. ... Javascript, but definitely early on, it was a sad attempt to "improve" on ...
(comp.lang.ruby)