Re: How does GMail know I use Firebug extension in Iceweasel?



On Wed, Nov 28, 2007 at 09:11:39PM -0800, Kelly Clowers wrote:
On Nov 28, 2007 7:06 PM, Douglas A. Tutty <dtutty@xxxxxxxxxxxxx> wrote:

<snip>

AIUI, enabling JavaScript enables the remote site to run javascript on
your box. It doesn't do any sort of audit of what it will run. So I
would assume tht it can do whatever javascript is capable of.

Can javascript read my .ssh directory and grab my id_rsa or id_dsa?

Javascript the language can - i.e. you could write a script file in JS
instead of Perl. However, JS that is run in a web page is sandboxed.
If it could read your files it would be considered a (very) major security
flaw in that browser's JS implementation and the news would be all
over the tech sites.


So how big is the sandbox? What is the worst that a mal JS could do?
So we don't keep site passwords in the browser's "shall I remember this
for the future" but instead keep it in a separate file in the home
directory. I would assume then that after visiting a site where I had
to enter a password, I should exit and restart the browser before
visiting another site?

Doug.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx



Relevant Pages

  • Re: risks of using net apps as a user in wheel or adm?
    ... Would it be better to have a separate user not a member of any special ... some risk having any user on a box run iceweasel, javascript, and flash? ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • Re: firefox keeps grabbing huge chunks of my system
    ... Could be java or javascript running. ... what plugins are installed etc etc etc ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • risks of using net apps as a user in wheel or adm?
    ... flash or piece of javascript really do you files in your home directory? ... What are the security implications of this if you are also a member of ... has to keep up with features to be useable is more ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • Re: Hostile Java Script Defense?
    ... |>the Java "sandbox" security model will protect you ... |>snake oil:(Consider whether you really -need- to allow javascript at ... hostile scripts written in Java (which actually *has* a security model ...
    (comp.security.misc)
  • Re: Some images not displayed by Iceweasel
    ... display images. ... I suspect that javascript is involved. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)