Re: Questions on Security



On 06/06/2010 11:01 AM, Brian wrote:
On Thu 03 Jun 2010 at 18:03:34 -0400, Nathan Bahn wrote:

Attention all--

We're all ears!

I have read (at least, insofar as Windows operating systems are concerned)
that Java Script should be disabled on web browsers whenever possible
because of drive-by infections from infected websites. Does this also apply
to Linux?

Drive-by infections are triggered by a vulnerability in the browser. Firefox
on Linux doesn't appear to have any at present, so using JavaScript is not an
issue.


I like the "at present" part... Perhaps you missed my earlier post in
this thread:

<http://www.google.com/search?hl=en&complete=0&q=site%3Ahttp%3A%2F%2Fwww.ubuntu.com%2Fusn+%2Bjavascript&btnG=Search>

and note that it's not just browsers.

Here, let me give you a sample:
http://www.ubuntu.com/usn/usn-586-1
[USN-586-1: mailman vulnerability]
<quote>
Multiple cross-site scripting flaws were discovered in mailman. A
malicious list administrator could exploit this to execute arbitrary
JavaScript, potentially stealing user credentials.
</quote>

That said: Mozilla (IMO) does an excellent job of addressing security
issues as soon as they are found. Better than Cisco, Adobe, HP, Apple,
Google & Oracle:

<http://www.mercurynews.com/portlet/article/html/imageDisplay.jsp?contentItemRelationshipId=3010398>



--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users



Relevant Pages