Re: Javascript: what it is and why you should be concerned

From: Hairy One Kenobi (abuse_at_[127.0.0.1)
Date: 05/27/04


Date: Wed, 26 May 2004 23:38:57 +0100


""Crash" Dummy" <dvader@deathstar.mil> wrote in message
news:10b7fq1j0jsd8e7@corp.supernews.com...
> >Precisely. An annoyance would be windows popping up. [a bloody big
annoyance
> >as it happens] but a security threat would be allowing a scripting engine
> >access to your email engine, address book etc.
>
> As long as scripting is not allowed to control ActiveX or plugins, it
won't have
> that access. I have never encountered a security threat from scripting
alone,
> just annoyances, like cascading browsers.

Oh, there are specific holes. Generally in a specific browser (e.g. IE), and
generally fixed by a specific patch (mostly back in 2001, IIRC)

That said.. the Sun JRE can get "interesting"[1] at times..

H1K

[1] "Interesting" by example:

Q: What could possibly get your attention more than surviving an aircraft
crash-landing in the middle of the Indian Ocean?
A: Hungry sharks

;o)

(Not trying to open a new front in the MS vs. Linux vs. [Yawn]
troll^H^Hvalid discussions.. just experience in using a variety of JVMs over
the past 8 years or so)



Relevant Pages

  • Re: function sleep() in all versions of PHP
    ... Any scripting language that has the ability to execute something with the means of systemcan create and call a script that uses memory and waits indefinitely. ... This is also an annoyance that will not be seen as a bug or will be "fixed" because it would leave the language almost useless. ... The same long wait can be achieved with fsockopen or any other stream function like fread, fwrite, etc. ...
    (Bugtraq)
  • Re: Javascript: what it is and why you should be concerned
    ... An annoyance would be windows popping up. ... >as it happens] but a security threat would be allowing a scripting engine ... As long as scripting is not allowed to control ActiveX or plugins, ... I have never encountered a security threat from scripting alone, ...
    (alt.computer.security)
  • Re: function sleep() in all versions of PHP
    ... This vulnerability is not per se a vulnerability but a annoyance that has been dealt with in many ways. ... This annoyance is also not limited to PHP. ... Any scripting language that has the ability to execute something with the means of systemcan create and call a script that uses memory and waits indefinitely. ...
    (Bugtraq)