On Sat, 14 Apr 2018 00:20:28 -0700
Samuel Sieb <sam...@sieb.net> wrote:

> On 04/12/2018 04:04 PM, Rick Stevens wrote:
> > And again, if you don't allow your browser or mail client to install
> > software (which is a spectacularly bad idea in the first place) and
> > you're careful about which links you click and which packages you
> > download and install, it's sort of a moot point.  
> It's not about installing something.  A website can run javascript on 
> your browser (unless you're using the mentioned javascript blockers 
> which cripple most sites).  And apparently a website could have 
> javascript keep running even after you leave the site.  This has 
> possibly been corrected by Firefox.  I don't remember all the details.

I think that closing the tab ends the javascript access for that site.
But I'm running noscript, so it might be that it is noscript, and not
firefox, enforcing that.  I also run cookie autodelete, and that might
end access for a site because any cookies it created are deleted when
the tab is closed.  I say this because when I close a tab for a site
that I've logged into, and then open a new tab for it, I have to enable
javascript and log in for that site again.

This is complicated, because of the way the web works.  If everything
displayed in the browser was created by the foreign web server, it would
be simpler, though slower.  Allowing foreign software to run in the
client browser is a security hole, because there will always be bugs, or
unintended access routes, in complex software for the bad guys to
exploit.  The binary for firefox is about 80 MBytes (the hg
source repository is over 4 GBytes), that's a lot of attack surface.
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Reply via email to