Is Javascript safe?

classic Classic list List threaded Threaded
59 messages Options
123
Reply | Threaded
Open this post in threaded view
|

Is Javascript safe?

al-2
Now that the developers have basically said Javascript should be left
on and users shouldn't fiddle with it does that mean it is safe to run
Javascript under Firefox and Firefox will prevent anything nasty from
happening?


_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Is Javascript safe?

WaltS-2
On 08/22/2013 09:00 AM, [hidden email] wrote:
> Now that the developers have basically said Javascript should be left
> on and users shouldn't fiddle with it does that mean it is safe to run
> Javascript under Firefox and Firefox will prevent anything nasty from
> happening?
>
>


In my opinion with the new Mixed Content Blocking feature the answer is yes.

Old blog post, but the feature is in Firefox 23.0.1.

<https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-firefox-aurora/>
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Is Javascript safe?

al-2
On Thu, 22 Aug 2013 09:08:37 -0400, WaltS <[hidden email]>
wrote:

>On 08/22/2013 09:00 AM, [hidden email] wrote:
>> Now that the developers have basically said Javascript should be left
>> on and users shouldn't fiddle with it does that mean it is safe to run
>> Javascript under Firefox and Firefox will prevent anything nasty from
>> happening?
>>
>>
>
>
>In my opinion with the new Mixed Content Blocking feature the answer is yes.
>
>Old blog post, but the feature is in Firefox 23.0.1.
>
><https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-firefox-aurora/>

So a dodgy/hacked site can't run some Javascript that will put some
malware on my computer?  


_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Is Javascript safe?

WaltS-2
On 08/22/2013 09:29 AM, [hidden email] wrote:

> On Thu, 22 Aug 2013 09:08:37 -0400, WaltS <[hidden email]>
> wrote:
>
>> On 08/22/2013 09:00 AM, [hidden email] wrote:
>>> Now that the developers have basically said Javascript should be left
>>> on and users shouldn't fiddle with it does that mean it is safe to run
>>> Javascript under Firefox and Firefox will prevent anything nasty from
>>> happening?
>>>
>>>
>>
>>
>> In my opinion with the new Mixed Content Blocking feature the answer is yes.
>>
>> Old blog post, but the feature is in Firefox 23.0.1.
>>
>> <https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-firefox-aurora/>
>
> So a dodgy/hacked site can't run some Javascript that will put some
> malware on my computer?
>
>


You can always restore the ability to allow JavaScript with an extension.

NoScript is one, or you can pick one of you choosing.

<https://addons.mozilla.org/en-US/firefox/search/?q=Script>
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Is Javascript safe?

Was Greywolf
In reply to this post by al-2
On 2013-08-22 9:00 AM, [hidden email] wrote:
> Now that the developers have basically said Javascript should be left
> on and users shouldn't fiddle with it does that mean it is safe to run
> Javascript under Firefox and Firefox will prevent anything nasty from
> happening?

Yes and no. All browsers now include first-line defences against evil
stuff (see other posts for tech details), but you need a good shield
too, plus assorted anti-evil programs to scan your system at fairly
regular intervals (during which you'll have to disconnect, as you'll
have to turn off your shields).

FWIW, I use Vip[re (payware) as shield, Malware Bytes, Spyware
Terminator, and S&D Spybot, plus a couple of anti-rootkit applets, etc.
I don't think I'm excessively paranoid, though. ;-)

HTH

--
Best,
Wolf K.
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Is Javascript safe?

LnrB-3
Was Greywolf wrote:

> On 2013-08-22 9:00 AM, [hidden email] wrote:
> > Now that the developers have basically said Javascript should be left
> > on and users shouldn't fiddle with it does that mean it is safe to run
> > Javascript under Firefox and Firefox will prevent anything nasty from
> > happening?
>
> Yes and no. All browsers now include first-line defences against evil
> stuff (see other posts for tech details), but you need a good shield
> too, plus assorted anti-evil programs to scan your system at fairly
> regular intervals (during which you'll have to disconnect, as you'll
> have to turn off your shields).
>
> FWIW, I use Vip[re (payware) as shield, Malware Bytes, Spyware
> Terminator, and S&D Spybot, plus a couple of anti-rootkit applets, etc.
> I don't think I'm excessively paranoid, though. ;-)
>
> HTH


Define "excessively paranoid."
Isn't Paranoia itself an excessive and irrational fear bordering on
delusions of persecution and conspiracy?

"Excessively paranoid" seems to be redundant, not to mention
repetitive.  >:D
(';')
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Is Javascript safe?

RAV-2
On 8/22/2013 11:57 AM, LnrB wrote:

> Was Greywolf wrote:
>> On 2013-08-22 9:00 AM, [hidden email] wrote:
>> > Now that the developers have basically said Javascript should be left
>> > on and users shouldn't fiddle with it does that mean it is safe to run
>> > Javascript under Firefox and Firefox will prevent anything nasty from
>> > happening?
>>
>> Yes and no. All browsers now include first-line defences against evil
>> stuff (see other posts for tech details), but you need a good shield
>> too, plus assorted anti-evil programs to scan your system at fairly
>> regular intervals (during which you'll have to disconnect, as you'll
>> have to turn off your shields).
>>
>> FWIW, I use Vip[re (payware) as shield, Malware Bytes, Spyware
>> Terminator, and S&D Spybot, plus a couple of anti-rootkit applets, etc.
>> I don't think I'm excessively paranoid, though. ;-)
>>
>> HTH
>
>
> Define "excessively paranoid."
> Isn't Paranoia itself an excessive and irrational fear bordering on
> delusions of persecution and conspiracy?
>
> "Excessively paranoid" seems to be redundant, not to mention
> repetitive.  >:D
> (';')

"... stay calm, [your] welfare and insecurity will be assured by the
Department of Redundancy Department." -- Firesign Theatre, from Don't
Crush That Dwarf, Hand Me The Pliers.  ;-)
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Is Javascript safe?

LnrB-3
Rav wrote:

> On 8/22/2013 11:57 AM, LnrB wrote:
> > Was Greywolf wrote:
> >> On 2013-08-22 9:00 AM, [hidden email] wrote:
> >> > Now that the developers have basically said Javascript should be left
> >> > on and users shouldn't fiddle with it does that mean it is safe to run
> >> > Javascript under Firefox and Firefox will prevent anything nasty from
> >> > happening?
> >>
> >> Yes and no. All browsers now include first-line defences against evil
> >> stuff (see other posts for tech details), but you need a good shield
> >> too, plus assorted anti-evil programs to scan your system at fairly
> >> regular intervals (during which you'll have to disconnect, as you'll
> >> have to turn off your shields).
> >>
> >> FWIW, I use Vip[re (payware) as shield, Malware Bytes, Spyware
> >> Terminator, and S&D Spybot, plus a couple of anti-rootkit applets, etc.
> >> I don't think I'm excessively paranoid, though. ;-)
> >>
> >> HTH
> >
> >
> > Define "excessively paranoid."
> > Isn't Paranoia itself an excessive and irrational fear bordering on
> > delusions of persecution and conspiracy?
> >
> > "Excessively paranoid" seems to be redundant, not to mention
> > repetitive.  >:D
> > (';')
>
> "... stay calm, [your] welfare and insecurity will be assured by the
> Department of Redundancy Department." -- Firesign Theatre, from Don't
> Crush That Dwarf, Hand Me The Pliers.  ;-)


ROTFL
(';')
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Is Javascript safe?

Sailfish-4
In reply to this post by al-2
My bloviated meandering follows what [hidden email] graced us with on
8/22/2013 6:00 AM:
> Now that the developers have basically said Javascript should be left
> on and users shouldn't fiddle with it does that mean it is safe to run
> Javascript under Firefox and Firefox will prevent anything nasty from
> happening?
>
The response I can give with any legitimate interpretive programming
language is that it's safe until proven otherwise.

--
Sailfish
Rare Mozilla Stuff: http://tinyurl.com/lcey2ex
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Is Javascript safe?

Sailfish-4
In reply to this post by LnrB-3
My bloviated meandering follows what LnrB graced us with on 8/22/2013
8:57 AM:

[snip /]
>
> Define "excessively paranoid."
> Isn't Paranoia itself an excessive and irrational fear bordering on
> delusions of persecution and conspiracy?
>
> "Excessively paranoid" seems to be redundant, not to mention
> repetitive.  >:D
> (';')

Among us paranoids, we recognize degrees :-)

--
Sailfish
Rare Mozilla Stuff: http://tinyurl.com/lcey2ex
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Is Javascript safe?

Ron Hunter
In reply to this post by al-2
On 8/22/2013 8:00 AM, [hidden email] wrote:
> Now that the developers have basically said Javascript should be left
> on and users shouldn't fiddle with it does that mean it is safe to run
> Javascript under Firefox and Firefox will prevent anything nasty from
> happening?
>
>
Oh, sure!  They can now move my windows, shrink them, or open 200 of
them...  Sigh.

_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Is Javascript safe?

Ron Hunter
In reply to this post by WaltS-2
On 8/22/2013 8:08 AM, WaltS wrote:

> On 08/22/2013 09:00 AM, [hidden email] wrote:
>> Now that the developers have basically said Javascript should be left
>> on and users shouldn't fiddle with it does that mean it is safe to run
>> Javascript under Firefox and Firefox will prevent anything nasty from
>> happening?
>>
>>
>
>
> In my opinion with the new Mixed Content Blocking feature the answer is
> yes.
>
> Old blog post, but the feature is in Firefox 23.0.1.
>
> <https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-firefox-aurora/>
>
I don't see what that has to do with Javascript.  I have never seen the
messages presented by that link, either.

_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Is Javascript safe?

Ron Hunter
In reply to this post by al-2
On 8/22/2013 8:29 AM, [hidden email] wrote:

> On Thu, 22 Aug 2013 09:08:37 -0400, WaltS <[hidden email]>
> wrote:
>
>> On 08/22/2013 09:00 AM, [hidden email] wrote:
>>> Now that the developers have basically said Javascript should be left
>>> on and users shouldn't fiddle with it does that mean it is safe to run
>>> Javascript under Firefox and Firefox will prevent anything nasty from
>>> happening?
>>>
>>>
>>
>>
>> In my opinion with the new Mixed Content Blocking feature the answer is yes.
>>
>> Old blog post, but the feature is in Firefox 23.0.1.
>>
>> <https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-firefox-aurora/>
>
> So a dodgy/hacked site can't run some Javascript that will put some
> malware on my computer?
>
>
I don't know, but you sure don't have any control other than turning it
off, or on now.

_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Is Javascript safe?

Ron Hunter
In reply to this post by WaltS-2
On 8/22/2013 8:38 AM, WaltS wrote:

> On 08/22/2013 09:29 AM, [hidden email] wrote:
>> On Thu, 22 Aug 2013 09:08:37 -0400, WaltS <[hidden email]>
>> wrote:
>>
>>> On 08/22/2013 09:00 AM, [hidden email] wrote:
>>>> Now that the developers have basically said Javascript should be left
>>>> on and users shouldn't fiddle with it does that mean it is safe to run
>>>> Javascript under Firefox and Firefox will prevent anything nasty from
>>>> happening?
>>>>
>>>>
>>>
>>>
>>> In my opinion with the new Mixed Content Blocking feature the answer
>>> is yes.
>>>
>>> Old blog post, but the feature is in Firefox 23.0.1.
>>>
>>> <https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-firefox-aurora/>
>>>
>>
>> So a dodgy/hacked site can't run some Javascript that will put some
>> malware on my computer?
>>
>>
>
>
> You can always restore the ability to allow JavaScript with an extension.
>
> NoScript is one, or you can pick one of you choosing.
>
> <https://addons.mozilla.org/en-US/firefox/search/?q=Script>
As I understand it, NoScript just turns it on, or off, per site.  No
control of windows, moving windows, resizing windows as the old dialog
box allowed.

_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Is Javascript safe?

Sailfish-4
In reply to this post by Ron Hunter
My bloviated meandering follows what Ron Hunter graced us with on
8/22/2013 11:03 AM:
> On 8/22/2013 8:00 AM, [hidden email] wrote:
>> Now that the developers have basically said Javascript should be left
>> on and users shouldn't fiddle with it does that mean it is safe to run
>> Javascript under Firefox and Firefox will prevent anything nasty from
>> happening?
>>
> Oh, sure!  They can now move my windows, shrink them, or open 200 of
> them...  Sigh.
>
Since disabling Javascript has to effect of corrupting the readability
of most new HTML5 sites, it's becoming more problematic to do that.

--
Sailfish
Rare Mozilla Stuff: http://tinyurl.com/lcey2ex
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Is Javascript safe?

Ron Hunter
In reply to this post by LnrB-3
On 8/22/2013 10:57 AM, LnrB wrote:

> Was Greywolf wrote:
>> On 2013-08-22 9:00 AM, [hidden email] wrote:
>> > Now that the developers have basically said Javascript should be left
>> > on and users shouldn't fiddle with it does that mean it is safe to run
>> > Javascript under Firefox and Firefox will prevent anything nasty from
>> > happening?
>>
>> Yes and no. All browsers now include first-line defences against evil
>> stuff (see other posts for tech details), but you need a good shield
>> too, plus assorted anti-evil programs to scan your system at fairly
>> regular intervals (during which you'll have to disconnect, as you'll
>> have to turn off your shields).
>>
>> FWIW, I use Vip[re (payware) as shield, Malware Bytes, Spyware
>> Terminator, and S&D Spybot, plus a couple of anti-rootkit applets, etc.
>> I don't think I'm excessively paranoid, though. ;-)
>>
>> HTH
>
>
> Define "excessively paranoid."
> Isn't Paranoia itself an excessive and irrational fear bordering on
> delusions of persecution and conspiracy?
>
> "Excessively paranoid" seems to be redundant, not to mention
> repetitive.  >:D
> (';')
So, what do you mean by that?  GRIN.

_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Is Javascript safe?

s|b-2
In reply to this post by al-2
On Thu, 22 Aug 2013 13:00:11 GMT, [hidden email] wrote:

> Now that the developers have basically said Javascript should be left
> on and users shouldn't fiddle with it does that mean it is safe to run
> Javascript under Firefox and Firefox will prevent anything nasty from
> happening?

You could always install NoScript...

--
s|b
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Is Javascript safe?

al-2
In reply to this post by WaltS-2
On Thu, 22 Aug 2013 09:38:14 -0400, WaltS <[hidden email]>
wrote:

>On 08/22/2013 09:29 AM, [hidden email] wrote:
>> On Thu, 22 Aug 2013 09:08:37 -0400, WaltS <[hidden email]>
>> wrote:
>>
>>> On 08/22/2013 09:00 AM, [hidden email] wrote:
>>>> Now that the developers have basically said Javascript should be left
>>>> on and users shouldn't fiddle with it does that mean it is safe to run
>>>> Javascript under Firefox and Firefox will prevent anything nasty from
>>>> happening?
>>>>
>>>>
>>>
>>>
>>> In my opinion with the new Mixed Content Blocking feature the answer is yes.
>>>
>>> Old blog post, but the feature is in Firefox 23.0.1.
>>>
>>> <https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-firefox-aurora/>
>>
>> So a dodgy/hacked site can't run some Javascript that will put some
>> malware on my computer?
>>
>>
>
>
>You can always restore the ability to allow JavaScript with an extension.
>
>NoScript is one, or you can pick one of you choosing.
>
><https://addons.mozilla.org/en-US/firefox/search/?q=Script>

I've got NoScript.  Most of the time I don't know what I'm doing.
Commonly I go to a site and there are 10 sites requesting scripts to
be run.  I allow those and another 5 crop up.  Sometimes if too many
crop up I just don't use that site.  I don't believe developers of
websites have control of the sub-sites they use.  Wasn't
ajax.googleapis.com hacked once?  

But my point is, if the expert developers at Mozilla have basically
said "run Javascript", have they made Firefox safe so that I can.  

If the answer is "no - run NoScript" then they surely should build
NoScript functionality into Firefox.  

I still am not clear on what Javascript can do without my knowledge
that could be damaging and how Firefox now prevents it when presumably
it didn't.  

_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Is Javascript safe?

David E. Ross-3
In reply to this post by Ron Hunter
On 8/22/13 11:11 AM, Ron Hunter wrote:

> On 8/22/2013 8:38 AM, WaltS wrote:
>> On 08/22/2013 09:29 AM, [hidden email] wrote:
>>> On Thu, 22 Aug 2013 09:08:37 -0400, WaltS <[hidden email]>
>>> wrote:
>>>
>>>> On 08/22/2013 09:00 AM, [hidden email] wrote:
>>>>> Now that the developers have basically said Javascript should be left
>>>>> on and users shouldn't fiddle with it does that mean it is safe to run
>>>>> Javascript under Firefox and Firefox will prevent anything nasty from
>>>>> happening?
>>>>>
>>>>>
>>>>
>>>>
>>>> In my opinion with the new Mixed Content Blocking feature the answer
>>>> is yes.
>>>>
>>>> Old blog post, but the feature is in Firefox 23.0.1.
>>>>
>>>> <https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-firefox-aurora/>
>>>>
>>>
>>> So a dodgy/hacked site can't run some Javascript that will put some
>>> malware on my computer?
>>>
>>>
>>
>>
>> You can always restore the ability to allow JavaScript with an extension.
>>
>> NoScript is one, or you can pick one of you choosing.
>>
>> <https://addons.mozilla.org/en-US/firefox/search/?q=Script>
> As I understand it, NoScript just turns it on, or off, per site.  No
> control of windows, moving windows, resizing windows as the old dialog
> box allowed.
>

If you want that control, switch to SeaMonkey.


--
David E. Ross
<http://www.rossde.com/>

Concerned about someone (e.g., the government)
snooping into your E-mail?  Use PGP.
See my <http://www.rossde.com/PGP/>
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
Reply | Threaded
Open this post in threaded view
|

Re: Is Javascript safe?

Trane Francks
In reply to this post by Sailfish-4
On 8/23/13 3:12 AM +0900, Sailfish wrote:

> My bloviated meandering follows what Ron Hunter graced us with on
> 8/22/2013 11:03 AM:
>> On 8/22/2013 8:00 AM, [hidden email] wrote:
>>> Now that the developers have basically said Javascript should be left
>>> on and users shouldn't fiddle with it does that mean it is safe to run
>>> Javascript under Firefox and Firefox will prevent anything nasty from
>>> happening?
>>>
>> Oh, sure!  They can now move my windows, shrink them, or open 200 of
>> them...  Sigh.
>>
> Since disabling Javascript has to effect of corrupting the readability
> of most new HTML5 sites, it's becoming more problematic to do that.
>
I'd argue that it's even more problematic to enable sites to potentially
open hundreds of windows. Granularity of settings is a good thing, IMO.

--
/////////////////////////////////////////////////////////
// Trane Francks    [hidden email]    Tokyo, Japan
// Practice random kindness and senseless acts of beauty.
_______________________________________________
general mailing list
[hidden email]
https://lists.mozilla.org/listinfo/general
123