JavaScript insecurities

Not surprising I say. Javascript vulnerabilities have been around for quite some time.

 

I have java and Javascript disabled when I use Tor, otherwise Firefox broadcasts my correct IP not the one Tor assigns.

 

Using javascript is dangerous, because simply put, it is like an exe file, which will browser download into PC, it will run it without asking and it can do almost anything (proved in topic). The user rely on Anti-Soft, that thanks to its heuristic or signatures, it will recognize, if there is a malicious code. Anti-Soft is good as a layer defense, but JS should be disabled by default.

 

Besides the security aspect, javascript has another serious drawback, it slows down webpage loading a lot. It´s really ridiculous how long it takes for some pages to load. Of course I´m not saying that javascript shouldn´t be used at all, because it can be handy sometimes, but I think website designers should seriously limit their script usage.

 

More javascript trouble in the following article, and interesting to note, not only websites should be audited to prevent this stuff, but browsers (or perhaps anti-malware tools?) should also come up with new protection methods to protect against this stuff.

http://www.securityfocus.com/news/11405

 

I run NOSCRIPT in FF and feel reasonably happy that this allows me to control my exposure.

Fairy

 

Yeah a tool like NoScript can be handy, however often you will browse to a site that needs scripting enabled, otherwise it won´t work. So you end up enabling scripting anyway.

But I´m waiting for the new Maxthon v2 browser, in the new version, plugins will work even with scripting disabled. And it will also give you the option to set "Download Control" options (Javascript, ActiveX etc.) per page.

I´ve noticed that a lot of my favorite websites do not need scripting anyway, so I will probably turn it off. It also speeds up browsing quite a lot. But there is always the problem mentioned above and trusted sites (with scripting enabled) sometimes also get hacked.

 

Kind of overstating it I think. Replace activeX with javascript and you are closer.

 

*Hugs noscript extension*