</noscript> Issue

**Ed Jay** · Jan 25 '08, 08:05 PM

Re: </noscript> Issue

aoksite1@gmail. com scribed:

>On Jan 25, 1:53 pm, Ed Jay <ed...@aes-intl.comwrote:

>aoksi...@gmail .com scribed:
>>
>>
>>

>On Jan 25, 1:35 pm, "aoksi...@gmail .com" <aoksi...@gmail .comwrote:
>On Jan 25, 1:21 pm, Ed Jay <ed...@aes-intl.comwrote:

>>

aoksi...@gmail. com scribed:

>>

>One significant reason for disabling JavaScript when browsing the
>Internet is that it is a definite security hazard to the user if they
>have JavaScript enabled. There is a lot of malicious code on web
>sites that uses JavaScript to infect the user's computer with
>malicious code.

>>

Please elaborate by providing an example of how js can be used to compromise
a user's computer with malicious code.
--
Ed Jay (remove 'M' to respond by email)

>>

>You have to be kidding. If you need examples, visithttp://groups.google.c om/group/stopbadwareorht tp://www.stopbadware .or....

>>

>Daniel

>>

>>http://a-ok-site.com

>>

>Sorry, I really thought you were kidding. But your post to the other
>grouphttp://groups.google.c om/group/comp.lang.javas cript/topicsshows
>you weren't. Take some time and check out the stopbadware group it
>has a lot of great info.

>>
>You have good eyes, but my post to the js group is intended to start a
>discussion, not to answer the base question. As I said in my query there, I
>believe your statement to be false, i.e., js cannot be used to infect a
>user's machine without the user's express permission.
>>
>I checked the stopbadware group. They're not talking about js being used to
>infect a user's machine. They're talking about js being injected into
>existing sites (hacking). They talk about badware on a user's machine, but
>that badware has to be downloaded and executed, e.g., an attachment, exe
>file, or packaged clandestinely with another application.
>>
>AFAIK, your statement is an artifact from years past when it was incorrectly
>propagated that js was a security risk. It isn't (afaik).
>--
>Ed Jay (remove 'M' to respond by email)

>
>It seems funny to me that Google is flagging the web sites as
>containing malicious code and that they may cause harm to your
>computer.
>

Citation please, because that's not what they are saying.
--
Ed Jay (remove 'M' to respond by email)

**aoksite1@gmail.com** · Jan 25 '08, 08:25 PM

Re: </noscript> Issue

On Jan 25, 2:04 pm, Ed Jay <ed...@aes-intl.comwrote:

aoksi...@gmail. com scribed:
>
>
>

On Jan 25, 1:53 pm, Ed Jay <ed...@aes-intl.comwrote:

aoksi...@gmail. com scribed:

>

On Jan 25, 1:35 pm, "aoksi...@gmail .com" <aoksi...@gmail .comwrote:
On Jan 25, 1:21 pm, Ed Jay <ed...@aes-intl.comwrote:

>

aoksi...@gmail. com scribed:

>

>One significant reason for disabling JavaScript when browsing the
>Internet is that it is a definite security hazard to the user if they
>have JavaScript enabled. There is a lot of malicious code on web
>sites that uses JavaScript to infect the user's computer with
>malicious code.

>

Please elaborate by providing an example of how js can be used to compromise
a user's computer with malicious code.
--
Ed Jay (remove 'M' to respond by email)

>

You have to be kidding. If you need examples, visithttp://groups.google.c om/group/stopbadwareorht tp://www.stopbadware .or....

>

Daniel

>

>http://a-ok-site.com

>

Sorry, I really thought you were kidding. But your post to the other
grouphttp://groups.google.c om/group/comp.lang.javas cript/topicsshows
you weren't. Take some time and check out the stopbadware group it
has a lot of great info.

>

You have good eyes, but my post to the js group is intended to start a
discussion, not to answer the base question. As I said in my query there, I
believe your statement to be false, i.e., js cannot be used to infect a
user's machine without the user's express permission.

>

I checked the stopbadware group. They're not talking about js being used to
infect a user's machine. They're talking about js being injected into
existing sites (hacking). They talk about badware on a user's machine, but
that badware has to be downloaded and executed, e.g., an attachment, exe
file, or packaged clandestinely with another application.

>

AFAIK, your statement is an artifact from years past when it was incorrectly
propagated that js was a security risk. It isn't (afaik).
--
Ed Jay (remove 'M' to respond by email)

>

It seems funny to me that Google is flagging the web sites as
containing malicious code and that they may cause harm to your
computer.

>
Citation please, because that's not what they are saying.
--
Ed Jay (remove 'M' to respond by email)

For the people who accept new info here is one link to a direct
infection caused by JavaScript http://groups.google.com/group/stopb...4187b832224f51
there are many more.

Daniel

http://a-ok-site.com

**aoksite1@gmail.com** · Jan 25 '08, 09:15 PM

Re: </noscript> Issue

On Jan 25, 2:22 pm, "aoksi...@gmail .com" <aoksi...@gmail .comwrote:

On Jan 25, 2:04 pm, Ed Jay <ed...@aes-intl.comwrote:
>
>
>

aoksi...@gmail. com scribed:

>

>On Jan 25, 1:53 pm, Ed Jay <ed...@aes-intl.comwrote:
>aoksi...@gmail .com scribed:

>

>On Jan 25, 1:35 pm, "aoksi...@gmail .com" <aoksi...@gmail .comwrote:
>On Jan 25, 1:21 pm, Ed Jay <ed...@aes-intl.comwrote:

>

aoksi...@gmail. com scribed:

>

>One significant reason for disabling JavaScript when browsing the
>Internet is that it is a definite security hazard to the user if they
>have JavaScript enabled. There is a lot of malicious code on web
>sites that uses JavaScript to infect the user's computer with
>malicious code.

>

Please elaborate by providing an example of how js can be used to compromise
a user's computer with malicious code.
--
Ed Jay (remove 'M' to respond by email)

>

>You have to be kidding. If you need examples, visithttp://groups.google.c om/group/stopbadwareorht tp://www.stopbadware .or....

>

>Daniel

>

>>http://a-ok-site.com

>

>Sorry, I really thought you were kidding. But your post to the other
>grouphttp://groups.google.c om/group/comp.lang.javas cript/topicsshows
>you weren't. Take some time and check out the stopbadware group it
>has a lot of great info.

>

>You have good eyes, but my post to the js group is intended to start a
>discussion, not to answer the base question. As I said in my query there, I
>believe your statement to be false, i.e., js cannot be used to infect a
>user's machine without the user's express permission.

>

>I checked the stopbadware group. They're not talking about js being used to
>infect a user's machine. They're talking about js being injected into
>existing sites (hacking). They talk about badware on a user's machine, but
>that badware has to be downloaded and executed, e.g., an attachment, exe
>file, or packaged clandestinely with another application.

>

>AFAIK, your statement is an artifact from years past when it was incorrectly
>propagated that js was a security risk. It isn't (afaik).
>--
>Ed Jay (remove 'M' to respond by email)

>

>It seems funny to me that Google is flagging the web sites as
>containing malicious code and that they may cause harm to your
>computer.

>

Citation please, because that's not what they are saying.
--
Ed Jay (remove 'M' to respond by email)

>
For the people who accept new info here is one link to a direct
infection caused by JavaScripthttp://groups.google.c om/group/stopbadware/browse_thread/thread/5d418...
there are many more.
>
Daniel
>
http://a-ok-site.com

And another from a different source

Threat Encyclopedia | Trend Micro (US)

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS%5FIESLICE%2EAQ&VSect=P

Latest information on malware and vulnerabilities from Trend Micro.

Daniel

http://a-ok-site.com

**Ed Jay** · Jan 25 '08, 09:15 PM

Re: </noscript> Issue

aoksite1@gmail. com scribed:

>On Jan 25, 2:04 pm, Ed Jay <ed...@aes-intl.comwrote:

>aoksi...@gmail .com scribed:
>>
>>
>>

>On Jan 25, 1:53 pm, Ed Jay <ed...@aes-intl.comwrote:
>aoksi...@gmail .com scribed:

>>

>On Jan 25, 1:35 pm, "aoksi...@gmail .com" <aoksi...@gmail .comwrote:
>On Jan 25, 1:21 pm, Ed Jay <ed...@aes-intl.comwrote:

>>

aoksi...@gmail. com scribed:

>>

>One significant reason for disabling JavaScript when browsing the
>Internet is that it is a definite security hazard to the user if they
>have JavaScript enabled. There is a lot of malicious code on web
>sites that uses JavaScript to infect the user's computer with
>malicious code.

>>

Please elaborate by providing an example of how js can be used to compromise
a user's computer with malicious code.
--
Ed Jay (remove 'M' to respond by email)

>>

>You have to be kidding. If you need examples, visithttp://groups.google.c om/group/stopbadwareorht tp://www.stopbadware .or....

>>

>Daniel

>>

>>http://a-ok-site.com

>>

>Sorry, I really thought you were kidding. But your post to the other
>grouphttp://groups.google.c om/group/comp.lang.javas cript/topicsshows
>you weren't. Take some time and check out the stopbadware group it
>has a lot of great info.

>>

>You have good eyes, but my post to the js group is intended to start a
>discussion, not to answer the base question. As I said in my query there, I
>believe your statement to be false, i.e., js cannot be used to infect a
>user's machine without the user's express permission.

>>

>I checked the stopbadware group. They're not talking about js being used to
>infect a user's machine. They're talking about js being injected into
>existing sites (hacking). They talk about badware on a user's machine, but
>that badware has to be downloaded and executed, e.g., an attachment, exe
>file, or packaged clandestinely with another application.

>>

>AFAIK, your statement is an artifact from years past when it was incorrectly
>propagated that js was a security risk. It isn't (afaik).
>--
>Ed Jay (remove 'M' to respond by email)

>>

>It seems funny to me that Google is flagging the web sites as
>containing malicious code and that they may cause harm to your
>computer.

>>
>Citation please, because that's not what they are saying.
>--
>Ed Jay (remove 'M' to respond by email)

>
>For the people who accept new info here is one link to a direct
>infection caused by JavaScript http://groups.google.com/group/stopb...4187b832224f51
>there are many more.
>

New info? LMAO! The thread is about an infected WEB SITE, not a User's
computer!!! :-))

This 'debate' is exactly why things that should not need to be debated
anymore continue to be debated. Because no matter how many facts you place
in front of someone, no matter how many beliefs are proven to be
nonsensical, they remain intractable and hold on to their false memes...and
add to them. When they are trapped by the facts, they refuse to admit they
were mistaken, and instead resort to ad hominem attacks.
--
Ed Jay (remove 'M' to respond by email)

**aoksite1@gmail.com** · Jan 25 '08, 09:35 PM

Re: </noscript> Issue

On Jan 25, 3:11 pm, Ed Jay <ed...@aes-intl.comwrote:

aoksi...@gmail. com scribed:
>
>
>

On Jan 25, 2:04 pm, Ed Jay <ed...@aes-intl.comwrote:

aoksi...@gmail. com scribed:

>

On Jan 25, 1:53 pm, Ed Jay <ed...@aes-intl.comwrote:
aoksi...@gmail. com scribed:

>

On Jan 25, 1:35 pm, "aoksi...@gmail .com" <aoksi...@gmail .comwrote:
On Jan 25, 1:21 pm, Ed Jay <ed...@aes-intl.comwrote:

>

aoksi...@gmail. com scribed:

>

>One significant reason for disabling JavaScript when browsing the
>Internet is that it is a definite security hazard to the user if they
>have JavaScript enabled. There is a lot of malicious code on web
>sites that uses JavaScript to infect the user's computer with
>malicious code.

>

Please elaborate by providing an example of how js can be used to compromise
a user's computer with malicious code.
--
Ed Jay (remove 'M' to respond by email)

>

You have to be kidding. If you need examples, visithttp://groups.google.c om/group/stopbadwareorht tp://www.stopbadware .or....

>

Daniel

>

>http://a-ok-site.com

>

Sorry, I really thought you were kidding. But your post to the other
grouphttp://groups.google.c om/group/comp.lang.javas cript/topicsshows
you weren't. Take some time and check out the stopbadware group it
has a lot of great info.

>

You have good eyes, but my post to the js group is intended to start a
discussion, not to answer the base question. As I said in my query there, I
believe your statement to be false, i.e., js cannot be used to infect a
user's machine without the user's express permission.

>

I checked the stopbadware group. They're not talking about js being used to
infect a user's machine. They're talking about js being injected into
existing sites (hacking). They talk about badware on a user's machine, but
that badware has to be downloaded and executed, e.g., an attachment, exe
file, or packaged clandestinely with another application.

>

AFAIK, your statement is an artifact from years past when it was incorrectly
propagated that js was a security risk. It isn't (afaik).
--
Ed Jay (remove 'M' to respond by email)

>

It seems funny to me that Google is flagging the web sites as
containing malicious code and that they may cause harm to your
computer.

>

Citation please, because that's not what they are saying.
--
Ed Jay (remove 'M' to respond by email)

>

For the people who accept new info here is one link to a direct
infection caused by JavaScripthttp://groups.google.c om/group/stopbadware/browse_thread/thread/5d418...
there are many more.

>
New info? LMAO! The thread is about an infected WEB SITE, not a User's
computer!!! :-))
>
This 'debate' is exactly why things that should not need to be debated
anymore continue to be debated. Because no matter how many facts you place
in front of someone, no matter how many beliefs are proven to be
nonsensical, they remain intractable and hold on to their false memes...and
add to them. When they are trapped by the facts, they refuse to admit they
were mistaken, and instead resort to ad hominem attacks.
--
Ed Jay (remove 'M' to respond by email)

You really are an idiot if you think that it is not affecting the
user's computer. There is one person mistaken here and it is you.

Daniel

**Ed Jay** · Jan 25 '08, 09:45 PM

Re: </noscript> Issue

aoksite1@gmail. com scribed:

>On Jan 25, 3:11 pm, Ed Jay <ed...@aes-intl.comwrote:

>aoksi...@gmail .com scribed:
>>
>>
>>

>On Jan 25, 2:04 pm, Ed Jay <ed...@aes-intl.comwrote:
>aoksi...@gmail .com scribed:

>>

>On Jan 25, 1:53 pm, Ed Jay <ed...@aes-intl.comwrote:
>aoksi...@gmail .com scribed:

>>

>On Jan 25, 1:35 pm, "aoksi...@gmail .com" <aoksi...@gmail .comwrote:
>On Jan 25, 1:21 pm, Ed Jay <ed...@aes-intl.comwrote:

>>

aoksi...@gmail. com scribed:

>>

>One significant reason for disabling JavaScript when browsing the
>Internet is that it is a definite security hazard to the user if they
>have JavaScript enabled. There is a lot of malicious code on web
>sites that uses JavaScript to infect the user's computer with
>malicious code.

>>

Please elaborate by providing an example of how js can be used to compromise
a user's computer with malicious code.
--
Ed Jay (remove 'M' to respond by email)

>>

>You have to be kidding. If you need examples, visithttp://groups.google.c om/group/stopbadwareorht tp://www.stopbadware .or....

>>

>Daniel

>>

>>http://a-ok-site.com

>>

>Sorry, I really thought you were kidding. But your post to the other
>grouphttp://groups.google.c om/group/comp.lang.javas cript/topicsshows
>you weren't. Take some time and check out the stopbadware group it
>has a lot of great info.

>>

>You have good eyes, but my post to the js group is intended to start a
>discussion, not to answer the base question. As I said in my query there, I
>believe your statement to be false, i.e., js cannot be used to infect a
>user's machine without the user's express permission.

>>

>I checked the stopbadware group. They're not talking about js being used to
>infect a user's machine. They're talking about js being injected into
>existing sites (hacking). They talk about badware on a user's machine, but
>that badware has to be downloaded and executed, e.g., an attachment, exe
>file, or packaged clandestinely with another application.

>>

>AFAIK, your statement is an artifact from years past when it was incorrectly
>propagated that js was a security risk. It isn't (afaik).
>--
>Ed Jay (remove 'M' to respond by email)

>>

>It seems funny to me that Google is flagging the web sites as
>containing malicious code and that they may cause harm to your
>computer.

>>

>Citation please, because that's not what they are saying.
>--
>Ed Jay (remove 'M' to respond by email)

>>

>For the people who accept new info here is one link to a direct
>infection caused by JavaScripthttp://groups.google.c om/group/stopbadware/browse_thread/thread/5d418...
>there are many more.

>>
>New info? LMAO! The thread is about an infected WEB SITE, not a User's
>computer!!! :-))
>>
>This 'debate' is exactly why things that should not need to be debated
>anymore continue to be debated. Because no matter how many facts you place
>in front of someone, no matter how many beliefs are proven to be
>nonsensical, they remain intractable and hold on to their false memes...and
>add to them. When they are trapped by the facts, they refuse to admit they
>were mistaken, and instead resort to ad hominem attacks.
>>

>You really are an idiot

Thank you for illustrating my point.

if you think that it is not affecting the
>user's computer. There is one person mistaken here and it is you.
>

Yawn. My last post in response to your inability to comprehend what you are
reading.
--
Ed Jay (remove 'M' to respond by email)

**Beauregard T. Shagnasty** · Jan 25 '08, 10:05 PM

Re: </noscript> Issue

Ed Jay wrote:

aoksite1@gmail. com scribed:
>

>Ed Jay <ed...@aes-intl.comwrote:

>>aoksi...@gmai l.com scribed:

>>
>For the people who accept new info here is one link to a direct
>infection caused by JavaScript
>http://groups.google.com/group/stopb...4187b832224f51
>there are many more.
>>

New info? LMAO! The thread is about an infected WEB SITE, not a User's
computer!!! :-))

I just read the stopbadware thread listed above, and it sure looks to me
as if it is about the hacking of web sites - *which in turn* - infect
the computers of visitors with inferior browsers and JavaScript enabled.

--
-bts
-No, I haven't been following this entire </noscriptthread

**aoksite1@gmail.com** · Jan 25 '08, 10:05 PM

Re: </noscript> Issue

On Jan 25, 3:57 pm, "Beauregard T. Shagnasty"
<a.nony.m...@ex ample.invalidwr ote:

Ed Jay wrote:

aoksi...@gmail. com scribed:

>

Ed Jay <ed...@aes-intl.comwrote:
>aoksi...@gmail .com scribed:

>

For the people who accept new info here is one link to a direct
infection caused by JavaScript
>http://groups.google.com/group/stopb...d/thread/5d418...
there are many more.

>

New info? LMAO! The thread is about an infected WEB SITE, not a User's
computer!!! :-))

>
I just read the stopbadware thread listed above, and it sure looks to me
as if it is about the hacking of web sites - *which in turn* - infect
the computers of visitors with inferior browsers and JavaScript enabled.
>
--
-bts
-No, I haven't been following this entire </noscriptthread

Thank you.

Daniel

VK · Jan 26 '08, 05:15 PM

Re: </noscript> Issue

On Jan 25, 6:41 pm, "aoksi...@gmail .com" <aoksi...@gmail .comwrote:

The previous posts are ridiculous and made by people that have little
or knowledge of valid coding of web pages, so the OP needs to
disregard their posts and follow accepted procedures.

Kindly asking to keep you mouth shut until there is something wise to
say.

L. 508 Standards, Section 1194.22

Before quoting any law it is wide to check what kind of law is that
and to what domain does it apply. I already explained in this NG the
508 hoax several times, but maybe it is time to do once again:

"Section 508 requires that Federal agencies' electronic and
information technology is accessible to people with disabilities. IT
Accessibility & Workforce Division, in the U.S. General Services
Administration' s Office of Governmentwide Policy, has been charged
with the task of educating Federal employees and building the
infrastructure necessary to support Section 508 implementation. Using
this web site, Federal employees and the public can access resources
for understanding and implementing the requirements of Section 508."
(http://www.section508.gov)

Can you see any difference between a federal US facility and a dotcom
site? I guess not.

**aoksite1@gmail.com** · Jan 26 '08, 07:15 PM

Re: </noscript> Issue

On Jan 26, 11:10 am, VK <schools_r...@y ahoo.comwrote:

On Jan 25, 6:41 pm, "aoksi...@gmail .com" <aoksi...@gmail .comwrote:
>

The previous posts are ridiculous and made by people that have little
or knowledge of valid coding of web pages, so the OP needs to
disregard their posts and follow accepted procedures.

>
Kindly asking to keep you mouth shut until there is something wise to
say.
>

L. 508 Standards, Section 1194.22

>
Before quoting any law it is wide to check what kind of law is that
and to what domain does it apply. I already explained in this NG the
508 hoax several times, but maybe it is time to do once again:
>
"Section 508 requires that Federal agencies' electronic and
information technology is accessible to people with disabilities. IT
Accessibility & Workforce Division, in the U.S. General Services
Administration' s Office of Governmentwide Policy, has been charged
with the task of educating Federal employees and building the
infrastructure necessary to support Section 508 implementation. Using
this web site, Federal employees and the public can access resources
for understanding and implementing the requirements of Section 508."
(http://www.section508.gov)
>
Can you see any difference between a federal US facility and a dotcom
site? I guess not.

Kindly BM

Daniel

**owo.dod@gmail.com** · Jan 29 '08, 02:45 AM

Re: </noscript> Issue

On Jan 25, 12:33 pm, Andy Dingley <ding...@codesm iths.comwrote:

On 25 Jan, 15:47, "aoksi...@gmail .com" <aoksi...@gmail .comwrote:
>

More info on 508 standards

>

http://www.access-board.gov/sec508/guide/1194.22.htm

>
A site which uses client-side JS to display a "disclaimer "!http://www.access-board.gov/js/disclaimer.js
>
Noow _that's_ real genius!

The real genius would be to figure how the hell somebody as stupid as
you makes it in the world.

**Nisse =?utf-8?Q?Engstr=C3=B6m?=** · Jan 29 '08, 12:45 PM

Re: </noscript> Issue

On Fri, 25 Jan 2008 11:21:12 -0800, Ed Jay wrote:

aoksite1@gmail. com scribed:
>

>>One significant reason for disabling JavaScript when browsing the
>>Internet is that it is a definite security hazard to the user if they
>>have JavaScript enabled. There is a lot of malicious code on web
>>sites that uses JavaScript to infect the user's computer with
>>malicious code.
>>

Please elaborate by providing an example of how js can be used to compromise
a user's computer with malicious code.

Search for "Javascript " on <http://secunia.com/search/>
and similar sites. Some examples (note the proposed
solution in the first one):

<http://secunia.com/advisories/27427/>:

"Descriptio n:
Sun has acknowledged some vulnerabilities in Mozilla 1.7 for
Sun Solaris, which potentially can be exploited by malicious
people to compromise a user's system.
...
Solution:
The vendor recommends disabling the JavaScript support. Please
see the vendor's advisory for details."

<http://secunia.com/advisories/26477/>:

"Descriptio n:
A vulnerability has been reported in Opera, which potentially
can be exploited by malicious people to compromise a user's
system.

The vulnerability is caused due to an unspecified error when
processing JavaScript code and can result in a virtual function
call using an invalid pointer. This can be exploited to execute
arbitrary code by e.g. tricking a user into visiting a malicious
website."

<http://secunia.com/advisories/26287/>:

"Descriptio n:
Some vulnerabilities have been reported in Apple iPhone, which
can be exploited by malicious people to conduct cross-site
scripting and spoofing attacks, and potentially to compromise
a vulnerable system.
...
2) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library used by the Javascript engine in Safari can be
exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.

Successful exploitation may allow execution of arbitrary code."

/Nisse

**Ed Jay** · Jan 29 '08, 04:15 PM

Re: </noscript> Issue

Nisse Engström scribed:

>On Fri, 25 Jan 2008 11:21:12 -0800, Ed Jay wrote:
>

>aoksite1@gmail. com scribed:
>>

>>>One significant reason for disabling JavaScript when browsing the
>>>Internet is that it is a definite security hazard to the user if they
>>>have JavaScript enabled. There is a lot of malicious code on web
>>>sites that uses JavaScript to infect the user's computer with
>>>malicious code.
>>>

>Please elaborate by providing an example of how js can be used to compromise
>a user's computer with malicious code.

>
>Search for "Javascript " on <http://secunia.com/search/>
>and similar sites. Some examples (note the proposed
>solution in the first one):
>
>
><http://secunia.com/advisories/27427/>:
>
"Descriptio n:
Sun has acknowledged some vulnerabilities in Mozilla 1.7 for
Sun Solaris, which potentially can be exploited by malicious
people to compromise a user's system.
...
Solution:
The vendor recommends disabling the JavaScript support. Please
see the vendor's advisory for details."
>
>
><http://secunia.com/advisories/26477/>:
>
"Descriptio n:
A vulnerability has been reported in Opera, which potentially
can be exploited by malicious people to compromise a user's
system.
>
The vulnerability is caused due to an unspecified error when
processing JavaScript code and can result in a virtual function
call using an invalid pointer. This can be exploited to execute
arbitrary code by e.g. tricking a user into visiting a malicious
website."
>
>
><http://secunia.com/advisories/26287/>:
>
"Descriptio n:
Some vulnerabilities have been reported in Apple iPhone, which
can be exploited by malicious people to conduct cross-site
scripting and spoofing attacks, and potentially to compromise
a vulnerable system.
...
2) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library used by the Javascript engine in Safari can be
exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
>
Successful exploitation may allow execution of arbitrary code."
>

Compromised integrity due to vulnerabilities , i.e., security holes, in
browsers are not the fault of javascript.
--
Ed Jay (remove 'M' to respond by email)

**Chris Morris** · Jan 29 '08, 04:55 PM

Re: </noscript> Issue

Ed Jay <edMbj@aes-intl.comwrites:

Compromised integrity due to vulnerabilities , i.e., security holes, in
browsers are not the fault of javascript.

Compare this to lying on a road in the middle of the night wearing
dark clothing. You might get hit by a car or two, but that means that
cars are dangerous, not the road. Nevertheless, sensible people rarely
lie down on roads.

If you have to disable your browser's Javascript interpreter because
it has security bugs (and the record suggests that the interpreters in
all major browsers are likely to contain significant undiscovered
bugs) that a malicious site might use to take over your computer, then
the fact that the Javascript itself is perfectly safe is irrelevant.

--
Chris

</noscript> Issue

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment