> > Also, firefox has sandboxing on javascript plugins.
Would running Firefox in Firejail help in this case ? On Fri, May 15, 2020 at 6:47 PM stan via users < users@lists.fedoraproject.org> wrote: > On Fri, 15 May 2020 17:32:10 +0530 > Sreyan Chakravarty <sreya...@gmail.com> wrote: > > > On 5/15/20 1:32 AM, stan via users wrote: > > > After posting, I vaguely recalled that there was a javascript > > > implementation of the sample exploit code. > > > > Now this is really scary. > > > > This makes it a potential web attack. I can't obviously live like a > > hermit and visit only sites that have no javascript in it, can I ? > > > > Because the attack is so sophisticated, it depends on very precise > timing. I *think* I read that firefox, at least, changed their > javascript so the timing accuracy was too fuzzy for the attack to work. > This would only have required changing accuracy to millisecond (or > tenths (hundredths?) of millisecond) timing rather than nanosecond > timing. > > Also, firefox has sandboxing on javascript plugins. So, if the > javascript is restricted from sending anything over the web, it would > be impotent because it would have no way of communicating its results. > Plugins also only get access to the components they need to perform > their function, so might not have access to the necessary system calls > to allow the attack. > _______________________________________________ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org > -- Regards, Sreyan Chakravarty
_______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
