Hacker News new | ask | show | jobs
by gorhill 3976 days ago
> The exploit was simply injected on every news article page through an iframe

Was the "src" of the iframe 3rd-party to the web site? I want to know whether merely blocking 3rd-party iframes would also have prevented the exploit from working even if javascript is not blocked.
1 comments
fukusa 3976 days ago
Yes it was so it would have prevented the exploit from loading.
link
Brybry 3976 days ago
Do you know if NoScript with javascript disabled but iframes allowed and pdfjs enabled would have stopped it?

A vulnerability test would be really nice but I understand why it doesn't exist yet.

link
fukusa 3976 days ago
It would have stopped it. Js has to be active for the exploit script to run.
link