|
|
|
|
|
|
by rtpg
3642 days ago
|
|
|
> the "sandboxing" approach has been exercised for many years now, mostly without success. My impression is that Javascript has basically been the most successful sandbox ever deployed on a large scale. All vulnerabilities I've seen that escape the sandbox are due to things like Flash. Does anybody know of any "JS-only" exploits that have happened? |
|
|
This was used to win a contest: https://securityevaluators.com/knowledge/papers/engineeringh...
Then there's this: http://arstechnica.com/security/2015/08/dram-bitflipping-exp...
And this looks to execute some shellcode (but maybe it doesn't work): http://stackoverflow.com/questions/381171/help-me-understand...
Regardless, the bottom line is clear: if you value security and privacy, you disable JavaScript.