Firefox java and java script

I use Foxfire with the scripting extension.  Should I also disable Java and 
Java Script in the tool options?

My concern is this latest report of vulnerabilities in the browser.

Thanks in advance
Take Care
Cel 


0
Cel
10/3/2006 1:08:09 PM
grc.security 16608 articles. 1 followers. Follow

7 Replies
328 Views

Similar Articles

[PageSpeed] 11

On Tue, 3 Oct 2006 09:08:09 -0400, Cel wrote:

>I use Foxfire with the scripting extension.  Should I also disable Java and 
>Java Script in the tool options?

Assuming you mean NoScript, see http://www.noscript.net/faq#qa1_7 and
http://www.noscript.net/faq#qa1_8 and
http://www.noscript.net/faq#qa1_10 .

Personally, I keep Java disabled except for the rare occasions where I
need it.

-- 
js
0
john
10/3/2006 1:12:43 PM
"john .s. smith" <reply_here@local.invalid> wrote in message 
news:pdo4i2d096duhbkmasgce1pi9866sgorgr@4ax.com...
> On Tue, 3 Oct 2006 09:08:09 -0400, Cel wrote:
>
>>I use Foxfire with the scripting extension.  Should I also disable Java 
>>and
>>Java Script in the tool options?
>
> Assuming you mean NoScript, see http://www.noscript.net/faq#qa1_7 and
> http://www.noscript.net/faq#qa1_8 and
> http://www.noscript.net/faq#qa1_10 .
>
> Personally, I keep Java disabled except for the rare occasions where I
> need it.

Yes I meant the noscript extension.  Curious what type of features on a 
website would I have a problem viewing if I disable Java and Java Script?

Thanks
Take Care
Cel 


0
Cel
10/3/2006 1:25:06 PM
Cel wrote:

> "john .s. smith" <reply_here@local.invalid> wrote in message 
> news:pdo4i2d096duhbkmasgce1pi9866sgorgr@4ax.com...
> 
>>On Tue, 3 Oct 2006 09:08:09 -0400, Cel wrote:
>>
>>>I use Foxfire with the scripting extension.  Should I also disable Java 
>>>and Java Script in the tool options?
>>
>>Assuming you mean NoScript, see http://www.noscript.net/faq#qa1_7 and
>>http://www.noscript.net/faq#qa1_8 and
>>http://www.noscript.net/faq#qa1_10 .
>>
>>Personally, I keep Java disabled except for the rare occasions where I
>>need it.
> 
> Yes I meant the noscript extension.  Curious what type of features on a 
> website would I have a problem viewing if I disable Java and Java Script?

Cel,

Virtually none.

---Java and ActiveX---

IMNSHO, you should never, ever allow anyone to run his or her Java or 
ActiveX procedures on your system _unless_ such a party has an 
overwhelming interest in ensuring that nothing untoward happens as a 
result of it. A financial institution would be such a party. In this 
case, there would be serious ramifications if systems around the world 
were compromised as a result of sloppy or malicious Java/ActiveX 
coding. This is not the case for the vast majority of sites 
_requiring_ Java and/or ActiveX. Keep both disabled by default.

---Javascript and cookies---

The two go hand in hand, and in most cases, if one is required so is 
the other. There is this misguided notion that being concerned with 
using either borders on paranoia, but that is true if one is only 
concerned about getting hacked. I, on the other hand, resent it when 
some creep uses my computer for his nefarious purposes. By disabling 
Javascript and cookies, I can mitigate most of this. Ben Edelman is 
making a career out of exposing these idiots.

   (http://www.benedelman.org/)

Keep Javascript and cookies disabled by default, and only use them for 
trusted sites. There _are_ legitimate uses for both. Again, IMNSHO, 
there is nothing paranoid about using such a policy.

And so, some 13 year-old wants me to enable 
Java/ActiveX/Javascript/cookies so that I can watch his really cool 10 
MB flash presentation? I don't think so. If you disable all of these 
capabilities by default, and experience more than an occasional need 
to toggle one, your surfing habits are very different than mine.

Ron :)
0
Ron
10/3/2006 2:16:45 PM
The veracity of that hacker claim is being disputed ....but nonetheless both
should be disabled anyway!

Game ,email sites and some video sites need either one which can easily be
enabled for temporary use!


0
Rick
10/3/2006 2:58:09 PM
Cel writes:

> My concern is this latest report of vulnerabilities in the browser.

If you're referring to the so-called remote code execution vulnerability
that was supposedly disclosed at the ToorCon hacker conference this past
weekend, the very existence of that vulnerability has been debunked by
none other than the person who is being quoted by mainstream media as
having made the claim. That particular vulnerability does not exist. It
never did exist. The only vulnerability that has been demonstrated and
confirmed is a simple Denial of Service exploit - hardly panic material.

The oft-quoted claim of the existence of ~30 undisclosed vulnerabilities
is likewise suspect - the likelihood of their existence ranges somewhere
between questionable and doubtful. The ToorCon presentation has taken on
the air of a humorous skit - a spoof that has duped mainstream media and
the general populace. It will be interesting to note which of the media
outlets own up to having been duped so easily, all based on the say-so
of two hacker wannabes and with no corroborating evidence whatsoever.

<http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/>
aka
<http://makeashorterlink.com/?Y1F1264ED>
0
Dennis
10/3/2006 2:59:24 PM
On Tue, 03 Oct 2006 10:16:45 -0400, Ron Lopshire wrote:

>---Java and ActiveX---
>
>IMNSHO, you should never, ever allow anyone to run his or her Java or 
>ActiveX procedures on your system _unless_ such a party has an 
>overwhelming interest in ensuring that nothing untoward happens as a 
>result of it. A financial institution would be such a party. In this 
>case, there would be serious ramifications if systems around the world 
>were compromised as a result of sloppy or malicious Java/ActiveX 
>coding. This is not the case for the vast majority of sites 
>_requiring_ Java and/or ActiveX. Keep both disabled by default.

Ron, getting a bit off-topic, but, I find it peculiar that
http://en.wikipedia.org/wiki/Activex has neither "security" nor
"criticism" sections whereas all of these Wikipedia entries do:

http://en.wikipedia.org/wiki/Adobe_Flash#Criticisms
http://en.wikipedia.org/wiki/Javascript#Security
http://en.wikipedia.org/wiki/Java_%28programming_language%29#Criticism
http://en.wikipedia.org/wiki/HTTP_cookie#Drawbacks_of_cookies

Fear of MS' lawyers?

Criticism and security sections also absent on
http://en.wikipedia.org/wiki/Ajax_%28programming%29

-- 
js
0
john
10/3/2006 3:25:55 PM
john .s. smith wrote:

> On Tue, 03 Oct 2006 10:16:45 -0400, Ron Lopshire wrote:
> 
>>---Java and ActiveX---
>>
>> (...) 
>> 
>> Keep both disabled by default.
> 
> Ron, getting a bit off-topic, but, I find it peculiar that
> http://en.wikipedia.org/wiki/Activex has neither "security" nor
> "criticism" sections whereas all of these Wikipedia entries do:
> 
> http://en.wikipedia.org/wiki/Adobe_Flash#Criticisms
> http://en.wikipedia.org/wiki/Javascript#Security
> http://en.wikipedia.org/wiki/Java_%28programming_language%29#Criticism
> http://en.wikipedia.org/wiki/HTTP_cookie#Drawbacks_of_cookies
> 
> Fear of MS' lawyers?
> 
> Criticism and security sections also absent on
> http://en.wikipedia.org/wiki/Ajax_%28programming%29

Interesting. Thanks, John.

Ron :)
0
Ron
10/3/2006 3:35:46 PM
Reply:

Similar Artilces:

Security Wish: JAVA/JAVA SCRIPT Switch
I would like to see a switch in FireFox browser to enable/disable JAVA & JAVASCRIPT for certain web sites, some sites have malicious JAVA & JAVASCRIPTS on them this feature could make FF more secure. Thanks. On Sun, 18 Sep 2005 03:29:29 -0400, in message �<dgj50q$92k2@ripley.aoltw.net>, Joe wrote: > I would like to see a switch in FireFox browser to enable/disable JAVA & > JAVASCRIPT for certain web sites, some sites have malicious JAVA & > JAVASCRIPTS on them this feature could make FF more secure. For Javascript, this already exists. Here...

Firefox and Java vs. IE and Java
Win98SE IE 5.0 Firefox 1.0.4 Please try out: http://www.bodo.com/javame.htm and see if you have all of JAVA enabled. My Firefox 1.0.4 passes on Javascript, but fails on Java Applet. IE passes both tests. In my Firefox options, Javascipt and Java are enabled. I get the "download plugin" at Java applet, it fails on manual install, and I have downloaded the 15meg offline version but not installed it. Where are we? <GRIN> FACE FACE wrote: > Win98SE > IE 5.0 > Firefox 1.0.4 > > Please try out: > > http://www.bodo.com/j...

Embedded Java Scripting in FTP Sites May Run After Java Scripting Is Disabled
MS KB Article Q316890: The information in this article applies to:=20 Microsoft Internet Explorer versions 5.01 Service Pack 2 , 5.5 Service = Pack 2 ,=20 for Windows 2000=20 Microsoft Windows 2000 SP2 , Professional=20 http://support.microsoft.com/default.aspx?scid=3Dkb;EN-US;q316890 ___ Ted Ted Quantrill wrote... > MS KB Article Q316890: Can I ask how you found out about this KB article? For the benefit of others, it's so short I'm posting the whole thing here: "SYMPTOMS When you disable the Scripting of Java applets option in Internet...

Java class files from Java Script
------=_NextPart_000_003F_01C556FB.AAD19890 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Please pardon me from posting the question here... can any tell how I call Java class files from Javascript... Thanks Anish ------=_NextPart_000_003F_01C556FB.AAD19890-- ...

java script and firefox
Can firefox execute standard javascript embedded in htm page or it does something differently? The reason I ask is, that on my website I am displaying the applications page: http://www.phonedialerpro.com/apps.htm For some reason, dialing does not work as it does in IE? Any idea what must be corrected? Your thoughts appreciated, Jack Jack wrote: > Can firefox execute standard javascript embedded in htm page or it does > something differently? > The reason I ask is, that on my website I am displaying the applications > page: > http://www.phonedialerpro.co...

About Java Script in Firefox
Name: Yusuf Email: YusufatExcellent-ITSolutionsdotcom Product: Firefox Summary: About Java Script in Firefox Comments: Please try to access on below : www.FurnitureExcellent.com <especially for menu product> Try on Internet Explorer, and compare with Mozilla. And Why...I need your response ASAP Thank you.. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one y...

superreview granted: [Bug 288356] Java applet + screen reader: heap corruption brings down Firefox : [Attachment 179104] Default Java support to off when Windows screen reader is running. Java suppor
Johnny Stenback <jst@mozilla.org> has granted Aaron Leventhal <aaronleventhal@moonset.net>'s request for superreview: Bug 288356: Java applet + screen reader: heap corruption brings down Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=288356 Attachment 179104: Default Java support to off when Windows screen reader is running. Java support can still be turned back on in Tools->Options->Content->Enable Java https://bugzilla.mozilla.org/attachment.cgi?id=179104&action=edit ------- Additional Comments from Johnny Stenback <jst@mozilla.org> Yeah,...

superreview requested: [Bug 288356] Java applet + screen reader: heap corruption brings down Firefox : [Attachment 179104] Default Java support to off when Windows screen reader is running. Java supp
Aaron Leventhal <aaronleventhal@moonset.net> has asked Johnny Stenback <jst@mozilla.org> for superreview: Bug 288356: Java applet + screen reader: heap corruption brings down Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=288356 Attachment 179104: Default Java support to off when Windows screen reader is running. Java support can still be turned back on in Tools->Options->Content->Enable Java https://bugzilla.mozilla.org/attachment.cgi?id=179104&action=edit ------- Additional Comments from Aaron Leventhal <aaronleventhal@moonset.net> Will add /...

java-1_6_0-openjdk
I am running OpenSuSe 11.2 and had a notification of an openjdk update which simply refuses to install. The error message I get when I run YaST2 is: "Subprocess failed. Error: RPM failed: error: unpacking of archive failed on file /usr/lib64/jvm/java-1.6.0-openjdk-1.6.0/demo/applets: cpio: rename failed - Is a directory" I was just wondering if anyone else has this issue? Here's the technical info on the openjdk update: Version: 1.6.0.0_b17-2.1.1 Build Time: Mon 12 Apr 2010 18:22:44 BST Install Time: Package Group: Development/Languages/Java License: G...

Java Exception : java.lang.NoClassDefFoundError: java/sql/Clob
Hi, Does anybody know what this message means ? Java Exception java.lang.NoClassDefFoundError java/sql/Clob I get that error message when running this code: SELECTBLOB dw_datawindow_syntax.datawindow_syntax INTO lblb_syntax FROM dw_datawindow_syntax WHERE dw_datawindow_syntax.datawindow_id = al_criteria_datawindow_id USING atr_transobject ; The code is not in a component, it's in an object used by a component in Jaguar. Our application is running against an Oracle Database (8.1.6) using JDBC. We're thinking it's some DLL or class file we're missing, any ide...

How to Launch FireFox using Java Script
Hi,   To launch Internet Explorer using Java Script, below code can be used.   function OpenNewWindow() {     var WshShell = new ActiveXObject("WScript.Shell");     WshShell.Run("Iexplore " + "http://yahoo.com"); }   But this code does not work with Firefox.   Problem–  Can somebody help -How to achieve the same in FireFox ??     Thanks & Regards, Arun Manglick || Senior Tech Lead || http://arun-ts.blogspot.com  Arun Manglick so,...

java script not working on firefox on some sites????
Name: Srihari Email: data9091_at_yahoo.com Product: Firefox 2 Beta 2 Summary: java script not working on firefox on some sites???? Comments: Here is the link to the one financial web site:: http://content.icicidirect.com/personalfinance/personalfn.asp?L=0 . it has many tool to financial calculations on the above link, may be qwritten in java script. But none of the firefox versions work to calculate the results on the tool on this page. However IE and opera work well for this page. Wish it will be resolved in the comimn versions. Browser Details: Mozilla/5.0 (Windows; U; Win...

Java Script not working in Firefox or Chrome
Hi, I am transferring an array from my code behind to my jvascript on my .aspx page, where I read values from the array to be used in my function. Everything workd perfectly fine in IE, but it is not working in FF or Ch. Is my syntax incorrect? This is what I have:var LatVal = '<%=LatarrValue%>'; var LatArray = LatVal.split(","); var LngVal = '<%=LngarrValue%>';var LngArray = LngVal.split(","); var InfoWindowVal = '<%=InfoWindowValue%>';var InfoWindowArray = InfoWindowVal.split("*");  var point = ge.createP...

VB Script
Hai All, Is it possibe to call a VB Script funcion from Java Script. If yes,plz give some example. Regards, Karthik.A Yes, it is possible. Example: <html> <head> <title>VB script test</title> <script type="text/javascript"> function foo() { alert('foo') bar() } </script> <script type="text/vbscript"> Sub bar() alert "baa" End Sub </script> </head> <body> <p><input type=button value=Test onclick="foo()"> &...

Web resources about - Firefox java and java script - grc.security

Firefox - Wikipedia, the free encyclopedia
This article is about the web browser. For the operating system, see Firefox OS . For other uses, see Firefox (disambiguation) . web browser ...

Mozilla Firefox Web Browser — Free Download — mozilla.org
Mozilla Different by Design Proudly non-profit Innovating for you Fast, flexible, secure Download Firefox — English (US) Windows Linux Mac OS ...

Firefox Facts - best guide to add-ons, themes and tips for Firefox
Firefox Facts is the best independently run Firefox blog out there today. Learn more about how to us Firefox, add-ons, themes and news on the ...

Firefox Affiliates
Firefox Affiliate buttons are a bit of html code that you put on your website or blog to encourage visitors to your site to download Firefox. ...

Firefox OS
The latest news about Firefox OS

Firefox 13.0.1 Download - Get Mozilla Firefox
Download the new Firefox Browser for a faster, safer and better web experience - Get Firefox for your iPhone and Android - make the switch today ...

Techarger Firefox
Il est maintenant possible de supprimer des vidos sans passer par itunes. Par ben, mardi janvier le retrait de vlc de l app store videolan 5 ...

Firefox Flicks : Winners
Firefox Flicks — A video contest to tell the story of your favorite browser. Submit your entry by May 1, 2012 and win prizes.

Firefox Beta Launches Social API With Facebook Messenger As Initial Partner
As originally announced earlier this month by Firefox parent Mozilla , the beta test of the Web browser’s Social API launched Monday with Facebook ...

Under the hood: Facebook Messenger for Firefox - Facebook
Facebook Engineering hat eine Notiz mit dem Titel Under the hood: Facebook Messenger for Firefox geschrieben. Du kannst den vollständigen Text ...

Resources last updated: 12/21/2015 11:58:35 AM