On Fri, 6 Sep 2013, Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> wrote:
On 6/09/2013 7:39 PM, Trent W. Buck wrote:
Yes, part of the problem, as posed by that article, was clearly the use of Firefox and the vulnerability in javascript. The TBB (TOR Browser Bundle) fixed this issue, but because javascript is, unfortunately, a heavy requirement for many bloatware websites, turning it completely off can effectively render many sites completely unusable. So, TBB turns on js by default these days :(
Surely a good solution to this class of problem would be to use iptables to prevent the UID which runs the web browser (which need not be the same as the UID for the X session) from doing any IP access other than talking to the TOR server. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/