FS#41582 - [elinks] JavaScript support has many known vulnerabilities
Attached to Project:
Community Packages
Opened by Daniel Micay (thestinger) - Sunday, 17 August 2014, 10:20 GMT
Last edited by Eli Schwartz (eschwartz) - Monday, 07 August 2017, 00:00 GMT
Opened by Daniel Micay (thestinger) - Sunday, 17 August 2014, 10:20 GMT
Last edited by Eli Schwartz (eschwartz) - Monday, 07 August 2017, 00:00 GMT
|
Details
There are dozens of known and unfixed security holes in
SpiderMonkey 1.8.5, so running untrusted code with it isn't
going to turn out well. JavaScript support should be left
out in these web browsers unless it gets updated to use the
maintained SpiderMonkey version. It's not possible for users
to make use of this feature securely.
|
This task depends upon
Closed by Eli Schwartz (eschwartz)
Monday, 07 August 2017, 00:00 GMT
Reason for closing: Fixed
Additional comments about closing: elinks 0.13-19
https://www.archlinux.org/todo/remove-js 185-from-the-repos/
Monday, 07 August 2017, 00:00 GMT
Reason for closing: Fixed
Additional comments about closing: elinks 0.13-19
https://www.archlinux.org/todo/remove-js 185-from-the-repos/
I agree that the javascript engines should be updated or disabled.