NAT Slipstreaming allows an attacker to remotely access any TCP/UDP service bound to a victim machine, bypassing the victim’s NAT/firewall (arbitrary firewall pinhole control), just by the victim visiting a website.
2019-04: Chrome Sandbox exploit “pop calc” https://googleprojectzero.blogspot.com/2019/04/virtually-unlimited-memory-escaping.html
Intranet use – okay – Internet/Web-use – not okay.
Any page that does not render it’s content text/pictures properly without JS SUCKS!
Do i hate JS?
partly. For me it always felt “sluggish”, slow and unreliable – one browser does JS it better/faster or not at all than others on the other side it makes the web more alive more animated more vibrant more interesting – but also more annoying.
JS is a security problem:
Not only – does it seem possible to do side-channel attacks (super mega slow but possible) on intel cpus with out of order execution e.g. theoretically read browser passwords from a firefox web client.
“In this paper, we presented Rowhammer.js, an implementation of the Rowham-
mer attack using fast cache eviction to trigger the Rowhammer bug with only
regular memory accesses. It is the first work to investigate eviction strategies to
defeat complex cache replacement policies. This does not only enable to trigger
to perform attacks on recent and unknown CPUs fast and reliably. Our fully
unrestricted access to systems. The attack technique is independent of CPU
microarchitecture, programming language and execution environment.
The majority of DDR3 modules are vulnerable and DDR4 modules can be
vulnerable too. Thus, it is important to discover all Rowhammer attack vectors.
Automated attacks through websites pose an enormous threat as they can be
performed on millions of victim machines simultaneously”
i guess an update will fix that?
Advisory: Tor Browser 7.x has a serious vuln/bugdoor leading to full bypass of Tor / NoScript ‘Safest’ security level (supposed to block all
PoC: Set the Content-Type of your html/js page to “text/html;/json” and enjoy full JS pwnage. Newly released Tor 8.x is Not affected.
So maybe the solution is to allow only to run JS on sites/servers/intranet that you 100% TRUST and explicitly allowed on a whitelist.
And those intranet sites and servers are shielded against hacks/viruses and someone altering your code.