K-Meleon :: Extensions

Extensions : K-Meleon Forum

All about K-Meleon extensions.

Goto: Forum List•Message List•Search•Log In

Your Name:
Subject:

Help information

[quote=disrupted]
[quote=siria]
But activating that stuff permanently without a notice is like *secretly* cutting off the security belt from a car driver and disabling his airbag, security stuff on which he's relying to protect him. Sure there are also lots of people who prefer to drive without any belts and airbags, but those who use those protections *deliberately*, without being forced by law, do so with a *reason*, and will not be amused when noticing some day that they've been driving for weeks or month without that stuff, because someone all secretly disabled it :-( Especially not, if that lack has caused them great injuries, on bodies or computers...[/quote]

it's not as drastic as you make it sound. js was first introduced by netscape and was quite secure there. the js problems began when ie started to support it; accompanied with activex -an ie-only feature- it's when js became quite a potential risk.. however again and at that time- those risks were confined to ie-trident browsers.. the netscape engine-nglayout and later gecko as well as the ie-tasman engine for macs were consistently risk-free against malicious scripts targeting ie-trident specifically which had many vulnerabilities due to certain factors not available in other engines like being an os embedded engine, enabling online execution of windows binaries, iframe js flaws and the non-decoded type cache.

gecko was never actually vulnerable to js attacks as was ie. nowadays, ie remains a risk factor but recent tridents like in ie7 and ie8 with updated patches are far less vulnerable than previous tridents. other engines like opera's presto, webkit and gecko are quite secure even with js enabled and no script with malicious intent can execute anything on those browsers behind the user's back and only with their consent can they initiate attacks..i.e. the user is gullible enough to wittingly accept a download prompt initiated by a questionable site(like scarewares) and later go to the downloaded file and manually launch it since gecko will never allow any remote execution unless it's downloaded to the local disk first... and this kind of user can get in trouble even with js disabled, so it isn't really a js issue here.

unfortunately it's this kind of misconception about js that keeps users unrealistically afraid.. in ie, it's understandable; but in gecko and webkit there isn't really a point of surfing with js disabled.. it's just a needless inconvenience[/quote]

K-Meleon forum is powered by Phorum.