#1
|
|||
|
|||
Is JDownloader secured against Spectre .js Attacks?
Many People have huge Problems with those "System Patches" against Spectre and Meltdown.
Firefox was patched to make it more stable against Spectre .js Remote Attacks. But how is it with Jdownloader? |
#2
|
||||
|
||||
JDownloader plugins usually do not execute JS code from website. Plugins parse html/js code (not execute). Some plugins however do execute JS but the code is often self constructed/combined by the plugin developer and the JS engine is heavily limited (can't compare it with Browser JS engine) and restricted(no http requests for example).
I don't see any danger at the moment but of course if someone finds vulnerabilities or has hints how to escape/bypass, we will check and update accordingly
__________________
JD-Dev & Server-Admin |
#3
|
||||
|
||||
99.5% of our plugins do not load any javascript into javascript engine. Only a few (remainder ~0.5%) do load javascript though typically limited in what it can load. If you can find any issue please let us know.
raztoki
__________________
raztoki @ jDownloader reporter/developer http://svn.jdownloader.org/users/170 Don't fight the system, use it to your advantage. :] |
Thread Tools | |
Display Modes | |
|
|