I read the whole thing to see how the contradiction between “information-leaking attacks that can be carried out by merely viewing a web page” and “if all the software running on your computer was software you could trust” would be resolved. Ah: “blocking by default, even when the code is marked as Free Software, might be a safer policy.” So…it wasn’t. I think the article could be reduced to the advice “only run audited code”, which is charming but not very practical.
I read the whole thing to see how the contradiction between “information-leaking attacks that can be carried out by merely viewing a web page” and “if all the software running on your computer was software you could trust” would be resolved. Ah: “blocking by default, even when the code is marked as Free Software, might be a safer policy.” So…it wasn’t. I think the article could be reduced to the advice “only run audited code”, which is charming but not very practical.
is this a long way of saying that these privesc bugs require code exec?