Siddhesh Poyarekar wrote:
On Mon, May 11, 2009 at 9:54 PM, Rony gnulinuxist@gmail.com wrote:
It was just that but my query is how secure is browsing in Linux if javascript is enabled, given the fact that this sticky window would refuse to go? Does enabling of scripting in firefox bypass the Unix file self execute permission barrier?
That sticky window won't do anything more than just annoy you. If it wants to do some damage to your data I suspect it will have to get you to:
- Download the malicious program
- Chmod it to give it execute permissions
- Execute it
That should be easy in a malicious javascript.
And to do some real damage to your system and not just your data it will have to also do:
- Ask for sudo or root password.
Assuming that many Ubuntu and other sudo users do not set sudo to ask for a password every time, sudo retains a previously typed password for 14 minutes. That time is enough for the unwanted software to sneak in wherever possible.