Not just because of the attacks that can exploit JavaScript and HTTP cache control (two of which have been proved with a PoC exploit), but because they are not informing the users about the risks.
While I could have expected this behaviour from surveillance companies like Google or Microsoft, Mozilla was able to fool me for years by simply stating Firefox is “built for people, not for profit”.
Bulshit.
As of today, they didn’t answer to the question “are Firefox users vulnerable to this wide class of attacks?”
But don’t recall this on Lobste.rs or they will ban you too.
interesting discussion in the comments on lobste.rs
The problem is that browsers cannot be trusted to run arbitrary computations.
Not just because of the attacks that can exploit JavaScript and HTTP cache control (two of which have been proved with a PoC exploit), but because they are not informing the users about the risks.
While I could have expected this behaviour from surveillance companies like Google or Microsoft, Mozilla was able to fool me for years by simply stating Firefox is “built for people, not for profit”.
Bulshit.
As of today, they didn’t answer to the question “are Firefox users vulnerable to this wide class of attacks?”
But don’t recall this on Lobste.rs or they will ban you too.