I use firefox which I've locked down pretty hard. No site gets to run active con... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		autoexec on June 26, 2019 \| parent \| context \| favorite \| on: I was seven words away from being spear-phished I use firefox which I've locked down pretty hard. No site gets to run active content of any kind by default. No java, not even javascript. That and all the ad-blocking really limits likelihood of my getting infected from just an initial click, but even that isn't foolproof. IE once managed to let attackers get you just by viewing an image (CVE-2005-2308)

sangnoir on June 27, 2019 [–]

0-days are not limited to javascript - the next one might well be in the canvas/image/svg renderer. When someone has targeted you with a 0-day and you load the site they compromised website, all bets are off.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact