Java and Flash were supposed to be sandboxed, but weren't. Is there a convincing... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

Animats on Nov 10, 2015 | parent | context | favorite | on: PyPy.js – PyPy in Your Browser

Java and Flash were supposed to be sandboxed, but weren't. Is there a convincing demonstration that "asm.js" is more secure? Or is it just that nobody has done a big "asm.js" exploit yet. "asm.js" exploits have been found.[1][2] There are probably others already being exploited.

[1] http://www.scip.ch/en/?vuldb.12180 [2] https://www.mozilla.org/en-US/security/advisories/mfsa2015-2...

tracker1 on Nov 11, 2015 [–]

asm.js should have the same sandbox model that JS in general has. Which, while not perfect, has been a bit better than Flash/Java... Removing all programatic functionality from the browser simple isn't a reasonable option. And imho it's better than the binary plugin option.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact