| ▲ | shevy-java 7 hours ago |
| Well that sucks. I guess in the long run we need a new engine and different approach. Someone should call the OpenBSD guys to come up with working ideas here. |
|
| ▲ | giancarlostoro 7 hours ago | parent | next [-] |
| > Mozilla has quickly released the fix in Firefox 150 and ESR 140.10.0, and the patch is tracked in Mozilla Bug 2024220. Did you even read the article at all? Ah my children did bad in school, time to replace them with new children and a different spouse. This is what you're suggesting essentially. A browser is not just something you simply make out of thin air. There's decades of nuance to browser engines, and I'm only thinking of the HTML nuances, not the CSS or JS nuances. |
| |
| ▲ | anthk 7 hours ago | parent [-] | | Given the dangers of JS and WASM they could just fork Netsurf and enhance the CSS3 support. If you are a journalist, running Tor with JS and tons of modern web tech enable makes you a bright white spot in a sea of darkness. |
|
|
| ▲ | fsflover 7 hours ago | parent | prev [-] |
| Here you go: https://qubes-os.org. |
| |
| ▲ | Barbing 6 hours ago | parent | next [-] | | >Why Qubes OS? >Physical isolation is a given safeguard that the digital world lacks … >In our digital lives, the situation is quite different: All of our activities typically happen on a single device. This causes us to worry about whether it’s safe to click on a link or install an app, since being hacked imperils our entire digital existence. >Qubes eliminates this concern by allowing us to divide a device into many compartments, much as we divide a physical building into many rooms. … Sold https://doc.qubes-os.org/en/latest/introduction/intro.html | | |
| ▲ | handedness 4 hours ago | parent [-] | | Qubes OS is a great solution for this threat model. By my (admittedly cursory) understanding of this attack, one would have to chain the attack to escalate to dom0 to get around it. Having said that, fsflover exhibits a poor grasp of how this stuff works and all should be aware that even in Qubes OS, one would need to spawn new disposable VMs for each identity; relying on the Tor Browser's new identity creation within the same disposable VM would be little different from running Tor Browser on a traditional OS. |
| |
| ▲ | handedness 3 hours ago | parent | prev [-] | | You should note that improperly using Qubes OS, creating a New Identity inside of Tor Browser, even in a disposable Whonix workstation VM, would leave one vulnerable to this. A user would have to manually start a new disposable VM for each identity. |
|
