IMHO,browser bugs that can be triggered w/o JS are an order of magnitude less common. https://zerodium.com/tor.html prices don't reflect that well
-
-
4/50 for me looking at the past year in P0 tracker (but 1 is an infoleak and would be unexploitable w/o JS). DOM bugs only.
-
3 out of those 4 bugs require SVG to trigger. So it might be a good idea to disable SVG in
@torproject browser along JavaScript. -
Triggering isn't enough! How will you exploit it without scripting? Do we have other than js?
-
Agreed, only talking about triggering as that is what we have data on. Exploiting would certainly be much more difficult as well.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.