Wow - Avast decided to disable their JavaScript interpreter globally!
The vulnerability report they mention wasn't just me, it was a Project Zero collaboration with @natashenka 

I think this is the right decision, it was a *lot* of attack surface.https://twitter.com/avast_antivirus/status/1237685343580753925 …
-
-
Replying to @taviso @natashenka
Is it known when this JS interpreter has been implemented? Like is it a recent feature or legacy code which was just forgotten by being most likely unproperly documented in the past?
2 replies 0 retweets 1 like -
just curious, In theory, if malicious js is checking the date value, it can bail out avast js interpreter?
1 reply 0 retweets 0 likes -
Yes, it doesn't make a ton of sense.
2 replies 0 retweets 1 like -
Isn't it likely that they just never finished it and the value of the Date object is just a placeholder/dummy?
1 reply 0 retweets 0 likes
No, it's just a source of non-determinism they're trying to avoid.
9:50 AM - 12 Mar 2020
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.