Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

53843 readers

667 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others

Loot, Pillage, & Plunder

💰 Please help cover server costs.

founded 1 year ago

MODERATORS

[email protected]

Is ext.to dangerous? It caused librewolf to ask for firewall permissions (merv.news)

submitted 9 months ago by [email protected] to c/[email protected]

21 comments fedilink hide all child comments

I've never seen any website cause a firewall permission request

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 98 points 9 months ago* (last edited 9 months ago) (3 children)

Word of caution, if you have been browsing successfully until now, it could be a malicious javascript app or malware loaded from that website that is attempting to scan your network or do other things. In other words if this is a new firewall request above and beyond the standard one librewolf needs to function, proceed with cation.

[–] [email protected] 11 points 9 months ago (1 children)

Could you also proceed with anion?

[–] [email protected] 6 points 9 months ago

+/-

[–] [email protected] 7 points 9 months ago (2 children)

In theory, that shouldn't even be possible with JavaScript. There's such a thing as same-origin policy for that exact reason...

[–] [email protected] 8 points 9 months ago

Have you really never heard of malware from JavaScript? Buffer overflows and sandbox escapes are almost all JavaScript, still, hasn't changed in the last decade. Sometimes it's a random font parser library or something, but almost always it's JavaScript. And now that browsers are auto-updating and they have fully staffed security teams behind them that get word of a vulnerability being secretly exploited before the general public, most people don't get hit just because they browsed to a random website. But it's still possible, and especially likely that a shady torrent site could be hosting malware or get ""hacked"".

[–] [email protected] 4 points 9 months ago* (last edited 9 months ago) (1 children)

Malicious javascript seeks to bypass security controls. It’s one of the reasons NoScript is a thing. It could be a malware loaded from an ad. Biggest reason for adblockers imo.

Check out this link for learning about this stuff.

https://heimdalsecurity.com/blog/javascript-malware-explained/

[–] [email protected] 7 points 9 months ago (1 children)

I've read that article. It is complete garbage and doesn't explain anything at all. It's just standard cookie cutter fear mongering to sell some random antivirus software.

[–] [email protected] 4 points 9 months ago

That article is for lay-persons and really an awareness article I surmise. If you’re technical you are likely already aware of the security concerns with jacascript.

[–] [email protected] 3 points 9 months ago

That’s what I’m thinking, it happened when i tried to load their streaming player for the first time which historically have pop unders on streaming websites