@TiffyBelle @flaminghohners T/y. That was an interesting read, & ostensibly disturbing. Ostensibly.

My geeky-user-but-NO-expert familiarity with #Firefox [#Nightly, specifically] & chromium-based browsers [on my (#Linux only) pc's that's #VivaldiSnapshot & #Chromium] extends to matters of features, functions & privacy. Security, in the context of that paper & its links, is way beyond my knowledge, so it'd be silly of me to attempt any technical disparagement of that paper.

I shall note, though, that browser development is a pretty fast-paced project, such that i do wonder about the contemporary validity of any paper written several years ago. The paper was last edited March 19th, 2022, so clearly not too bad. However, & IMO most unfortunately, ALL its purportedly supportive links to external references are VERY old, ranging from newest of 2020, to oldest of 2011, with a perceived median around 2016.

For instance, the linked paper's linked paper "Exploiting and Protecting Dynamic Code Generation", says on p10, within "A. Setup", that

>The operating system is the 64-bit Ubuntu 13.04 with kernel 3.8.0-35-generic

That version was released in early 2013.

I suspect this potential "technological aging" makes many or maybe most of the underlying claims rather dubious today, unless & until a contemporary reappraisal by technically competent peeps were done, based on current #Firefox code, not on how it used to be many years ago. Maybe the conclusion would not change? Maybe it would? 🤷‍♀️

Other Thoughts, fwiw.

Even with a generous assumption that all claims in that paper remain technically valid today [tbc], for many browser users in countries / jurisdictions not overtly fascist & dictatorial, who as individuals are unlikely to be targeted by state-actors, i respectively opine that the larger more probable safety hazard to them might come from #privacy, not #security, breaches. To that extent, i note these:

- #uBlockOrigin is more powerful in Firefox than in chromium browsers, due to the latter having no support for CNAME-uncloaking

- Google is actively striving, via its Mv3 replacement for Mv2, & its egregious FLoC / Topics crap, to further weaken uBO & all other #adblockers. Otoh, Mozilla intends indefinite Firefox support for Mv2, albeit also with added Mv3 compatibility.

-- #AddOns / #Extensions like #uBO are far more than "only" adblockers. By running in "hard mode" for instance, & liberally creating a suite of global & per-site dynamic filters, AND having #Javascript globally disabled but allowed by the user on favoured sites, great privacy protection is afforded. Google's plans are to actively weaken this user privacy in Chromium.

- sadly, silly insecure-by-design MS Windows remains the world's dominant OS. Yet for those alert to the Windows hazards & willing to make a change, #Linux provides vastly more security & privacy by design.

- As well, both dominant #Linux #DesktopEnvironments & at least one #WindowManager, now provide stable everyday #Wayland capability instead of the ancient insecure #X11 / #Xorg #DisplayServer -- thus eliminating one classic security vulnerability mentioned in the paper/s.

- Linux users can avail themselves of even more privacy by #sandboxing their apps. There's several choices; i use #Firejail. Therefore browsers [& all other relevant apps] cannot access any of the user's private data beyond the sandbox's bounds.

Mir 2.2 Released with Support for Software Buffers on X11, Wayland and KMS.

https://9to5linux.com/mir-2-2-released-with-support-for-software-buffers-on-x11-wayland-and-kms

#Wayland #Mir #displayserver

https://s3d.sourceforge.net/# #S3D : is a #3d network #displayserver which can be used as #3dDesktop environment using #SDL