2422 WASM, add reason for disabling, fixes #1037 (#1054) - user.js - Unnamed repository; edit this file 'description' to name the repository.

commit ac52886ea8c54f2bee386456459c1d34c09cf265
parent c45780d79bc047568e486ac181a3a9b39df85b60
Author: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date:   Mon, 26 Oct 2020 23:37:49 +1300

2422 WASM, add reason for disabling, fixes #1037 (#1054)


Diffstat:
M user.js  | 10 ++++++++--

1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/user.js b/user.js
@@ -1047,8 +1047,14 @@ user_pref("javascript.options.asmjs", false);
    // user_pref("javascript.options.ion", false);
    // user_pref("javascript.options.baselinejit", false);
    // user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF]
-/* 2422: disable WebAssembly [FF52+] [SETUP-PERF]
- * [1] https://developer.mozilla.org/docs/WebAssembly ***/
+/* 2422: disable WebAssembly [FF52+]
+ * Vulnerabilities have increasingly been found, including those known and fixed
+ * in native programs years ago [2]. WASM has powerful low-level access, making
+ * certain attacks (brute-force) and vulnerabilities more possible
+ * [STATS] ~0.2% of websites, about half of which are for crytopmining / malvertising [2][3]
+ * [1] https://developer.mozilla.org/docs/WebAssembly
+ * [2] https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly
+ * [3] https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes ***/
 user_pref("javascript.options.wasm", false);
 /* 2429: enable (limited but sufficient) window.opener protection [FF65+]
  * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/

	user.js Unnamed repository; edit this file 'description' to name the repository.
	Log \| Files \| Refs \| README