Hacker News new | past | comments | ask | show | jobs | submit login

> The exploit was simply injected on every news article page through an iframe

Was the "src" of the iframe 3rd-party to the web site? I want to know whether merely blocking 3rd-party iframes would also have prevented the exploit from working even if javascript is not blocked.




Yes it was so it would have prevented the exploit from loading.


Do you know if NoScript with javascript disabled but iframes allowed and pdfjs enabled would have stopped it?

A vulnerability test would be really nice but I understand why it doesn't exist yet.


It would have stopped it. Js has to be active for the exploit script to run.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: