1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

JavaScript issues: obsolete libraries and more

Discussion in 'JavaScript' started by modelting, Sep 8, 2017.

  1. #1
    Whenever we talk about Internet security we remember Flash Player, and how its multiple vulnerabilities have reduced it to "only" 10% of the main webs. However, there is another actor who also often raises many criticisms such as JavaScript, which Google has declared the war and will block it in Gmail.

    Right now, the JavaScript problem seems to be getting worse. According to published in ZDNet, of 133,000 webs scanned at least 37% of them have a JavaScript library with a known vulnerability. Northwestern University has already warned about the problem of loading older versions of JavaScript bookstores into web sites in a study, but it seems no one paid much attention to them.

    The case is that Northwestern researchers have returned to the burden by publishing another study, in which they point out that vulnerable bookstores can be "very dangerous" under the right conditions. The study points to an old JQuery bug that could be exploited by using an intersection of pages or XSS.
    SEMrush
    [​IMG]

    In order to prepare the study they were fixed on the first 75,000 Alexa websites, and then randomly selected 75,000 .com domains, assigning 72 different libraries and their respective versions. In general, 87% of Alexa's websites, and 46.5% of dot coms, used at least one of the 72 bookstores.

    Among the study findings, 36.7% of JQuery, 40.1% of Angular, 86.6% of Handlebars and 87.3% of YUI use some vulnerable version. In addition, researchers found that 9.7% of the websites included in the study use two or more vulnerable versions of one of the libraries.

    However, more popular websites are less likely to use one of these obsolete libraries. Northeastern researchers found that only 21% of the top 100 had this problem. That does not mean that, in the words of the researchers, the ecosystem of JavaScritp is a complete disaster:

     
    modelting, Sep 8, 2017 IP
    SEMrush