Polyfill
-
- Posts: 1
- Joined: Thu Jun 27, 2024 11:11 am
Polyfill
I registered to post that until yesterday, I had permanently allowed polyfill.io probably because it was used on a media site such as www[.]telegraph.co.uk. However, it appears that it is now a danger https://www.scmagazine.com/news/polyfil ... 0-websites. If there are any others out there like me, they might want to move it to disallowed.
Last edited by barbaz on Thu Jun 27, 2024 3:17 pm, edited 1 time in total.
Reason: break board-generated link
Reason: break board-generated link
Mozilla/5.0 (Windows NT 10.0; rv:127.0) Gecko/20100101 Firefox/127.0
Re: Polyfill
Wow, thanks for the heads up.
Some more information:
https://www.bleepingcomputer.com/news/s ... 00k-sites/
https://sansec.io/research/polyfill-supply-chain-attack
Some more information:
https://www.bleepingcomputer.com/news/s ... 00k-sites/
https://sansec.io/research/polyfill-supply-chain-attack
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0
Re: Polyfill
Correct.it is now a danger
PaleMoon: Polyfill supply chain attack: New Chinese domain owner infects dependent sites
And you can take it further (much further, actually) as it is not only "polyfill"... but anything that is "3rd party"...
And you can take it further, because of such nonsense by vast majorities of websites, that is why tools like NoScript exist .
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0 SeaMonkey/2.53.19