
Ask HN: Text-based web-browsers. Are it affected by Meltdown and Spectre? - app4soft
Most popular web-browsers (Mozilla FireFox, Gooogle Chrome, Pale Moon, etc.) already work on solving issues related to Spectre and Meltdown attacks and this month rolled out it&#x27;s security updates.<p>Text-based[1] web-browsers (such as Lynx, Links2, etc.) are much simpler than &#x27;normal&#x27; browsers, so  could they be affected by Meltdown and Spectre? Are there any news on security issues for text-based browsers related to such attacks?<p>[1] https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Text-based_web_browser<p>P.S.: I use Links browser in graphics mode as default browser on my PC, and this post also submitted throw it ;-)<p><pre><code>  $ links2 -g http:&#x2F;&#x2F;news.ycombinator.com</code></pre>
======
userbinator
Those browser's vulnerability to those attacks are entirely based on the fact
that they execute JavaScript. Thus, if your browser doesn't execute JS, it's
immune.

~~~
app4soft
> Thus, if your browser doesn't execute JS, it's immune.

I hope on that, but it would be cool get more details why text-based browsers
are much more secure than modern browsers in 2018.

P.S.: Screenshot[0] from my web-browser with this thread.

[0] [http://hnng.moe/f/ZZJ](http://hnng.moe/f/ZZJ)

~~~
code_duck
That is the complete explanation… JavaScript. Executing arbitrary code from
strangers on the Internet is what makes browsers less secure.

------
krapp
Possibly.

Because Meltdown and Spectre are vulnerabilities caused by CPU design, any
running code is potentially vulnerable. Text based browsers are not safe
merely because they do not run javascript, they are only safe in that case
from javascript being able to exploit the vulnerabilities. The application
itself may still be vulnerable.

You should contact the maintainers of these projects directly and find out
from them.

