Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Text-based web-browsers. Are it affected by Meltdown and Spectre?
3 points by app4soft on Jan 20, 2018 | hide | past | web | favorite | 4 comments
Most popular web-browsers (Mozilla FireFox, Gooogle Chrome, Pale Moon, etc.) already work on solving issues related to Spectre and Meltdown attacks and this month rolled out it's security updates.

Text-based[1] web-browsers (such as Lynx, Links2, etc.) are much simpler than 'normal' browsers, so could they be affected by Meltdown and Spectre? Are there any news on security issues for text-based browsers related to such attacks?

[1] https://en.wikipedia.org/wiki/Text-based_web_browser

P.S.: I use Links browser in graphics mode as default browser on my PC, and this post also submitted throw it ;-)

  $ links2 -g http://news.ycombinator.com

Those browser's vulnerability to those attacks are entirely based on the fact that they execute JavaScript. Thus, if your browser doesn't execute JS, it's immune.

> Thus, if your browser doesn't execute JS, it's immune.

I hope on that, but it would be cool get more details why text-based browsers are much more secure than modern browsers in 2018.

P.S.: Screenshot[0] from my web-browser with this thread.

[0] http://hnng.moe/f/ZZJ

That is the complete explanation… JavaScript. Executing arbitrary code from strangers on the Internet is what makes browsers less secure.


Because Meltdown and Spectre are vulnerabilities caused by CPU design, any running code is potentially vulnerable. Text based browsers are not safe merely because they do not run javascript, they are only safe in that case from javascript being able to exploit the vulnerabilities. The application itself may still be vulnerable.

You should contact the maintainers of these projects directly and find out from them.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact