Very useful explanations from yourself, @eraserbones and others and the one word i’m glad to see repeated here is ‘javascript’. There’s the nuclear option with noscript/umatrix i suppose but i like to think a lot of these attacks could be mitigated somewhat by the browser updates which are forthcoming.
ETA: Not that that’s really dealing with the fundamental issue but it’s reducing the attack surface.
