I don't understand how they could root you if you're not running any plugin and have Javascript disabled, could you explain ?
By exploiting vulnerabilities in the browser. Being a piece of software it's no more secure than any other out there. Spoofing user-agent might help, but the dilemma runs like this:
The lower-cost automated ones don't care. It's all handled by software; at no point in the process (on the CA side) is a human involved. And I'm betting that if the browsers aren't catching it, neither are the CAs.
Somehow all the CA softwares are reading beyond the null whereas most of the browsers stop doing so?
I tried to drag and drop a jpg in a browser window (Firefox) to some photo editor. It didn't work. Macs and Windows have been able to do this since at least the mid-90s. I have no idea if you can drag an image from Firefox to the Gimp nowadays, and I don't care.
Just tried it, GIMP connected to the server and pulled the image from there. Not sure if that's how you want it to work though.
Microsoft is sharing its stuff because they were caught red handed.
But they obviously won't admit so.
All those poor souls with IT-dept mandated MS desktops that they're not allowed to change just moved one step closer to really running linux on that meaningless host.
People running Hyper-V in Server editions aren't exactly "poor souls" either.
Living on Earth may be expensive, but it includes an annual free trip around the Sun.