Jamie Oliver's Website Serving Malware

jones_supa writes While routinely checking the latest exploited websites, Malwarebytes came across a strange infection pattern that seemed to start from the official site of British chef Jamie Oliver. Contrary to most web-borne exploits we see lately, this one was not the result of malicious advertising but rather carefully placed malicious JavaScript injection in the site itself. This, in turn, has been used to serve visitors a delicious meal consisting an exploit kit downloading the Dorkbot trojan. Malwarebytes has contacted the administrators immediately upon discovery of this infection.

Re:Is javascript dangerous?

[DarkTempes]

Browser Javascript is already limited in what it can do and access.

And in this case even if you had NoScript installed (which is different from turning Javascript off entirely in your browser) and the main Jamie Oliver website whitelisted you'd still have been protected because what the JS was doing was creating an iframe to another site and loading Flash/Silverlight/Java exploits inside of that.

And note that even with a compromised site where they were able to inject their own JS that they still had to rely on Flash/Silverlight/Java rather than just Javascript to download and run the trojan.
So to answer your question: No, Javascript isn't really dangerous. Poorly written browser plugins are.