javascript isn’t executed by the OS though, its ran through the browsers javascript engine… The engine would have to be broken on every single browser if that was the case. Now if they are talking about java, that is OS independent, and can execute byte code. Two completely different technologies, you would think that a security research firm or whatever would know that…
Edit: read the article, im pretty sure they are talking about java and NOT javascript