Yes, there are technical means to obtain unauthorized information about a user's device from a malicious script in a web page. This is usually achieved through what is called a Cross-Site Scripting (XSS) attack. XSS attacks usually occur when a web application allows untrusted users to insert code, which is then executed in other users' browsers. Attackers can use XSS attacks to run malicious scripts that may access cookies, session tokens or other sensitive information, and may even lead to session hijacking. These scripts can further be used to track user activities, steal user identities or install more malware. To protect yourself, you should take the following measures: 1. **Keep your software updated**: Make sure your browser, operating system and possible security software are all up to date. 2. **Use secure browser plugins**: Some plugins can provide additional protection from loading malicious scripts. 3. **Be wary of email and website links**: Do not click on links from unknown sources and avoid visiting suspicious or untrusted websites. 4. **Website developers need to take security measures**: This includes input validation and output encoding, and use Content Security Policy (CSP) to limit which scripts are allowed to execute on a web page. By taking these measures, the risk of XSS attacks can be reduced.