On Thu, 25 Oct 2007 10:01:38 -0500, Erik Funkenbusch wrote:
> On Thu, 25 Oct 2007 15:13:41 +0100, Roy Schestowitz wrote:
Snip ...
>> http://www.theregister.co.uk/2007/10/24/activex_vulns/
>>
>> 'Innovating' ways of excluding competition from the Web (ActiveX).
>
> This is such a red herring. None of these problems are related to
> ActiveX itself. It's flaws in the plug-ins. Mozilla has binary,
> non-sandboxed native code plug-ins as well, and nothing in Mozilla would
> prevent a flaw in one of those plug-ins from being used to gain control
> of a machine.
>
> The difference is tha Mozilla is not the browser used, and supported, by
> the majority of plug-in makers, and as such has far fewer potential
> targets for attackers to probe.
I'm no expert, but AFAIK it's easier to gain control of a machine if the
vulnerable app is running with root (or admin, in that netherworld)
privileges than if the app is being run as a non-privileged user. I think
a poll is in order here:
How many linux users browse the web as root?
How many Windows users browse the web as admin?
Be truthful.
--
This message is brought to you by your Department of Redundancy Department.
|
|
