On Thu, 25 Oct 2007 15:13:41 +0100, Roy Schestowitz wrote:
> Rogue ActiveX controls menace users
>
> ,----[ Quote ]
>| Flaws in ActiveX controls are being increasingly used to run security
>| exploits.
>|
>| [...]
>|
>| An attack exploiting this vulnerability can lead to arbitrary code execution
>| by a remote attacker," a blog posting by Symantec researcher Parveen
>| Vashishtha warns.
> `----
>
> http://www.theregister.co.uk/2007/10/24/activex_vulns/
>
> 'Innovating' ways of excluding competition from the Web (ActiveX).
This is such a red herring. None of these problems are related to ActiveX
itself. It's flaws in the plug-ins. Mozilla has binary, non-sandboxed
native code plug-ins as well, and nothing in Mozilla would prevent a flaw
in one of those plug-ins from being used to gain control of a machine.
The difference is tha Mozilla is not the browser used, and supported, by
the majority of plug-in makers, and as such has far fewer potential targets
for attackers to probe.
|
|
