[GTALUG] Firefox is a pig

D. Hugh Redelmeier hugh at mimosa.com
Mon Nov 17 18:33:30 UTC 2014


| From: Walter Dnes <waltdnes at waltdnes.org>

(Nice hack to run multiple browser instances.)

| * As others have pointed out, the Java plugin is a major security hole,
|   a cross-platform equivalant of Active-X.  Remove, or disable the
|   plugin.

No, it isn't like Active-X.  Totally different security model.

Active-X: total trust in signed plug-ins

Java: sandbox the application so that it isn't able to do unauthorized
things.  Unfortunately, the attack surface is large enough that there
were likely and have been implementation failures.


More information about the talk mailing list