[GTALUG] Firefox is a pig

Walter Dnes waltdnes at waltdnes.org
Mon Nov 17 21:46:48 UTC 2014


On Mon, Nov 17, 2014 at 01:33:30PM -0500, D. Hugh Redelmeier wrote
> | From: Walter Dnes <waltdnes at waltdnes.org>
> 
> (Nice hack to run multiple browser instances.)
> 
> | * As others have pointed out, the Java plugin is a major security hole,
> |   a cross-platform equivalant of Active-X.  Remove, or disable the
> |   plugin.
> 
> No, it isn't like Active-X.  Totally different security model.
> 
> Active-X: total trust in signed plug-ins
> 
> Java: sandbox the application so that it isn't able to do unauthorized
> things.  Unfortunately, the attack surface is large enough that there
> were likely and have been implementation failures.

  I understand the differences "under the hood", but conceptually, at an
abstract level, it's the same.  A diesel-engined car has a different
powersource than a gasoline-engined car or an electric car.  But in the
end, they accomplish the same task, i.e. moving a few people and some
groceries around.  And they're all capable of getting into accidents.

  Same thing with Java and Active-X, they involve downloading code from
a webpage and executing it on your machine.  And they're all capable of
security breaches.  Yes, they're different "under the hood", but the
results are often the same.

-- 
Walter Dnes <waltdnes at waltdnes.org>


More information about the talk mailing list