Emlyn wrote: >>What "data security issues" are there in NS6.1 that are >>not there in NS4.08-4.82(<- HUH???)??? >> >>So this time it's not a "standards compliance" issue... >> >> > > If you point Mozilla to a .xul file (intentionally or not) then > someone else gains some measure of control over your browser. This is > a security issue. It's not a trivial one. (I'm not sure about Netscape > 6.2, though. It would make sense to dis-allow viewing XUL files in a > user-targeted Mozilla-derivative. Did they? Anyone know?)
That's not true at all, any more than opening a webpage gives someone control of your browser. There are security policies in place to stop remote XUL having as much power as local XUL. If you want your XUL application to work locally you need to put it in an XPI and allow the user to be prompted for installation (see the applications as mozdev.org for examples). > The thing is, I'm sure IE has security issues too, and IE running > under Windows must have security issues - the same ones as windows > itself. So why do they allow you to access .NET using IE? ian. -- \ / (@_@) http://www.eclipse.co.uk/sweetdespise/ (dark literature) /(&)\ http://www.eclipse.co.uk/sweetdespise/libertycaptions/ (art) | |
