Anthony G. Atkielski wrote:
J. Greenlees writes:
better now than later. much easier to include while code base isn't as large as it will no doubt grow to over time.
I agree, which is why I'm suggesting it now, while there may still be time.
like the full suite almost does?
What do you mean by the "full suite"?
full mozilla suite, not just the Firefox browser.
that's okay with me, no java, javascript or popups for any site.I have tested my browser against the idn sppof vulnerability, it passed as not vulnerable, yet only thing I did was disable java, javascript and deny popup windows.
OK, but what happens when you want to deny popups, Java, and Javascript for some sites, but not for others? Currently, Java and Javascript are all-or-nothing--either you enable them for every site, or you don't enable them for any site. That's far too inflexible and it will cause problems down the line.
I personally don't care, if a site requires them, I won't go back a second time.
possible, but a complex proposal.
Yes. Fortunately, it need not be included in early versions of the browser; it could always be added later, if there's a demand for it.
In contrast, the basic idea of security categories and settings needs to be implemented early, before security problems start to show up.
no flash, no activex, noclientside scripting allowed with mozilla & netscape. won't use anything that doesn't allow a mouse click to remove those functions.
I tend to agree. I allow Javascript on reasonably trustworthy sites, but ActiveX and Java are always disabled. It's important to be able to control this on a site basis, though, which is why I'd like to see categories and settings similar to MSIE (but much more evolved, for better flexibility--the MSIE implementation lacks some features).
_______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
