At this early stage of Firefox public development, it might be a good time to define a flexible model for controlling exactly what can and cannot be done in the browser by Web pages and sites.
Ideas such as this have been proposed in Bugzilla - please find the bugs and read them to see the current state of the debate.
However, I'd say that if we ever end up with a security UI 1/10 as complicated as Microsoft's, then we've failed in our duty to protect our users. I suspect a lot of MS's security UI is necessary because they add features which are security holes, then can't remove them, so they provide a way to turn them off - giving you a choice of letting your site work and being exposed, or breaking it and being secure.
You haven't yet established why these zones are necessary. If Java is safe, it should be enablable everywhere with one switch. If it's not safe, it should be disabled until it is.
Gerv _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
