Re: Flexible security control models for Firefox

CarlosRivera Mon, 28 Feb 2005 04:53:40 -0800

There have been cross domain security breaches in browsers in the past. A separate process would have nullified the security bug. So, while an OS might not intrinsicly provide the security, it happens because the javascript variables in one process are not accessible in the other process. If so, please list specific browser versions the code to exploit and the OS.

Anthony G. Atkielski wrote:

CarlosRivera writes:
I disagree with you. If you have only session cookies allowed, a browser in one process would have a much more difficult time accessing the cookies in the other process whereas being in the same process it is very easy for a browser javascript security permission to allow it. This is merely one example.
There's nothing intrinsic about a process that provides any type of
security.  It depends entirely on the design of the operating system.

_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security

Re: Flexible security control models for Firefox

Reply via email to