Jaqui Greenlees wrote:
Anthony G. Atkielski wrote:
~snip~
Any technology that allows for extensions is a security risk. If I want an expandable, bloated mess of a security risk, I'll run MSIE.
or enable any clientside script in any browser. including firefox, mozzila, nescape and opera.
I personally remove all extentions and disable all clientside scripting. if the site isn't usable without there is nothing worth seeing on it.
Do you remove all CA root certs you don't trust as well?
yes. I remove all ca's, and rebuild the list only for those SITES where I trust the site owners ( not cert authority at all, as they only issue certs for money. it has to be for sites not authorities )
so, instead of including a ca list, let end user build a list of trusted sites.
and firefox's significant requirement for javascript, as well as internet explorer look / feel both kill me using firefox as a browser.
if an ie look / feel / functionality was desired, then people would not want a different browser.
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
