Re: Firefox security strategy (was: Firefox goodies)

2006-01-01 Thread Ben Scott
On 12/29/05, Kevin D. Clark [EMAIL PROTECTED] wrote: So do you like a security model or not? To me you're sending mixed signals here. To me, a system that is designed from the ground up with security in mind has a security model. What I'm trying to get at (albeit not clearly) is that

Re: Firefox security strategy (was: Firefox goodies)

2005-12-30 Thread Tom Buskey
On 12/29/05, Thomas Charron [EMAIL PROTECTED] wrote: On 12/29/05, Bill McGonigle [EMAIL PROTECTED] wrote: catastrophic bug.Guess which one has a zero-day exploit today for the same thing that was supposedly patched in the past few months? Oh! Oh! I Know! FIREFOX! Exploits are going to happen.

Re: Firefox security strategy (was: Firefox goodies)

2005-12-30 Thread Thomas Charron
On 12/30/05, Tom Buskey [EMAIL PROTECTED] wrote: On 12/29/05, Thomas Charron [EMAIL PROTECTED] wrote: On 12/29/05, Bill McGonigle [EMAIL PROTECTED] wrote: the software changes over time. People DON'T spend their time going to a several month audit, and find each and every exploit. They find

Firefox security strategy (was: Firefox goodies)

2005-12-29 Thread Ben Scott
On 12/29/05, Bill McGonigle [EMAIL PROTECTED] wrote: ... Check out NoScript ... On 12/29/05, Kevin D. Clark [EMAIL PROTECTED] wrote: JavaScript can be grubby, but it also enables things like AJAX, which can be genuinely useful/neat. Heh. I was wondering if this would happen. :) I'm not

Re: Firefox security strategy (was: Firefox goodies)

2005-12-29 Thread Ben Scott
On 12/29/05, Kevin D. Clark [EMAIL PROTECTED] wrote: JavaScript should have been designed ... such that it doesn't even have the capability to do risky things. To me, you just described Java, but that's another thing entirely. To some extent, but not completely. Certainly, at one point in

Re: Firefox security strategy (was: Firefox goodies)

2005-12-29 Thread Kevin D. Clark
Ben Scott writes: To some extent, but not completely. Certainly, at one point in it's history, Java was being sold as an ideal sandbox for things like client-side intelligence in web pages.[1] However, it was still designed around the idea of a general-purpose programming language which

Re: Firefox security strategy (was: Firefox goodies)

2005-12-29 Thread Bill McGonigle
On Dec 29, 2005, at 16:04, Ben Scott wrote: Then again, I don't really *know* anything about Firefox's internals; I've just read blurbs and articles here and there. Maybe most of what I want is already there. Firefox does have some limitations on JavaScript. For instance, I recently read

Re: Firefox security strategy (was: Firefox goodies)

2005-12-29 Thread Thomas Charron
On 12/29/05, Bill McGonigle [EMAIL PROTECTED] wrote: catastrophic bug.Guess which one has a zero-day exploit today for thesame thing that was supposedly patched in the past few months? Oh! Oh! I Know! FIREFOX! http://www.frsirt.com/exploits/20051212.fireburn.php