>> The problem is .net is a one click to run code. It is almost trivial to > get that one click clicked by a bit of creative social engineering on a > malformed web page.
No, .Net is not a "one click" to run code, it is a programming foundation. This particular function and addon is designed for that some specific action so that Firefox can run pages coded specifically for this function. At least, that's what I get from the reading the addon author's notes. > So lots of tricks that were exploited by Active X attacks back in the day > are open to try again. Some have been blocked but lots were just stopped > when the choice to run Active X code was made a conscious choice every > time. You don't get to ask if I trust this page enough to run it's code. > > Now that M$ opened the door into Firefox you shouldn't really trust any > windows installation that was running with that door open. Four months is a > lot of time because lots people understood what this problem was in February > so you can be sure that some of bad guys did or at least now have an exploit > running for this. Again, show me the exploit, the security warning, a Secunia or VUPEN entry, something other than anxiety and hand waving. Offer some concrete proof that it is actually a problem. I'm not saying it can't possibly be hacked, but if it is a real and defined exploitable bug, it should be easy for you to do that. The web has been largely a OMG!!! M$ hAx0red FF!!!1! echo chamber on this matter. Everyone keeps repeating the same vague information over and over as if its some primitive ritualistic ceremony. ************************************************************************* ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *************************************************************************
