[Is Mozilla Mail vonerable to virii (as OE)?]
OE worms exploit security bugs in Outlook, MSIE or another accessible
ActiveX component. Being vulnerable to worms is not a feature of OE :).
Of course, Mozilla also can and does have security bugs. As such, it is
in principle as vulnerable to worms as OE.
HOWEVER, it now depends on the security strategy on how often such bugs
appear. Microsoft has an extremely bad track record of security bugs.
Some of that might be due to the wide deployment, but that's not all. MS
also usually values features over security, and thus takes great risks
like ActiveX and enabling scripting in mail. While ActiveX problems
obviously don't apply to Mozilla, we have our own potential problem
source: XUL.
The security strategy is also largely reflected in the default
configuration. That's why Netscape 6, Mozilla and Beonex Communicator
are very different in their vulnerability. (And that's where OE also
falls short - extremely poor default config.)
* Netscape unfortunately chose to enable JavaScript in Mailnews by
default, making many of the major Navigator security bugs
potentionally exploitable in mail, possibly for email worms.
* Mozilla has JS in Mailnews disabled by default, making most (80+%)
attacks run against the wall.
* Beonex Communicator has JavaScript in Mailnews disabled, currently
with no UI to switch it on. It also has the Simply HTML mode
enabled by default, which should send almost all attacks to /dev/null.
Your warning about running executables of course is always a good
advice. Never run binaries you didn't expect (even if they appear to
come from a friend - worms use your friends' address books to fool you).
Mozilla based apps help here by (currently) not offering a way to start
the binary from Mozilla - you have to save and then execute in the Explorer.
