MozillaZine

Full Article Attached Towards Mozilla 1.0

Tuesday June 26th, 2001

Gervase Markham recently posted his feelings on what a 1.0 release of Mozilla would be. Gerv has sent us the follow-up to that posting, including much of the feedback he received. To read it, click the full article link. Once you have read through it, we welcome you to post your feelings on what you think a 1.0 release would have. [As Gerv says, please don't post your favorite list of bugs, only the criteria for choosing what bugs to fix.]


#99 Re: Re: Re: Security

by strauss

Wednesday June 27th, 2001 5:38 PM

You are replying to this message

There is some coverage of XUL security here ( <http://www.mozilla.org/rd…hat_is_the_security_model> ), as well as this paper ( <http://www.mozilla.org/pr…ty/components/design.html> ) from early June of this year.

It's not particularly heartening, though. It may be that some or all of the Netscape 6.x browser versions have gone out with the capability to run remote XUL, with JavaScript APIs that have not undergone security review, and with no firewall preventing remote JavaScript from interacting with privileged XUL code.

This also implies that anyone running Mozilla is vulnerable to exploits through these mechanisms, since these safeguards have not yet been put in place.

I'd like to hear the answer that it's not really that bad, so please feel free to correct any errors I've made in reading these pages. For instance, it may be discussing things in a way that makes them look like they're for the future, when in fact they're already implemented.