MozillaZine

Full Article Attached Fully Scriptable Plug-ins for Mozilla

Thursday July 18th, 2002

Yesterday, the Netscape Tech Evangelism Team made a posting to netscape.public.mozilla.plugins announcing that the latest versions of Macromedia Flash and Apple QuickTime are scriptable in Mozilla. Read the full article for more details.

Thanks to Asa for the news.


#14 Re: question about xpcom

by leafdigital

Friday July 19th, 2002 3:30 AM

You are replying to this message

I don't think there is a great deal of security, but there are fewer XPCOM-enabled plugins. Windows comes with a great many ActiveX/OLE controls, some of which have had security holes and some of which are not really intended for use in Web pages (but can be...).

It is entirely possible that a plugin such as Flash or Quicktime could include a security flaw which might be exploitable via the XPCOM / Javascript plugin communication mechanisms (or by some other mechanism such as passing invalid parameters to the embed tag). However, Mozilla won't have the same variety of available controls to abuse.

So in summary, Mozilla's system may be less secure in principle (no code signing, no control over plugin scripting), but in practice there is a much smaller risk.

(And of course, it is no less secure than Netscape 4's system. I don't recall any Netscape 4 security issues related to Javascript control of common plug-ins).

--sam