Mozilla 1.6 ActiveX Control Installer and Scriptable ActiveX Plugin for Mozilla 1.6 Released
Tuesday January 20th, 2004
Adam Lock writes: "Following in the wake of Mozilla 1.6, I'm happy to announce the release of the new standalone Mozilla 1.6 ActiveX Control installer and the Scriptable ActiveX Plugin for Mozilla 1.6. Both are available from my website.
"New features for the control include support for
"There are no new features in the plugin but Mozilla 1.6 is unencumbered by the regression that disabled scripting support in 1.5."
#6 Re: Oops
Wednesday January 21st, 2004 6:38 AM
You are replying to this message
There are plenty of words on security on the plugin page from a technical perspective. Read how many times I talk about activex.js and nsAxSecurityPolicy.js.
However, the default behaviour is to host & script controls marked safe for scripting and to download and offer to install signed controls. All other controls (e.g. those not marked safe) are not hosted. You can change these settings if you like from activex.js which is fully documented. The plugin also honours the IE blacklist as well as allowing you to set up your own blacklist / whitelist.
However, overall I don't think think security is a big deal yet. I'd rather have people exercising the functionality rather than disabling it all by default. I would obviously change the policy if the plugin shipped by default with Firebird / Mozilla. The same thing happened in NS7.1 where the plugin was locked down to host the Windows Media Player control only.
But then again ActiveX security is not what Mozilla users should be worrying about. Ask yourself how many XPI files are signed for example and what a black hat could do with that knowledge if they felt so inclined.