comment on journal entry: the fundamental security flaw in Mozilla browsers
:-
what's the point ?
Agreed with Andrew. What's the point of being able to do such things in javascript ? It's only a feature, nothing really of a flaw.. And it require to click to open the window. So It really depend on the user. If there is a flaw, it's the user.
But a nice thing is that it shows me how firefox is powerfull.
Still think firefox's safe.
Etienne. [Etienne] [reply] -
feature vs flaw
XUL is the language used to write the high-level interface for Firefox. It was designed from day 1 to be an application markup language. The core of the Firefox interface is available to be reused in XUL, so each element (back/fwd buttons, status bar etc) will appear identical to the real versions. These components will even assume the current theme. Therefore, to both the layman and the advanced user, a Firefox spoof interface will be almost impossible to spot.
According to Mozilla:
"The goal of XUL is to build cross platform applications, in contrast to DHTML which is intended for developing web pages."
"XUL blurs the distinction between desktop application and Internet browser apps because it is firmly entrenched in both worlds"
This is indeed a "feature" of Firefox (and not IE). But in my opinion it also represents a significant flaw, due to the ease at which one can re-make the Firefox user interface. Any website can execute XUL code in Firefox without restriction.
Interesting that you still feel Firefox is safe, despite reading about the XUL spoofing vulnerability. Complacency in Firefox users is less common than amongst IE users. However, attitudes like yours will hopefully lead to the flaws in Firefox to being quickly exposed for the benefit of all others. [Chris Beach] [reply]
[view more replies on journal entry the fundamental security flaw in mozilla browsers]