CtP discoverability issues proposal

Justin Dolske dolske at mozilla.com
Thu Sep 5 19:59:02 UTC 2013


On 9/5/13 9:50 AM, Richard Bateman wrote:

> [...]How many such individual plugins are there that
> are malicious? How do they normally get installed?  I can understand a
> concern about plugins with security vulnerabilities, but I have never
> even heard of a widespread plugin that was actually an attack.

Are we talking about the same "plugins"? Flash and Java have been huge 
attack vectors over the years, and continue to be despite signifigant 
efforts to address their exploitability. I expect other plugins to have 
just as many security and stability issues -- the web is a wild and 
difficult place to expose code.

This is pretty broadly agreed upon, so I think the burden would be on 
others to show why that's _not_ true.

Justin




More information about the firefox-dev mailing list