CtP discoverability issues proposal
dolske at mozilla.com
Thu Sep 5 19:59:02 UTC 2013
On 9/5/13 9:50 AM, Richard Bateman wrote:
> [...]How many such individual plugins are there that
> are malicious? How do they normally get installed? I can understand a
> concern about plugins with security vulnerabilities, but I have never
> even heard of a widespread plugin that was actually an attack.
Are we talking about the same "plugins"? Flash and Java have been huge
attack vectors over the years, and continue to be despite signifigant
efforts to address their exploitability. I expect other plugins to have
just as many security and stability issues -- the web is a wild and
difficult place to expose code.
This is pretty broadly agreed upon, so I think the burden would be on
others to show why that's _not_ true.
More information about the firefox-dev