Linked by Kroc Camen on Sat 17th Oct 2009 05:27 UTC
Microsoft Whilst it's not okay in Microsoft's eyes for Google to install a plugin into Internet Explorer, increasing the potential surface area of attack, when Microsoft do it to Firefox, it's a different matter. Now a security hole has been found in a plugin that Microsoft have been silently installing into Firefox.
Thread beginning with comment 389785
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: Opt-in
by Erunno on Sat 17th Oct 2009 11:35 UTC in reply to "RE[4]: Opt-in"
Erunno
Member since:
2007-06-22

Thanks for the corrections, and I had forgot to add IE8/Vista to my list, which sandboxes plugins too.


IE8 and Chrome both feature a process-per-tab model (although in reality there are exceptions when a new tab is run in the same process as its parent, at least on Chrome). Safari only outsources plug-ins into processes, probably mainly to be able to run 32-bit stuff like Flash. Interestingly enough, although IE8 also runs Flash in a separate process it is not able to use it in a 32/64 bit mixed mode like Safari, i.e. Flash does not work with 64-bit IE8.

And I don't want to sound patronizing by repeating myself but Chrome does not sandbox plug-ins by default. I know that there are different opinions on what constitutes sandboxing but in the context of Chrome calling a separate process a sandbox does not apply since Chrome additionally is able to lock down individual processes.

Reply Parent Score: 2

RE[6]: Opt-in
by PlatformAgnostic on Sat 17th Oct 2009 16:40 in reply to "RE[5]: Opt-in"
PlatformAgnostic Member since:
2006-01-02

IE runs plugins in the same process as the renderer, so it can't currently do the 64-bit/32-bit mix.

Reply Parent Score: 2

RE[7]: Opt-in
by Erunno on Sat 17th Oct 2009 17:12 in reply to "RE[6]: Opt-in"
Erunno Member since:
2007-06-22

IE runs plugins in the same process as the renderer, so it can't currently do the 64-bit/32-bit mix.


Strange, I thought I caught a glimpse of a "FlashHelper" (or similarly named) process last time I used Windows 7. It must be used for some other purpose then, I guess.

Reply Parent Score: 2