[opensource] New Web Browser

Adam C. Champion champion at cse.ohio-state.edu
Thu Oct 25 14:32:42 EDT 2007


Wow. I thought ActiveX scripts ran in a "sandbox" within the client's IE 
browser, like Java applets do in any browser. I know IE 7+ in Vista 
places restrictions on scripts and "active Web content", but users of 
previous Windows versions can't download IE 7+! So other versions of IE 
run ActiveX scripts with the user's permissions? Yikes.

I can think of many ways these "features" can be abused, and potentially 
open up security vulnerabilities...

-Adam

Paul Betts wrote:
>> but how does it "lock down" students' *entire*
>> interaction with the OS (e.g., prevent them from closing or minimizing
>> the browser)?
> 
> If they're running their own ActiveX control, they can do *anything they 
> want*. They are running arbitrary C++ code in the context of your username.
> 


More information about the Opensource mailing list