- From: <bugzilla@jessica.w3.org>
- Date: Thu, 04 Aug 2011 17:02:17 +0000
- To: public-html-bugzilla@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=13032 --- Comment #11 from Aryeh Gregor <ayg@aryeh.name> 2011-08-04 17:02:15 UTC --- If the attacker can get the user to install a malicious plugin, they can run arbitrary code already. As long as that's the case, it doesn't hurt anything extra that the plugin also breaks out of sandboxes. If the plugin is some special type of restricted plugin that can't run arbitrary code and can only communicate with the browser and system through well-defined APIs, then those APIs could be designed such that it's not able to break out of sandboxes either. -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.
Received on Thursday, 4 August 2011 17:02:18 UTC