Firefox Lead Engineer On Origins, Security, And More

An anonymous reader writes "ZDNet has an interesting interview with Ben Goodger, the lead engineer for Firefox. When asked to comment on critics' claim that Firefox has a better security reputation than IE because it doesn't have enough market share to attract trouble, Goodger responded with a one-two punch. "Firefox is better designed in a number of ways -- we have no "mode" that allows untrusted content to be executed automatically, for example -- no "safe zone. Another reason -- market share does not predict security. Apache has more market share than has Microsoft IIS, which has more holes than Apache." On Longhorn, he believes it will be a tough sell for Microsoft because of backward compatibility issues."

Re:Correction

[stormcoder]

Boy I wish I had mod points. Clueless people going on about things they don't know anything about.

ActiveX is native code, essentially, specially modified DLL's that run unsandboxed with the same permissions as the parent process. This opens up all kinds of fun things you can do to someones system. On top of this interesting feature there are IE zones, which give different default execution permissions. For instance, the Internet zone causes a prompt to be shown when an unsafe ActiveX control is trying to execute. Unfortunately it is relatively easy to trick IE into thinking an ActiveX control is coming from a trusted zone, which doesn't prompt before executing an unsafe ActiveX control. And another problem is that many ActiveX controls are marked safe, but are in actuallity, unsafe.

So how is the above similar to XPI? You always get a prompt from XPI files. Even if an XPI is signed you get a prompt. What's similar?