Insecure Plugins Ding IE, Safari, Chrome, Opera

Posted by kdawson on Monday January 25, 2010 @11:46AM from the black-powder-in-the-sandbox dept.

krebsonsecurity writes "The Web browser wars often focus on which browser is more secure, but the dirty secret is that insecure plugins are a serious threat to all browsers, from the perspectives of both stability and security. Krebsonsecurity.com features an informative look at the administration page for a popular browser exploit kit called Eleonora, which suggests that plugins like Adobe Reader and Java are leading to successful compromises for users surfing not just with Internet Explorer, but also with Google Chrome, Firefox, Safari, and Opera."

1 of 141 comments (clear)

Min score:

Reason:

Sort:

The model by Anonymous Coward · 2010-01-25 11:55 · Score: 5, Insightful

Perhaps the real insecurity is the whole model whereby the entire system depends on the ability for any random server to download arbitrary program code to your machine and execute it just because you visited their server, or a page that had an embedded link to your server.
It is probably foolish to believe that you could ever build a [useful] system that had no security flaws but still allowed untrusted, unprompted arbitrary code execution.