[opensource] New Web Browser
Adam C. Champion
champion at cse.ohio-state.edu
Thu Oct 25 14:32:42 EDT 2007
Wow. I thought ActiveX scripts ran in a "sandbox" within the client's IE
browser, like Java applets do in any browser. I know IE 7+ in Vista
places restrictions on scripts and "active Web content", but users of
previous Windows versions can't download IE 7+! So other versions of IE
run ActiveX scripts with the user's permissions? Yikes.
I can think of many ways these "features" can be abused, and potentially
open up security vulnerabilities...
-Adam
Paul Betts wrote:
>> but how does it "lock down" students' *entire*
>> interaction with the OS (e.g., prevent them from closing or minimizing
>> the browser)?
>
> If they're running their own ActiveX control, they can do *anything they
> want*. They are running arbitrary C++ code in the context of your username.
>
More information about the Opensource
mailing list