[whatwg] Dealing with UI redress vulnerabilities inherent to the current web
mjs at apple.com
Tue Sep 30 15:57:21 PDT 2008
On Sep 30, 2008, at 7:57 AM, Elliotte Harold wrote:
> Maciej Stachowiak wrote:
>> More generally, I am on Apple's internal incoming security bug
>> list, and I see Java applet security bugs all the time, so I think
>> whatever the strength of the model may be, it does not lead to Java
>> applets being secure in practice.
> Are those bugs in the model or in the VM? Stack overflow issues,
> buggy code, and such are of a different character than fundamental
> design flaws. Simple bugs can be fixed much more easily.
Many of the bugs I see are about what applet has access to what
network or local resources, i.e. failures of the access control model.
I do not have direct knowledge of how easy these are to fix compared
to other Java applet bugs.
More information about the whatwg