Hacker News new | past | comments | ask | show | jobs | submit login

> [...] plugins don't need to be signed.

So the worst kind of threat is still there. Great job, Mozilla!

That's because plugins are going to need to be white-listed (modifiable via about:config). The win64 (beta) edition of Firefox only allows the Flash Player Plugin, for example.

isn't this still vulnerable to the attack reported up-thread where whatever malware just goes and changed about:config before installing their plugin? (and the reason that the addon opt-out is being removed from ff42)

yup, and that's what i don't get. statistically, plugins like java and flash are a bigger security threat than addons. i don't even remember an addon going rogue.

I also quite clearly recall mozilla stating that plug-ins are responsible for over 95% of all browser crashes.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact