From: Mike '/m' 

On Fri, 08 Jul 2005 20:10:07 -0400, Mike N.  wrote:

>On Fri, 08 Jul 2005 17:55:09 -0400, Mike '/m'  wrote:
>
>>>there's no way to secure older browsers to the same level.
>>
>>I don't know if you should be so absolute.
>
>  ... with qualifiers of course: same level with Javascript enabled, etc.

I still you are too absolute.   For example, in my quick reading of the
article, one of the exploits was to place a nicely formed windows over the
address bar of the browser, blocking out the address.  Opera would open
that window in a new tab.  There is also a checkbox in Opera's config that
says to always show the source URL of Javascript boxes, even when the
Javascript says otherwise.

But my main point is that XPSP2 threw a lot of spackle on the architectural
security chasms in IE.  I remain to be convinced that other browsers need
that spackle in order to be as secure as IE*.  For starters, on IE presents
the hackers with a high-bandwidth gateway into the heart of the OS.  None
of the other browsers are so intermingled with the operating system.

 /m


* - "as secure as IE", amazing that I could type that without putting a
smiley in there...

--- BBBS/NT v4.01 Flag-5