![]() ![]() An attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks. ![]() However, it sounds like you're not really developing a web application anyway - your site in IE is basically a portal to downloading further ActiveX-based applications. TRENDnet recently received a report stating a possible Web Server Directory Traversal Arbitrary File Access vulnerability in the 28-Port Gigabit Web Smart Switch, model TEG-30284, Hardware Version: 1.0R. This is completely against Chrome's sandbox everything and wall off every tab approach - the reason why Chrome is by far the quickest, most secure and most stable browser is the same reason that it currently only supports Flash, Silverlight and one or two more. Also if a malign site can't hack your browser it might still be able to hack one of its ActiveXs. That means that if you let in an ActiveX component it owns your PC - and while many are not malign most are resource hogs. Chrome currently supports only a small subset of ActiveX components entirely on purpose, and it's never going to support them all, and especially lots of random 3rd party propriety ones.īecause ActiveX is a mess - it's a huge security hole and all the components can run at a higher security level than the browser.
0 Comments
Leave a Reply. |