They didn't invent it, but they've sure run with it. There's no about://download... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tedunangst on June 11, 2012 \| parent \| context \| favorite \| on: Chromium Blog: A Tale Of Two Pwnies (Part 2) They didn't invent it, but they've sure run with it. There's no about://downloads in firefox afaik, to pick one example from the exploit. It just feels like the obvious solution to "superuser" web pages is not some high tech intrusion system, but to not have superuser web pages. It's like every heist movie ever made where the thief dodges through the dancing laser beams. I think the ideological pressure to make literally everything be the "web" is costing them real security here. And just like the movies, it does look cool.

dchest on June 11, 2012 [–]

http://kb.mozillazine.org/Dev_:_Firefox_Chrome_URLs

tedunangst on June 11, 2012 | [–]

Thanks. That's kinda terrifying. I knew a little about xul, but underestimated its usage because the little windows don't look quite as much like web pages. More blame for mozilla I guess...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact