Read the vulnerability description. "Executes code under user perms". Pretty common for most application vulns. Quite a bit different than 'executes perms as activex admin user' or 'executes arbitrary code under IE that is tied into the rest of the operating system'. Vulnerbilities are vulnerabilites...but poor design is poor design. I believe the 'true' context of the 'more secure' argument is based on design principles. Besides...take a look at how many vulns. are available for IE (closed source) compared to FireFox (open source). Take a standard security course, and they teach you that 10 hidden vulns. exist for each 1 discovered (using closed proprietary code).

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11119/31816#31816