Why we need Gecko updates

Tanstaafl tanstaafl at libertytrek.org
Wed Dec 9 15:07:55 UTC 2015


On 12/8/2015 7:40 PM, Ben Bucksch <ben.bucksch at beonex.com> wrote:
> As you know from being at the Mozilla Security Group and the public 
> advisories, the Gecko rendering and JS engine has security holes fairly 
> regularly. Every month (or every few months), there's a critical 
> security hole, whereby "critical" means that any random ad published via 
> an ad server on a website you visit can read all your files on your 
> computer, install random malware, impersonate as you, and generally can 
> do whatever you can do on your own computer.

So...

Has anyone ever looked into how much effort would be involved in making
the HTML rendering engine somehow modular? But I guess that would
introduce other build issues of its own...



More information about the tb-planning mailing list