What happened to hiring an architect?

Jim squibblyflabbetydoo at gmail.com
Fri Dec 16 17:28:07 UTC 2016


On Fri, Dec 16, 2016 at 10:47 AM, Disaster Master <
disasterlistmanager at gmail.com> wrote:

> If the 'browser' 'feature' in TB is removed, and only basic HTML email
> rendering is allowed (lock it down I say), what, exactly, are these
> mysterious risks?
>

Generally, use-after-free allowing an attacker to execute arbitrary code.
This happens more often with JS, but every part of Gecko is potentially
vulnerable, and unlike websites, email gets *pushed* to you, making it more
likely that even safe email habits can result in a breach. (To be fair,
there's a similar problem with ad networks on the web, since they're the
primary vector for malware when browsing.)

About the only saving grace for Postbox (and Thunderbird, really) is that
there aren't that many users compared to web browsers, so broad attacks
don't make as much sense.

- Jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20161216/e5fa3c66/attachment.html>


More information about the tb-planning mailing list