I’ll give a talk at Ruxcon this year (29th to 30th november 2008), called GPU Powered Malware. I’ll talk about how malware could eventually use GPGPU technologies (such as CUDA, Stream Computing and OpenCL) as an anti-reverse engineering technique. Thanks to the organizers for giving me this opportunity.
As some people asked, yes the issues have been reported to the Mozilla security team (thanks to JP Gaulier and Tristan Nitot). And the result is a bug report marked as invalid (which is normal, since what we wanted to communicate was not a bug report but rather design issues).
So basically the situation is: ActiveX is bad because there is absolutely no security policy. There is absolutely no security policy for Firefox extensions but it’s cool.
I’m out, I really need a double shot of espresso now.