It's my perception that Java is plagued with more frequent security problems than Flash, and Flash moreso than Javascript.
Is this perception accurate?
If so, what's the reasoning? I would think Javascript would be the most-breached browser-based code execution sandbox for the same reason Windows is the most-breached OS: It's the most popular.
For one thing, there's no code base called "JavaScript." There's V8, SpiderMonkey, JavaScriptCore, Chakra, and more, and an exploit in one is unlikely to work in others. Flash and Java each have a larger market share than any given JavaScript implementation.
Java is an interesting case in that the same platform needs to support sandboxed browser applets and desktop/server software. Unlike JavaScript, the designers of Java don't have the ability to simply leave the capability of OS access out of the platform entirely. They rely on a sandbox to keep untrusted code from calling unsafe procedures, and it's the sandbox that failed here.
the DOM doesnt allow most of the things an applet can do , furthermore security lies in browser , not a third party plugin. A plugin is a native extension running directly in the user machine , javascript and the DOM api run only in the browser ( in the client context ). Doesnt mean javascript is secure , it means the browser vendors directly are responsible for its security.That's not the case with a plugin.
Is this perception accurate?
If so, what's the reasoning? I would think Javascript would be the most-breached browser-based code execution sandbox for the same reason Windows is the most-breached OS: It's the most popular.