Sorry, IE has a huge leg up over Firefox on Vista with the existence of Protected Mode. No matter how many remote execution holes IE (or an ActiveX control it loads) may have, I breathe a bit easier knowing that the token it is running under has severely restricted rights. Firefox runs with the same token as every other app on your desktop, thus a hole in Firefox can allow hackers to do anything that you yourself are allowed to do.
Protected Mode is built on publicly-documented Vista APIs, so I'm not sure what is stopping the Firefox folks from adopting this.
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
