General Discussion • Re: This might spawn THOUSANDS of vulnerabilities on Pale Moon (Or might not)

Am I correct in assuming that for any vulnerability, no matter how it was discovered, a potential attacker would still have to find a way to take over your machine, right? Before being able to exploit anything?

Well, it depends on a few factors. For one thing, the attacker might simply want to see what you have in other tabs, read your cookies, stored passwords, etc. And they could possibly do all that from within the browser itself without touching the operating system, if the browser is compromised. A lot of sensitive data is unfortunately stored in browsers.

Now, if the question is, can they use the compromised browser to get at your underlying operating system, and read or write to arbitrary files... that's a bit different. It can depend on things like how up-to-date your OS is, UAC settings, what level of trust you run the browser with, etc. In all honesty, there's actually an argument to be made for running just about any browser inside a virtual machine rather than on bare metal if you have the resources to spare. Let's put it like that. Even better would likely be not storing your passwords, history, cookies, or bookmarks, and never having more than one tab open at a time... but at some point the amount of inconvenience would outweigh the added security for most people.