[Cartwright2]

Wasn't there a similar issue in another browser here on HN recently? How does this actually happen - two different security companies both push out "secure" browsers that are fundamentally insecure. I'm not even in the security business and I know it would be fatal to publish a Chrome build without cors. What I can't understand is why would they ever disable it? Seems almost like an act of malice.

[wepple]

I'd argue Comodo isn't a security company. It's a software company that markets software which intends to have a positive effect on one aspect of your security (namely, malware). They're using 20 yearold ineffective techniques to do attempt to have a positive effect on your security, and whether there is a positive, negative, or neutral net effect is to be debated.

They continue to make hundreds of millions of dollars, so they keep going.

Edit: are you talking about this: https://news.ycombinator.com/item?id=8866784 ? I'd have thought a company like whitehatsec would be able to do a better job with a browser.

[jameslk]

> Wasn't there a similar issue in another browser here on HN recently?

This one?: https://news.ycombinator.com/item?id=10882563