[cesarb]

> Flash (and probably ActiveX) were also executed in a "sandboxed environment", including "limited access to the system's resources".

IIRC, the main issue with ActiveX was that it did not execute in a sandboxed environment, unlike Flash and Java. With ActiveX, all you had was a cryptographic signature saying it came from a trusted publisher; past that, the full Win32 API was available, with complete access to the operating system.

[Amigo5862]

That wouldn't particularly surprise me. I never used ActiveX, so I can't really speak to that one. But then, there also weren't many (public) websites that I ever ran into that wanted to use it.

[josephg]

> But then, there also weren't many (public) websites that I ever ran into that wanted to use it.

As I understand it there were weird pockets where organisations went hard in to activeX. IIRC it was used heavily by the South Korean government, and a lot of internal corporate intranet projects for all sorts of things.

That obviously caused massive problems a few years later when Microsoft tried to discontinue activex and make IE/Edge a normal web browser.

[technion]

As someone who still has to support users of several ActiveX apps, turning off the "block unsigned ActiveX" setting goes with the territory of using it.