Of course, but that's not what one expects of a browser whose reputation is built, at least partly, on security.
Never rely on reputation when it comes to security.
The fact remains that I clicked on a link in an email message as an unprivileged user on my web-facing machine, but found that I had connected to the web as root on a machine that normally only connects to the web for system updates.
*Never* click on a link in an email. You should have known that it's dangerous :-)
Also, regardless of the security implications, if I start a session on a remote box and start firefox, I do this because I want THAT user's set of bookmarks etc., not those of some arbitrary user on a different machine. As it stands, the only way to achieve this is to shut down all prior instances of firefox first, which is neither intuitive, nor desirable.
If you run different X applications (or instances) on the same X session, they may influence each other. As a side note, the start script of the Mozilla applications even prevent that you start instances of Firefox and Mozilla at the same time. So if you have a running firefox and start mozilla, you get another firefox instance. Surely not intuitive, but this alone is not a security risk.
As I mentioned in my original post, I don't know the details of the underlying mechanism, as it involves the interaction of X, ssh and firefox.
It depends on how you started your root session. A simple "su" for example leaves much of the original users' shell environment intact in the root session. The firefox start script may use some of this remnants. If the X authorization is shared (often done with "sux" or "ssh -X"), root operates on the *same* X session as your unprivileged user. This is completly different than two independent console logins. So from a security point of view, you shouldn't use Xwindows applications with root. Use a text mode browser instead. -- Michel Messerschmidt, lists@michel-messerschmidt.de