Open Bug 1149672 Opened 9 years ago Updated 2 years ago

Drop support for insecure OpenSearch plugins (require HTTPS)

Categories

(Firefox :: Search, defect, P3)

Product:
Firefox
Component:
Search
Type:
defect

Tracking

()

People

(Reporter: davemgarrett, Unassigned)

References

Details

Search plugins using HTTP instead of HTTPS have always been a privacy risk, however recent event have shown that it is a far larger security risk than previously thought. The recent massive GitHub DDoS was primarily conducted via injection of a malicious script into legitimate traffic of Baidu users. [1]

I argue the following:
1) Search traffic is common and a very high-value target for an attacker. It warrants an extra expectation of security.
2) Firefox has no UI to indicate the security status of a search engine plugin. The user is entirely reliant on Mozilla to assess security here.
3) Search is a natural part of many users' work-flow, and many may not even realize the privacy risks they are taking. (in particular, because of the lack of a security UI)

As such, I think it's reasonable to require that all search plugins used in Firefox perform all activities over HTTPS and all HTTP support for search plugins should be removed. All legacy plugins should be required to transition to HTTPS ASAP and support for insecure searches via plugins should be phased out within a short timeframe.

Search via HTTP web pages would of course not be affected, however Firefox actually has a UI to indicate that scenario. For partial backwards compatibility, an attempt to install or use a pre-existing HTTP search plugin should result in a Firefox security message with the option to simply take the user to the full-featured search site instead.

This sort of proposal is likely to be relatively non-controversial, but the timeframe is where the contention will be. (e.g. I think 3-6 months; others may want a year or more, others will want it "eventually" and want to drop the subject) The other concern is whether or not Mozilla has search contracts from companies that are lazy or malicious and not willing to update their servers. (probably the former)

[1] http://netres.ec/?b=153DB4E
status-firefox40: affected → ---
Priority: -- → P3

Just to note, WebExtensions already limit to https only, we still need to limit OpenSearch engines.

Severity: normal → S3
Summary: Drop support for insecure search plugins (require HTTPS) → Drop support for insecure OpenSearch plugins (require HTTPS)
Depends on: 1789438
Depends on: 1794463
You need to log in before you can comment on or make changes to this bug.