Closed Bug 1281454 Opened 8 years ago Closed 8 years ago

HTTP Auth dialog showing from an iframe

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Version:
47 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1281434

People

(Reporter: mounir, Unassigned)

Details

Attachments

(1 file)

doubleclick-auth.png
20.86 KB, image/png
Details
Attached image doubleclick-auth.png
After my lunch break, I came back to my desk with an HTTP auth dialog coming from Firefox. It was coming from an iframe (a DoubleClick ad) but it seems slightly malicious ("The site says "Google"' might be a phishing attempt). Should HTTP Auth be denied from iframes? It sounds that most users wouldn't really understand what's happening and it seems very easy to get username/password from them this way. (In general, the UX is fairly poor: being able to find which tab initiated the request would be good.)
Agreed. We tried--and failed--to kill these in bug 647010. bug 1281434 covers investigating approaches to the problem (heuristics? limits?) that might stick.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: