Closed Bug 138308 Opened 23 years ago Closed 22 years ago

Pref to block images from third party servers doesn't block IFRAMES from thrid party servers

Categories

(Core :: Graphics: Image Blocking, defect, P2)

All
Windows 2000
defect

Tracking

()

RESOLVED DUPLICATE of bug 64066
Future

People

(Reporter: saveliev, Assigned: security-bugs)

References

()

Details

Here's the javascript used: http://ar.atwola.com/file/adsWrapper.js The htmlAdWH function. Looks like iframe image blocking issue.
those images are in different servers, you are probably blocking images from 'www.cnn.com', while the images are located in 'i.cnn.net', 'toolbar.netscape.com' and 'ar.atwola.com'
I cannot reproduce this bug in Moz1-RC1 for Linux. Reporter (asavelev@eni-net.com), please can you check to see whether this bug is still present in a recent build (Moz1-RC1 or a new nightly build). If this bug does not occur please can you resolve it worksforme. Please note that when you click in a image and block it, you're blocking the server that sent the image, and when you use tools->image manager you're blocking images from the server that sent the page.
Hm... sorry for formulating subject wrong. I am talking about "Accept images that come from originating server only" setting. I don't block images manualy. I just tested in RC1, same thing.
I am not sure if this is a bug, the page displayed in the IFRAME is served by ar.atwola.com, the same server that sends the images...
Yes, but iframe is displayed in www.cnn.com page. I haven't found any bugs in Image Management component that have word iframe in them. Does it belong to some other component?
hard to say, because the exact issue isn't clear, but this looks like a dupe of bug 48660
this is not a dup of bug 48660 That is about issues with the image blocking code and seperate servers. This bug is simply about the fact that these pages are loading files in an IFrame. This means that the Pref to block images from third party servers doesn't matter because the IFrame's HTML is also coming from the third party server. This is similar, but not quite a dup, of bug 64066. Changing summary to reflect true meaning of this bug. This would effectively be implemented as a security pref to "block IFRAMEs from third party servers" It wouldn't surprise me if the backend for this feature already existed with the security code we have now, and we just need a front end to implement it. IE has a similar feature to avoid navigating subframes across domains, but that has a slightly different usage.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Image blocker doesn't work on www.cnn.com and sites using atwola.com → Pref to block images from third party servers doesn't block IFRAMES from thrid party servers
Status: NEW → ASSIGNED
Priority: -- → P2
Target Milestone: --- → mozilla1.1beta
Target Milestone: mozilla1.1beta → mozilla1.2beta
Mass reassigning of Image manager bugs to mstoltz@netscape.com, and futuring. Most of these bugs are enhancement requests or are otherwise low priority at this time.
Assignee: morse → mstoltz
Status: ASSIGNED → NEW
Target Milestone: mozilla1.2beta → Future
QA Contact: tever → nobody
This looks a lot like bug 64066. When the image manager blocks iframes, it will also be possible to block third party iframes. *** This bug has been marked as a duplicate of 64066 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.