As we still have reports of bugs like Bug 1425264 it would be good to mitigate this somehow. We have implemented a limit of content 'alert("foo")' attacks by adding a "disable prompts for this site" in context of a tab. Something similar could be implemented for authentication, I think binding to TLD+1 could be the right context. Re-allow should be allowed from the addressbar notification area, probably it could be a permission, to piggyback on the existing model.
Component: Notifications and Alerts → Password Manager
Priority: -- → P2
See Also: → 613785
6 months ago
Whiteboard: [passwords:http-auth] security:passwords
Priority: P2 → P3
You need to log in before you can comment on or make changes to this bug.