Open Bug 1432562 Opened 8 years ago Updated 5 months ago

Consider isolating ntlm auth by origin attributes

Categories

(Firefox :: Security, enhancement, P5)

Product:
Firefox
Component:
Security
Type:
enhancement

Tracking

()

People

(Reporter: jkt, Unassigned)

Details

Should we allow better management of ntlm management of network.automatic-ntlm-auth.allow-non-fqdn and network.automatic-ntlm-auth.trusted-uris prefs? I don't know enough about ntlm to know if this is a concern or not. Raised originally here: https://github.com/mozilla/multi-account-containers/issues/1089
Are either of you concerned at all by NTLM?
Flags: needinfo?(tom)
Flags: needinfo?(arthuredelstein)
I believe that Tor disables NTLM. I don't see a reason why we wouldn't want to isolate NTLM by Origin Attributes, but its priority is probably determined by how often its used and if it can be used actively/maliciously to break container boundaries? Maybe Tanvi has an opinion?
Flags: needinfo?(tom) → needinfo?(tanvi)
Looking into it more I don't think it is ever the default behaviour in the browser to be on, however I would have to investigate that further. Like the user who reported this had to whitelist certain domains to be enabled. I suspect this might be something for mkaply to determine if this is something enterprise use often enough to care if it leaks cross container? My current hunch is like Flash we keep it as a known OA leak that over time less people will use.
Severity: normal → minor
Flags: needinfo?(arthuredelstein) → needinfo?(mozilla)
Priority: -- → P5
I'm not so worried about leakage across Containers, given the usage of ntlm and of Containers. But it is an issue if it leaks from regular to private browsing mode. What happens when you visit private mode? Are you logged in with the credentials? If you are, then we have a bug. If you are not, where is the code that tells the browser not to give the credentials to private mode? As we migrate private browsing to Origin Attributes, we need to ensure that code still works.
Flags: needinfo?(tanvi)
My understanding that using NTLM is quite common in the enterprise, but they do whitelist domains. It would seem to me that isolating by origin attributes would make sense in this case as you might want to have an "enterprise" container and you wouldn't want the non enterprise container to authenticate.
Flags: needinfo?(mozilla)
> What happens when you visit private mode? Are you logged in with the credentials? I get a basic auth-like username/password prompt.
Severity: minor → S4
You need to log in before you can comment on or make changes to this bug.