Closed
Bug 1532338
Opened 5 years ago
Closed 5 years ago
Stronger auth dialog abuse enforcement
Categories
(Firefox :: Security, enhancement, P1)
Firefox
Security
Tracking
()
RESOLVED
FIXED
Firefox 68
Tracking | Status | |
---|---|---|
firefox68 | --- | fixed |
People
(Reporter: johannh, Assigned: johannh)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
For compat reasons we made the patch in bug 377496 to be a "safe" version of the auth dialog abuse protections, which is still somewhat annoying to users that encounter evil websites. To make our protections better, we could consider tightening the restrictions in the following two ways:
- Make the block apply to the domain of the top-level frame (i.e. what's in the URL bar) instead of the sub-resource
- Reduce the number of allowed cancellations to 1 or (more realistically) 2
I'd like to give this a spin on Nightly 68 and see if there's any fallout.
Assignee | ||
Comment 1•5 years ago
|
||
- Make the block apply to the domain of the top-level frame (i.e. what's in the URL bar) instead of the sub-resource
- Reduce the number of allowed cancellations to 2
Assignee | ||
Comment 2•5 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=44deb31657863a976d10095d81e527a64ab90e9b
Assignee | ||
Comment 3•5 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=904267813082033f6e0ca4d56de105512aab4d10
Assignee | ||
Comment 4•5 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=0aff7c6ea71c004b1d1c24aa8c04b1830f414160
Pushed by jhofmann@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/6a15b5d2bf74 Add stronger restrictions for basic auth dialog abuse protection. r=MattN
Comment 6•5 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox68:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 68
You need to log in
before you can comment on or make changes to this bug.
Description
•