Closed
Bug 1532338
Opened 6 years ago
Closed 6 years ago
Stronger auth dialog abuse enforcement
Categories
(Firefox :: Security, enhancement, P1)
Firefox
Security
Tracking
()
RESOLVED
FIXED
Firefox 68
Tracking | Status | |
---|---|---|
firefox68 | --- | fixed |
People
(Reporter: johannh, Assigned: johannh)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
For compat reasons we made the patch in bug 377496 to be a "safe" version of the auth dialog abuse protections, which is still somewhat annoying to users that encounter evil websites. To make our protections better, we could consider tightening the restrictions in the following two ways:
- Make the block apply to the domain of the top-level frame (i.e. what's in the URL bar) instead of the sub-resource
- Reduce the number of allowed cancellations to 1 or (more realistically) 2
I'd like to give this a spin on Nightly 68 and see if there's any fallout.
Assignee | ||
Comment 1•6 years ago
|
||
- Make the block apply to the domain of the top-level frame (i.e. what's in the URL bar) instead of the sub-resource
- Reduce the number of allowed cancellations to 2
Assignee | ||
Comment 2•6 years ago
|
||
Assignee | ||
Comment 3•6 years ago
|
||
Assignee | ||
Comment 4•6 years ago
|
||
Pushed by jhofmann@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/6a15b5d2bf74
Add stronger restrictions for basic auth dialog abuse protection. r=MattN
Comment 6•6 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox68:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 68
You need to log in
before you can comment on or make changes to this bug.
Description
•