Closed Bug 1532338 Opened 5 years ago Closed 5 years ago

Stronger auth dialog abuse enforcement

Categories

(Firefox :: Security, enhancement, P1)

enhancement

Tracking

()

RESOLVED FIXED
Firefox 68
Tracking Status
firefox68 --- fixed

People

(Reporter: johannh, Assigned: johannh)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

For compat reasons we made the patch in bug 377496 to be a "safe" version of the auth dialog abuse protections, which is still somewhat annoying to users that encounter evil websites. To make our protections better, we could consider tightening the restrictions in the following two ways:

  • Make the block apply to the domain of the top-level frame (i.e. what's in the URL bar) instead of the sub-resource
  • Reduce the number of allowed cancellations to 1 or (more realistically) 2

I'd like to give this a spin on Nightly 68 and see if there's any fallout.

  • Make the block apply to the domain of the top-level frame (i.e. what's in the URL bar) instead of the sub-resource
  • Reduce the number of allowed cancellations to 2
Pushed by jhofmann@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/6a15b5d2bf74
Add stronger restrictions for basic auth dialog abuse protection. r=MattN
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 68
You need to log in before you can comment on or make changes to this bug.