Implement frame busting protection
Categories
(Core :: Privacy: Anti-Tracking, enhancement)
Tracking
()
People
(Reporter: grazhdanindollar, Unassigned)
Details
(Keywords: dupeme)
Steps to reproduce:
Every FF version is affected.
Visit a site with embed frame busting 3rd party site.
Mostly noticeable in marketing/website advertisement/traffic exchanges niches.
Chrome used to have this feature as a flag option years ago and they have enabled by default later.
It was named "Frame busting requires same-origin".
It protects from:
1 doorways and similar stuff that are embedded, framed into another site. Example, I have recently visited a site that has a blogspot page embedded and that page had a doorway to adult content so when i visited a site that embedded broke top frame and redirected to an adult content site, was i happy to see it - nope.
2 Expired domains and bad configured sites. I have noticed that some expired domain landing pages are frame breakers and i when a site has third party content from expired domain then it also breaks a top frame.
Public example is http://ndossougbe.github.io/web-sandbox/interventions/3p-redirect.
I can provide more examples if needed.
My other report is posted here as well last year...
https://connect.mozilla.org/t5/ideas/implement-frame-busting-protection/idi-p/20909
Actual results:
Top frame is busted without user interaction and option to prevent it.
Expected results:
Like Chrome does - a notification in url bar that unwanted redirect is blocked.
Comment 1•1 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::Privacy: Anti-Tracking' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
Description
•