Closed
Bug 199996
Opened 21 years ago
Closed 21 years ago
Allow browser to lock down a page or site
Categories
(Core :: Security, enhancement)
Tracking
()
VERIFIED
DUPLICATE
of bug 199825
People
(Reporter: wolruf, Assigned: security-bugs)
Details
Security idea: mozilla loads a SSL page, everything included in the page (iframe, img src, js, etc.) loaded from another HTTP site not using the same certificate is rejected. User would get a warning popup that site will use a special security mode allowing the page to only download content from the site he's loaded the main page from. Possibility to have a whitelist so that you could re-enable more sites to download content from, on a per-object basis Possible usage: implement a new HTTP header X-Lockdown ? (from kirun on #mz) Background idea: the browser is the client, webmail and many management apps are using it and manipulating uncontrolled user data, it's nearly impossible to secure a webmail client totally, malicious users always discover a new flaw (search XSS on Google for examples). This is pushing the concept of mixed mode content a bit further. Filed as a RFE as it'd require to implement something new in Mozilla (and in web apps of course). Similar to what Mozilla does with Link Prefetching.
Assignee | ||
Comment 1•21 years ago
|
||
Strange, to get the same request twice today... *** This bug has been marked as a duplicate of 199825 ***
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Comment 2•21 years ago
|
||
I was trying to add even more ideas about it which would go further (whitelist, etc.), shall I comment in the other bug report then ? The main apps using it would be: webmail, web applications generally speaking (there're plenty, and expensive ones !)
Assignee | ||
Comment 3•21 years ago
|
||
Yes, please continue the discussion in the other bug.
You need to log in
before you can comment on or make changes to this bug.
Description
•