See the URL. It's very easy to make a convincing spoof of the info bar. (23:52:16) <bz> CTho: firefox security, for now. cc me, dveditz, jruderman, jst, I guess (23:52:22) <bz> Ctho: and mconnor Note that bug 270443 is adding the same thing to Seamonkey.
So we have three questions here: 1) What is the danger in the info bar being spoofable? 2) What can we do to mitigate said danger? 3) What can we do to prevent the info bar being spoofed, if needed? Thoughts so far: 1) Sites can spoof plugin finder and other informational "dialogs". Users may have more trust in infobar-alikes than in random other content. 2) Not sure. 3) The only thing I've thought of so far is putting the info bar somewhere where sites can't possibly make it appear. Say between the menubar and the URL bar (or above the URL bar on the mac). This has the obvious drawback of not playing nice with tabbrowser.....
"Firefox has determined that this site is secure." Possible Solutions: Position Info Bar so that page cannot paint there, e.g. above tabs. (Not completely safe for naive users.) Bug was my idea, removing security flag per policy.
*** This bug has been marked as a duplicate of 252257 ***
Status: NEW → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.