Closed
Bug 280481
Opened 20 years ago
Closed 20 years ago
Spoofing the info bar is easy
Categories
(Firefox :: General, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 252257
People
(Reporter: csthomas, Assigned: bugzilla)
References
()
Details
See the URL. It's very easy to make a convincing spoof of the info bar. (23:52:16) <bz> CTho: firefox security, for now. cc me, dveditz, jruderman, jst, I guess (23:52:22) <bz> Ctho: and mconnor Note that bug 270443 is adding the same thing to Seamonkey.
Comment 1•20 years ago
|
||
So we have three questions here: 1) What is the danger in the info bar being spoofable? 2) What can we do to mitigate said danger? 3) What can we do to prevent the info bar being spoofed, if needed? Thoughts so far: 1) Sites can spoof plugin finder and other informational "dialogs". Users may have more trust in infobar-alikes than in random other content. 2) Not sure. 3) The only thing I've thought of so far is putting the info bar somewhere where sites can't possibly make it appear. Say between the menubar and the URL bar (or above the URL bar on the mac). This has the obvious drawback of not playing nice with tabbrowser.....
Comment 2•20 years ago
|
||
"Firefox has determined that this site is secure." Possible Solutions: Position Info Bar so that page cannot paint there, e.g. above tabs. (Not completely safe for naive users.) Bug was my idea, removing security flag per policy.
Group: security
Comment 3•20 years ago
|
||
*** This bug has been marked as a duplicate of 252257 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Updated•20 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•