Is this a dupe of a closed bug?
See related bug 123913 comment 19.
Summary: There is a potential security problem with the dialog which reqest the master password → There is a potential security problem with the dialog which reqest the master password etc. [SA15489]
I read bug 123913 comment 19. Although fixing 123913 can resolve the problem reported by Secunia, I think that a different dialog box (for example with a red background) is a solution also for a different kind of problem, fakes input dialogs. Fixing only 123913 doesn't avoid a malicious site to popup a dialog equal to the one that requests the master password, although it could not popup that window over another page. This should anyway be made impossible to do.
beta 3 too.
Is this not a dupe of bug 22183?
Severity: enhancement → critical
Confirming to new, we need to come up with a solution for this and try to get it in for 1.0.5.
Status: UNCONFIRMED → NEW
Ever confirmed: true
It would be good to have some sort of graphic in all dialog boxes that clearly indicates if it's a 'safe' (master password, site password) or 'unsafe' (js-input) dialog. Possibly something similar to the lock icon, though possibly not exactly the same to avoid confusion. But in general I think icons are more obvious then text saying 'application dialog' or something similar.
I think content-originating dialogs should have a distinctive appearance, like a colored background or border.
This will partially be fixed by 298934. We'll have to wait for a full fix in the next major release.
This is exactly what has been requested in bug 101611. I think we are already aware of a lot of problems, we just need the resources to work on them.
See comment 9 (bug 298934 - show host as title if dialog comes frome a site) and comment 10. *** This bug has been marked as a duplicate of 101611 ***
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.