Open Bug 36484 Opened 25 years ago Updated 3 years ago

Don't hit any server other than the main one

Categories

(Core :: Security, enhancement, P3)

Product:
Core
Component:
Security
Type:
enhancement

Tracking

()

Milestone:
Future

People

(Reporter: BenB, Unassigned)

References

Details

We have "Don't accept foreign cookies" and now also "Don't accept foreign images" preferences. The latter /might/* be nice for ads, but doesn't help with security: There still might be an embedded object, stylesheet or whatever will be invented in the future referenced by the page. I only what to load such files from the server (or site at most), which delivered the page. You could remove the "no foreign images prefs" in favor of this new pref, I think. This bug is a superset of bug #28327. *doubleclick already has a workaround for both prefs - if I'm right, they sometimes redirect complete sites to them
Status: NEW → ASSIGNED
Target Milestone: --- → M20
I was wondering when this would come up ... Rather than having one general set of prefs for foreign objects, and then special prefs just for images, you probably want to change the prefs related to `images' into prefs related to `objects' or `items'. This would cover images, applets, plugins, style sheets, whatever.
Blocks: 37983
No longer blocks: 37983
Depends on: 37983
Target Milestone: M20 → M30
Changing component.
Status: ASSIGNED → NEW
Component: Security: General → Preferences
QA Contact: junruh
Target Milestone: M30 → Future
junruh, component "Preferences" is about the Prefs window (see <http://bugzilla.mozilla.org/describecomponents.cgi?product=Browser>. This is a privacy bug. Back to Sec. Gen. mpt, that's exactly what I suggested.
Component: Preferences → Security: General
Target Milestone: Future → M30
Status: NEW → ASSIGNED
Changing fictional "M30" to reality
Target Milestone: M30 → Future
Summary: Don't hit any server other than the main one → [z]Don't hit any server other than the main one
Summary: [z]Don't hit any server other than the main one → Don't hit any server other than the main one
Whiteboard: [z]
.
Assignee: morse → nobody
Status: ASSIGNED → NEW
Whiteboard: [z]
I definitely agree that a pref like this would be good. I also wouldn't mind if the similar image pref was just considered a sub-set of this one, although there are badwidth issues which might cause a user to wish to block images but not other objects.
QA Contact: toolkit
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.