Open Bug 546360 Opened 14 years ago Updated 2 years ago

IFrame security enhancement

Categories

(Firefox :: Security, enhancement)

Product:
Firefox
Component:
Security
Platform:
x86
Linux
Type:
enhancement

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: contact, Unassigned)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6

"Run Applications and Files in an IFrame

[ ] Allow
[ ] Ask for confirmation
[ ] Deny"

This is a security setting from Internet Explorer (translated from a German install) that I'd like to have in Firefox, because I'm sick of getting exposed to instant Adobe PDF download injection even with JavaScript disabled(!) and NoScript installed(!) which would make me believe I'm secured even with that little convenience activated.

Please reproduce this setting to fix https://bugzilla.mozilla.org/show_bug.cgi?id=543279 and also partly the 4-years old issue discussed here (that one is probably also affected by meta refreshs which is another issue): https://bugzilla.mozilla.org/show_bug.cgi?id=344267

Suggested default setting would be "Ask for confirmation".

Reproducible: Always
Seems I'm not that good at writing flawless bug reports right away :p when talking of "that little convenience", I was referring to the "Use [application]" feature that allows to skip the dialog that always asks me whether I want to save a file or open it with some application. Apparently I simply forgot to put it into the sentence
Severity: normal → enhancement
Summary: [Feature Request] IFrame security enhancement → IFrame security enhancement
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.