canmove, Confirmed users
1,567
edits
Firefox3.1/Blocklisting Security Review: Difference between revisions
Jump to navigation
Jump to search
Firefox3.1/Blocklisting Security Review (view source)
Revision as of 22:30, 2 December 2008
, 2 December 2008→Security and Privacy
| Line 20: | Line 20: | ||
The blocklist data is downloaded over https. The service is implemented in JavaScript so should not suffer from memory related bugs. | The blocklist data is downloaded over https. The service is implemented in JavaScript so should not suffer from memory related bugs. | ||
'''Need to verify how the blocklist service behaves with bad ssl certs''' | |||
* Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing? | * Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing? | ||
| Line 28: | Line 28: | ||
* Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project. | * Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project. | ||
'''I believe it may be possible for webpages to detect whether plugins have been blocklisted or disabled using a similar method to the history detection trick. I'm not sure whether this constitutes a real risk at all.''' | |||
* How are transitions in/out of Private Browsing mode handled? | * How are transitions in/out of Private Browsing mode handled? | ||