MozillaWiki

Firefox3.1/Blocklisting Security Review: Difference between revisions

Page Discussion

Firefox3.1/Blocklisting Security Review (view source)

Revision as of 22:29, 2 December 2008

362 bytes removed ,  2 December 2008
→‎Security and Privacy
Line 18: Line 18:
* What security issues do you address in your project?
* What security issues do you address in your project?


The blocklist itself is a way to mitigate security issues in third-party add-ons to the application.
The blocklist data is downloaded over https. The service is implemented in JavaScript so should not suffer from memory related bugs.
 
The blocklist itself is downloaded over https. The service is implemented in JavaScript so should not suffer from memory related bugs. Once blocked the add-ons are no longer meant to be loaded at all.


** Need to verify how the blocklist service behaves with bad ssl certs
** Need to verify how the blocklist service behaves with bad ssl certs
** There is a problem with plugins on non-windows OS where the shared library must be loaded into memory to query the plugin metadata that will tell us if the plugin should be blocked or not.


* Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing?
* Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing?
Mossop
canmove, Confirmed users
1,567

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/119050"