Security/Features/Mixed Content Blocker
Status
| Mixed Content Blocker | |
| Stage | Draft |
| Status | In progress |
| Release target | Firefox 12 |
| Health | OK |
| Status note | ` |
{{#set:Feature name=Mixed Content Blocker
|Feature stage=Draft |Feature status=In progress |Feature version=Firefox 12 |Feature health=OK |Feature status note=` }}
Team
| Product manager | Brandon Sterne |
| Directly Responsible Individual | ` |
| Lead engineer | Brandon Sterne |
| Security lead | Brandon Sterne |
| Privacy lead | Sid Stamm |
| Localization lead | ` |
| Accessibility lead | ` |
| QA lead | ` |
| UX lead | Alex Limi |
| Product marketing lead | ` |
| Operations lead | ` |
| Additional members | ` |
{{#set:Feature product manager=Brandon Sterne
|Feature feature manager=` |Feature lead engineer=Brandon Sterne |Feature security lead=Brandon Sterne |Feature privacy lead=Sid Stamm |Feature localization lead=` |Feature accessibility lead=` |Feature qa lead=` |Feature ux lead=Alex Limi |Feature product marketing lead=` |Feature operations lead=` |Feature additional members=` }}
Open issues/risks
`
Stage 1: Definition
1. Feature overview
The Mixed Content Blocker prevents "mixed script" content, defined as mixed content loads of scripts, plugins, and stylesheets, from being loaded into a secure web page. The primary threat model is the active network attacker who modifies the contents of mixed script resources to compromise the integrity of a secure web application. This feature blocks mixed scripts from loading by default, and adds UI that enables a user to reload the page with the insecure content permitted to load.
This feature brings Firefox into parity with Chrome, which has had it since June 2011 [1]. Currently, Chrome only enables this restriction on *.google.com web properties, as they've had to back off from the more strict policy due to pushback from impacted sites. We have contacts on the Chrome team that wish to coordinate a release of this feature, with the expectation that Firefox-plus-Chrome adoption will cause the feature to "stick".
[1] "Trying to end mixed scripting vulnerabilities"
2. Users & use cases
`
3. Dependencies
`
4. Requirements
`
Non-goals
To prevent the disclosure of cookies and other sensitive data through mixed display content, such as images, iframes, and fonts. We plan to add a pref, disabled by default, which when enabled would block these loads as well using the same infrastructure.
Stage 2: Design
5. Functional specification
Blocking of the mixed content loads occurs at the nsIContentPolicy level. When such a block occurs, the content policy fires an event at the document containing the mixed content, which causes the browser to display UI notifying the user that content was blocked, and providing the option to reload the page with the mixed content enabled.
The reload-with-insecure-content flag is stored on the session history entry, so navigating back and forward through the browsing history, if a page was allowed to load mixed content, would cause the page to be rendered with mixed content again. If the mixed content page is visited in a new tab, or the navigation chain is otherwise broken, then the page will go back to the default block-mixed-content state.
6. User experience design
Stage 3: Planning
7. Implementation plan
https://bugzilla.mozilla.org/show_bug.cgi?id=62178
8. Reviews
Security review
`
Privacy review
`
Localization review
`
Accessibility
`
Quality Assurance review
`
Operations review
`
Stage 4: Development
9. Implementation
`
Stage 5: Release
10. Landing criteria
` {{#set:Feature open issues and risks=` |Feature overview=The Mixed Content Blocker prevents "mixed script" content, defined as mixed content loads of scripts, plugins, and stylesheets, from being loaded into a secure web page. The primary threat model is the active network attacker who modifies the contents of mixed script resources to compromise the integrity of a secure web application. This feature blocks mixed scripts from loading by default, and adds UI that enables a user to reload the page with the insecure content permitted to load.
This feature brings Firefox into parity with Chrome, which has had it since June 2011 [1]. Currently, Chrome only enables this restriction on *.google.com web properties, as they've had to back off from the more strict policy due to pushback from impacted sites. We have contacts on the Chrome team that wish to coordinate a release of this feature, with the expectation that Firefox-plus-Chrome adoption will cause the feature to "stick".
[1] "Trying to end mixed scripting vulnerabilities" |Feature users and use cases=` |Feature dependencies=` |Feature requirements=` |Feature non-goals=To prevent the disclosure of cookies and other sensitive data through mixed display content, such as images, iframes, and fonts. We plan to add a pref, disabled by default, which when enabled would block these loads as well using the same infrastructure. |Feature functional spec=Blocking of the mixed content loads occurs at the nsIContentPolicy level. When such a block occurs, the content policy fires an event at the document containing the mixed content, which causes the browser to display UI notifying the user that content was blocked, and providing the option to reload the page with the mixed content enabled.
The reload-with-insecure-content flag is stored on the session history entry, so navigating back and forward through the browsing history, if a page was allowed to load mixed content, would cause the page to be rendered with mixed content again. If the mixed content page is visited in a new tab, or the navigation chain is otherwise broken, then the page will go back to the default block-mixed-content state. |Feature ux design=Strawman UI |Feature implementation plan=https://bugzilla.mozilla.org/show_bug.cgi?id=62178 |Feature security review=` |Feature privacy review=` |Feature localization review=` |Feature accessibility review=` |Feature qa review=` |Feature operations review=` |Feature implementation notes=` |Feature landing criteria=` }}
Feature details
| Priority | Unprioritized |
| Rank | 999 |
| Theme / Goal | ` |
| Roadmap | Security |
| Secondary roadmap | ` |
| Feature list | ` |
| Project | ` |
| Engineering team | ` |
{{#set:Feature priority=Unprioritized
|Feature rank=999 |Feature theme=` |Feature roadmap=Security |Feature secondary roadmap=` |Feature list=` |Feature project=` |Feature engineering team=` }}
Team status notes
| status | notes | |
| Products | ` | ` |
| Engineering | ` | ` |
| Security | ` | ` |
| Privacy | ` | ` |
| Localization | ` | ` |
| Accessibility | ` | ` |
| Quality assurance | ` | ` |
| User experience | ` | ` |
| Product marketing | ` | ` |
| Operations | ` | ` |
{{#set:Feature products status=`
|Feature products notes=` |Feature engineering status=` |Feature engineering notes=` |Feature security status=` |Feature security health=` |Feature security notes=` |Feature privacy status=` |Feature privacy notes=` |Feature localization status=` |Feature localization notes=` |Feature accessibility status=` |Feature accessibility notes=` |Feature qa status=` |Feature qa notes=` |Feature ux status=` |Feature ux notes=` |Feature product marketing status=` |Feature product marketing notes=` |Feature operations status=` |Feature operations notes=` }}