Site Based Data Management UI (about:permissions) 2011.06.15
- Experimental but possibly a full fledged feature
- what permissions do sites have, what data is being shared, see total relationship with a give site
- More for expert users but may become more popular
- Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
- give users all the permissions for a site in one place
- What solutions/approaches were considered other than the proposed solution?
- this was a pane in prefs dialog
- decided there was not enough space so it became a content tab
- Why was this solution chosen?
- More space was needed
- some use cases were not being handled by page info
- Any security threats already considered in the design and why?
- How to deal with cookies set for superdomains --> bug 658556
- How to deal with third-party cookies?
Info / Questions
- feature is in content, which should become a more standard prefrence
- similar to about:addons
- how can addons work with this?
- currently no easy-to-use hooks for addons
- will there be a way to get from a page to the about:permissions pane for that page? I think there should be, but it needs to be non-clickjackable. (won't be in Fx 6)
- HSTS and DNT?
- currently not here, might move here in the future (DNT most likely)
- add UI for strict-transport-security: https://bugzilla.mozilla.org/show_bug.cgi?id=572803
- Is this UI used in mobile
- not curently
- If content-area chrome is targetable or loadable by web content, that could turn an sg:high universal XSS into an sg:critical.
- all in-content UI pages have this as a problem, so this does not expand that risk
- Currently managing items such as cookies and passwords launches current small managers for these items. Future design would move these to content. Are there potential security issues here?
- master password is not being used, so people are a bit "freaked" about having their passwords in this format
- network traffic caused by this feature?
- all info is local, no network requests
- favicons use faviconservice, not loaded remotely
- how can you verify a site has no default permissions?
- still being delt with
- bsterne verified that you cannot link to this about:permissions page from a content page, including: iframe, window.open, or <a href> (clickjacking threat)
- It is possible to navigate from about:permissions to another page using Cmd+L or to your home page using Alt+Home. This is a security risk because it gives content a way to target chrome, enabling clickjacking and XSS-elevation and other badness. filed bug 664556
- does anything ask for your password
- tabs on bottom still shows URL bar which could lead to spoofing
Conclusions / Action Items
- [UX Team?] add Master Password improvements into UX experiments
- [Dveditz] bug: use of master password on about:permissions (not blocking)
- [Jesse] bug: chrome to content navigation --> bug 664556 (not blocking)
- [dchan] bug: cookie handling --> bug 664606 (not blocking)