Browse wiki

Jump to: navigation, search
Security/Features/Mixed Content Blocker
Feature accessibility lead `  +
Feature accessibility notes `  +
Feature accessibility review `  +
Feature accessibility status `  +
Feature additional members Brandon Sterne, Christoph Kerschbaumer  +
Feature dependencies `  +
Feature engineering notes `  +
Feature engineering status `  +
Feature engineering team Security  +
Feature feature manager Tanvi Vyas  +
Feature functional spec Blocking of the mixed content loads occurs
Blocking of the mixed content loads occurs at the nsIContentPolicy level. When such a block occurs, the content policy fires an event at the document containing the mixed content, which causes the browser to display UI notifying the user that content was blocked, and providing the option to reload the page with the mixed content enabled. The reload-with-insecure-content flag is stored on the session history entry, so navigating back and forward through the browsing history, if a page was allowed to load mixed content, would cause the page to be rendered with mixed content again. If the mixed content page is visited in a new tab, or the navigation chain is otherwise broken, then the page will go back to the default block-mixed-content state.
to the default block-mixed-content state.  +
Feature health OK  +
Feature implementation notes `  +
Feature implementation plan - Master Bug  +
Feature landing criteria `  +
Feature lead engineer Tanvi Vyas  +
Feature list `  +
Feature localization lead `  +
Feature localization notes `  +
Feature localization review `  +
Feature localization status `  +
Feature name Mixed Content Blocker  +
Feature non-goals To prevent the disclosure of cookies and other sensitive data through mixed display content, such as images, and video. We have a pref, disabled by default, which when enabled would block these loads as well using the same infrastructure.  +
Feature open issues and risks === Future UI tweaks === * https://bugzill
=== Future UI tweaks === * - Make mixed content blocker more discoverable * - Strike through https === Edge Cases === *, - Redirects * - Session Restore and document.write * - Object Subrequests * - Relying on HSTS to prevent Mixed Content * - Mixed content in iframes.
.cgi?id=826599 - Mixed content in iframes.  +
Feature operations lead `  +
Feature operations notes `  +
Feature operations review ` +
Feature operations status `  +
Feature overview The Mixed Content Blocker prevents "mixed
The Mixed Content Blocker prevents "mixed script" content, defined as mixed content loads of scripts, plugins, and stylesheets, from being loaded into a secure web page. The primary threat model is the active network attacker who modifies the contents of mixed script resources to compromise the integrity of a secure web application. This feature blocks mixed scripts from loading by default, and adds UI that enables a user to reload the page with the insecure content permitted to load. Detailed blog posts:
7/mixed-content-blocker-hits-firefox-beta/  +
Feature priority P1  +
Feature privacy lead Sid Stamm  +
Feature privacy notes `  +
Feature privacy review `  +
Feature privacy status `  +
Feature product manager Sid Stamm  +
Feature product marketing lead `  +
Feature product marketing notes `  +
Feature product marketing status `  +
Feature products notes `  +
Feature products status `  +
Feature project `  +
Feature qa lead Mihai Morar  +
Feature qa notes [ Test Plan]  +
Feature qa review `  +
Feature qa status `  +
Feature rank 999  +
Feature requirements `  +
Feature roadmap Security  +
Feature secondary roadmap `  +
Feature security health `  +
Feature security lead Dan Veditz  +
Feature security notes `  +
Feature security review `  +
Feature security status `  +
Feature stage Complete  +
Feature status Complete  +
Feature status note `  +
Feature theme Product Hardening  +
Feature users and use cases `  +
Feature ux design  +
Feature ux lead Larissa Co  +
Feature ux notes `  +
Feature ux status `  +
Feature version Firefox 23  +
Categories Feature Page
Modification date
This property is a special property in this wiki.
10 April 2014 22:55:29  +
hide properties that link here 
  No properties link to this page.


Enter the name of the page to start browsing from.