Firefox 3.6/AboutSupport Security Review: Difference between revisions

Jump to navigation Jump to search

Firefox 3.6/AboutSupport Security Review (view source)

Revision as of 18:35, 16 October 2009

1 byte removed ,  16 October 2009
→‎Security and Privacy
Line 22: Line 22:
** ''This feature is not a security feature.''
** ''This feature is not a security feature.''
* What potential security issues in your feature have you already considered and addressed?
* What potential security issues in your feature have you already considered and addressed?
** ''We no longer show the profile directory pathe in the page.  We have also introduced a preferences whitelist so we only display prefs that are useful and don't pose a serious risk to the user's privacy.''
** ''We no longer show the profile directory path in the page.  We have also introduced a preferences whitelist so we only display prefs that are useful and don't pose a serious risk to the user's privacy.''
* Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing?
* Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing?
** ''Missing prefs would actually reduce the risk posed by this feature.  A hacked whitelist could pose some interesting implications, but if an attacker can hack the whitelist, they can probably do far more direct damage.''
** ''Missing prefs would actually reduce the risk posed by this feature.  A hacked whitelist could pose some interesting implications, but if an attacker can hack the whitelist, they can probably do far more direct damage.''
Cbartley
213

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/176202"

Navigation menu