Firefox/Projects/Binding for untrusted text in security dialogs

From MozillaWiki
Jump to: navigation, search

Summary

Design and implement a common way for security dialogs to include untrusted text without compromising the rest of the dialog. The implementation might take the form of an XBL binding.

Current Status

A private page describes some of the attacks we would like to defend against, and contains a partial list of security dialogs in Firefox. It is clear that given the number of attacks and number of dialogs, ad-hoc checks are doomed to failure.

Next Steps

Related Bugs

Team

  • Project Lead: Blair (Unfocused)
  • Alternate Contact: Johnath
  • Initiator: jesse

Designs

Goals/Use Cases

  • Defend against attacks where site-supplied text breaks other parts of security dialogs.

Non Goals

  • Defend against sites supplying sentences (except perhaps by setting site-supplied text apart visually).
  • Defend against "badgering" attacks.
  • Save the world from scareware