Security/Features/Mixed Content Blocker
Status
Mixed Content Blocker | |
Stage | Complete |
Status | Complete |
Release target | Firefox 23 |
Health | OK |
Status note | ` |
Team
Product manager | Sid Stamm |
Directly Responsible Individual | Tanvi Vyas |
Lead engineer | Tanvi Vyas |
Security lead | Dan Veditz |
Privacy lead | Sid Stamm |
Localization lead | ` |
Accessibility lead | ` |
QA lead | Mihai Morar |
UX lead | Larissa Co |
Product marketing lead | ` |
Operations lead | ` |
Additional members | Brandon Sterne, Christoph Kerschbaumer |
Open issues/risks
Future UI tweaks
- https://bugzilla.mozilla.org/show_bug.cgi?id=834828 - Make mixed content blocker more discoverable
- https://bugzilla.mozilla.org/show_bug.cgi?id=834830 - Strike through https
Edge Cases
- https://bugzilla.mozilla.org/show_bug.cgi?id=418354, https://bugzilla.mozilla.org/show_bug.cgi?id=456957 - Redirects
- https://bugzilla.mozilla.org/show_bug.cgi?id=815345 - Session Restore and document.write
- https://bugzilla.mozilla.org/show_bug.cgi?id=836352 - Object Subrequests
- https://bugzilla.mozilla.org/show_bug.cgi?id=838395 - Relying on HSTS to prevent Mixed Content
- https://bugzilla.mozilla.org/show_bug.cgi?id=826599 - Mixed content in iframes.
Stage 1: Definition
1. Feature overview
The Mixed Content Blocker prevents "mixed script" content, defined as mixed content loads of scripts, plugins, and stylesheets, from being loaded into a secure web page. The primary threat model is the active network attacker who modifies the contents of mixed script resources to compromise the integrity of a secure web application. This feature blocks mixed scripts from loading by default, and adds UI that enables a user to reload the page with the insecure content permitted to load.
Detailed blog posts: https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/
https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-firefox-aurora/
https://blog.mozilla.org/security/2013/06/27/mixed-content-blocker-hits-firefox-beta/
2. Users & use cases
`
3. Dependencies
`
4. Requirements
`
Non-goals
To prevent the disclosure of cookies and other sensitive data through mixed display content, such as images, and video. We have a pref, disabled by default, which when enabled would block these loads as well using the same infrastructure.
Stage 2: Design
5. Functional specification
Blocking of the mixed content loads occurs at the nsIContentPolicy level. When such a block occurs, the content policy fires an event at the document containing the mixed content, which causes the browser to display UI notifying the user that content was blocked, and providing the option to reload the page with the mixed content enabled.
The reload-with-insecure-content flag is stored on the session history entry, so navigating back and forward through the browsing history, if a page was allowed to load mixed content, would cause the page to be rendered with mixed content again. If the mixed content page is visited in a new tab, or the navigation chain is otherwise broken, then the page will go back to the default block-mixed-content state.
6. User experience design
http://people.mozilla.com/~lco/ProjectSPF/Mixed_Content/Mixed_Content_Spec/
Stage 3: Planning
7. Implementation plan
https://bugzilla.mozilla.org/show_bug.cgi?id=815321 - Master Bug
8. Reviews
Security review
`
Privacy review
`
Localization review
`
Accessibility
`
Quality Assurance review
`
Operations review
`
Stage 4: Development
9. Implementation
`
Stage 5: Release
10. Landing criteria
`
Feature details
Priority | P1 |
Rank | 999 |
Theme / Goal | Product Hardening |
Roadmap | Security |
Secondary roadmap | ` |
Feature list | ` |
Project | ` |
Engineering team | Security |
Team status notes
status | notes | |
Products | ` | ` |
Engineering | ` | ` |
Security | ` | ` |
Privacy | ` | ` |
Localization | ` | ` |
Accessibility | ` | ` |
Quality assurance | ` | Test Plan |
User experience | ` | ` |
Product marketing | ` | ` |
Operations | ` | ` |