Security/Reviews/bug588270
From MozillaWiki
Please use "Edit with form" above to edit this page.
Item Reviewed
| Reduce redundancy with the favicons in the address bar and location bar | |
| Target | 588270 // ** supporting info: https://heatmap.mozillalabs.com/ |
Introduce the Feature
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
- remove favicon from url bar
- also removes site identity when there is no favicon
- trying to solve some user confusion over missing favicon that may confuse users with conditional fwd button
What solutions/approaches were considered other than the proposed solution?
- leave as is
Why was this solution chosen?
- need to make things clearer for users
Any security threats already considered in the design and why?
- favicons that look like a lock or browser-fwd button
Threat Brainstorming
- some concern over nothing being there for non-ssl sites
- need something to convey state, fine with lock not being there
- Sites can't make their own lock icon anymore, so that's good
- how do we convey mixed mode?
- current problem, this bug is not to address that but may make this problem worse as there is no button now
- add-ons could update this area but are not a full solution
- Property "SecReview feature goal" (as page type) with input value "* remove favicon from url bar
- also removes site identity when there is no favicon
- trying to solve some user confusion over missing favicon that may confuse users with conditional fwd button" contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
- Property "SecReview threat brainstorming" (as page type) with input value "* some concern over nothing being there for non-ssl sites
- need something to convey state, fine with lock not being there
- Sites can't make their own lock icon anymore, so that's good
- how do we convey mixed mode?
- current problem, this bug is not to address that but may make this problem worse as there is no button now
- add-ons could update this area but are not a full solution" contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
Action Items
| Action Item Status | None |
| Release Target | Firefox 12 |
| Action Items | |
| * user study on how users percieve the UI in this model (future, not for this bug/review) -- does this UI change alter how they perceive the security of a site | |
Other topics out of scope
- Use of the door hanger for other information
-is it a phishing site? -have you visited it before
- Do we want to distinguish between scripts over http vs other content (ex: images) over http
- Infobar for scripts over http on an https site: https://bugzilla.mozilla.org/show_bug.cgi?id=62178
- bsterne was working on mixed content notification kids of stuff
- surfacing the web forgery report
