mozilla and security zones

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

it would appear that the folks at mofo are looking to try to implement
some kind of security zone framework in future versions of the
browser... this set off alarms in my head because i remember nick
stating that the security zone model IE used was fundamentally
broken... is mozilla going to start mirroring IE's mistakes?

"we are the revenants
and we will rise up from the dead
we become the living
we've come back to reclaim our stolen breath"

Re: mozilla and security zones

With success, comes pressure
With pressure, comes mistakes :-(


Re: mozilla and security zones

Quoted text here. Click to load it

In the proto-spec at < the
only differences between the current default and the most permissive
proposed zone are that in the permissive zone, third-party cookies are
allowed and XPI installs are allowed.

It's already possible to allow third-party cookies in Firefox, though
not on a site-by-site basis.  (I think such per-site cookie control is
possible with an extension, but I'm not sure.)

There's also already a whitelist for sites that can use XPI installers.
The user is still prompted for any install from a whitelisted site, and
I guess that prompt would remain for sites in the permissive zone.

On the face of it, the proposed zones don't look as troubling as IE's
have turned out to be.  But I would like to hear what Nick or others
familiar with the problems of zone models think.


Site Timeline