On Fri, Mar 6, 2015 at 7:27 PM, Anne van Kesteren <ann...@annevk.nl> wrote:
> A large number of permissions we currently allow users to store
> persistently for a given origin. I suggest we stop offering that
> functionality when there's no lock in the address bar. This will make
> it harder for a network attacker to abuse these permissions. This
> would affect UX for:
>
> * Geolocation
> * Notification
> * Fullscreen
> * Pointer Lock
> * Popups

What attack is this designed to mitigate?  If the user allows an
unsecured site to use (for instance) geolocation, whether persisted or
not, an MITM will be able to get the geolocation info as long as
they're intercepting the traffic, right?  And if they have some way to
persist their scripts via injecting modified resources with long cache
timeouts or such, they can still get the info as long as the user
keeps clicking "yes".  And the user will definitely keep clicking yes,
because a) they clicked it the first time, and b) you have conditioned
them to click "yes" a million times on the same site.  So how does not
persisting this info help at all?  Probably I'm missing something
obvious.
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Reply via email to