On Fri, Mar 6, 2015 at 7:27 PM, Anne van Kesteren <ann...@annevk.nl> wrote: > A large number of permissions we currently allow users to store > persistently for a given origin. I suggest we stop offering that > functionality when there's no lock in the address bar. This will make > it harder for a network attacker to abuse these permissions. This > would affect UX for: > > * Geolocation > * Notification > * Fullscreen > * Pointer Lock > * Popups
What attack is this designed to mitigate? If the user allows an unsecured site to use (for instance) geolocation, whether persisted or not, an MITM will be able to get the geolocation info as long as they're intercepting the traffic, right? And if they have some way to persist their scripts via injecting modified resources with long cache timeouts or such, they can still get the info as long as the user keeps clicking "yes". And the user will definitely keep clicking yes, because a) they clicked it the first time, and b) you have conditioned them to click "yes" a million times on the same site. So how does not persisting this info help at all? Probably I'm missing something obvious. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
