Hello, I would like to bring your attention to a paper I published today: http://www.vsecurity.com/download/papers/WeaningTheWebOffOfSessionCookies.pdf
It includes a few minor security problems with HTTP authentication dialog boxes and password managers in several browsers. More importantly, it makes an argument for a few small changes to browser behavior and/or standards. I would hope that Mozilla developers could take a look and provide any feedback. I'm particularly interested in opinions on the suggested 401 response behavior change. I have submitted this information to other browser vendors as well. thanks! tim _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security