No it's not. To extend you Word analogy elsewhere, Mozilla users
can save .doc files to local disk, and such documents are not
auditted either.
No, they aren't. But Word will pop up the macro dialog when it opens them.
Also, Word documents are not re-opened using Mozilla, so it's not our problem.
With MOTW in place, Mozilla and Firefox trusts Word documents more than it trusts web documents, passing them through the file-save cycle without modification. That is silly.
Not exactly. The point of trust is on reload, not on save. The MOTW is merely metadata about the file's origin. I might configure my Firefox, for example, to not alert for all content saved from www.mybank.com.
Content on the local disk is (or is supposed to be) from a known source (your OS vendor, your own creations, your digital camera). Content on the web could have been written by anyone with any motives. Clearly it's a more hostile place!
This thread's about a model that supports users _and_ web developers. Web development, which uses the local disk, is a highly unreliable activity, where every iteration of the work is filled with bugs (as for any software development). The "source" may produce reliable pages in the end, but most of the time they're in disarray.
I don't buy that "local sources" are more reliable in that case.
While those local sources may be buggy, such bugs are unlikely to do the equivalent of "rm -rf /*". If you run code you didn't write, however, it could do anything. You don't know.
Also, your mindset is entirely negative. Who brainwashed you into thinking that the 0.01% of the content-providing Web citizens that are criminals are more important than the 99.99% that are perfectly reasonable? Media hype?
No - the fact that the 0.01% of criminals will do nasty things to Firefox users who will then come and complain loudly to us.
There's no reason to mark 100% of saved web pages unsafe because 0.01% might actually be so. That's overkill.
If you have some reliable way of analysing the page content to determine its safety, then I quite agree.
The thing is that the MOTW is a credential. All kinds of systems can be hung off of a credential, not just those that originate it. A speculative example: MSN Search might perform better then Google Desktop Search if it used the MOTW as a signal to search the matching original website as well as the local disk page. So Google Search adds that MOTW support in order to compete. Suddenly, your searches don't perform unless the mark is in place. So tools vendors add it. So web developers put it in. So it's used in live pages as well as locally saved ones.
Why is any of that bad? As long as Mozilla makes sure there's exactly one, correct, MOTW in a page when it saves it, none of the above is a problem or a security risk.
Gerv _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
