Summary: plugins, especially Flash, are still a major attack vector for malware authors. We intend to create a list of domains which are commonly loaded in a 3rd-party context and which therefore present a higher than normal risk of malware attacks. Sites on this list would be automatically sandboxed so that they could not run plugins.
I am going to ask social networking/sharing sites that are commonly embedded to join this blocklist. I'll also contact commonly-embedded web tools such as disqus. And finally I'll be working with large ad networks, because that is where a lot of the infection risk comes from. The implementation of this system will likely use the sandboxed-iframe mechanism. Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1277876 Target release: unsure; hopefully 50 Behavior of other browsers: we have no indication that other browsers are ready to adopt this strategy yet. --BDS _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
