Re: Revocation protocol idea

Hey, concerns about the viability of such a decentralized systems aside, I still don't understand the advantage of blocking on an API level vs. simply showing the SafeBrowsing error page that we currently have in place. Why would we continue to allow a user to visit a clearly harmful page? Y

Re: PSA: HTML injection in chrome documents is now automatically sanitized

I don't think these rewrites fit the definition of a good first bug. I'm all for working with volunteers on this, since these are good isolated, non-time-sensitive projects to tackle, but I can't think of an innerHTML example in our codebase that matches the low difficulty we usually apply to good

Re: Chrome will start marking HTTP pages as "Not secure"

Yeah, there's a team working on this stuff (and they/we have been in touch with the Chrome people for a long time) and this is not a call we should make on a mailing list. There's a valid concern around warning fatigue (plastering so many sites with "Insecure" that users easily dismiss it) and we m

Intent to unship: "storage" attribute in options for indexedDB.open()

I would like to unship the proprietary "storage" attribute in indexedDB.open()[0]. It allows developers to prevent their indexedDB storage from being evicted as part of quota management[1]. However, there is a web standard which specifies a better persistent storage mechanism and has broader vendor

Re: Intent to unship: "storage" attribute in options for indexedDB.open()

ception for the DevTools iDB principal? Should DevTools >> use the system principal and migrate existing data? >> >> [1]: >> https://searchfox.org/mozilla-central/rev/bffd3e0225b65943364be721881470590b9377c1/devtools/shared/indexed-db.js#34 >> >> - Ryan >>

No more unsafe innerHTML in system privileged Firefox code, for good

tl;dr Raw markup injection (e.g. through innerHTML) in system-privileged content is automatically sanitized and we have removed all exceptions to this rule. You should still not use innerHTML and friends. Hello everyone, The danger of remote code execution (RCE) exploits through unescaped inner

Re: PSA: Major preference service architecture changes inbound

Since I have seen several people point out in this thread that there's *probably* code that excessively accesses prefs: You can easily assert the name and amount of different prefs that are read during whatever scenario you'd like to perform by adding to this test (or writing your own version of i

Re: mozilla-central Fails to Build on Mac With Latest Xcode (10.0)

Also note that at least two of us were running into this issue after successfully compiling Nightly on Mojave: https://bugzilla.mozilla.org/show_bug.cgi?id=1494022 Until that is fixed you might need to downgrade to the 10.13 OSX SDK to compile Firefox. On Tue, Sep 25, 2018 at 5:42 PM Dave Townse

Re: Cookie policy/permission in live documents - proposal

Thanks for writing this up and adding the great explanations, Andrea! I think your proposal has a lot of benefits and I don't have any major concerns about it, I would just like to add a few comments: Just to reiterate, per your proposal the cookie policy (network.cookieBehavior pref) and permiss

Re: Cookie policy/permission in live documents - proposal

In my experience having to restart applications to make settings apply is the worst thing ever, hence I really like your mock. We should make sure to include it in the bug (or a follow-up) for this proposed change. On Thu, Jan 31, 2019 at 8:13 PM wrote: > On Monday, January 28, 2019 at 11:08:32

Intent to require Secure Context for Web Notifications

The Notifications API [0] allows websites to show notifications outside of the browser viewport, integrating into the native OS-like notification system. In combination with service workers this can be used to send push notifications that work even when the website is not opened. While the latter h

Re: CookieSettings

Hi Baku, thank you for all the work on this. For completeness sake I would like to mention that we are adapting to this new (and finally explicit!) cookie preferences user experience in https://bugzilla.mozilla.org/show_bug.cgi?id=1526075, where users are given the choice to reload their tabs so t

Intent to implement and experiment: Require user interaction for notification permission prompts

In bug 1524619 I plan to implement support for requiring a user gesture when calling Notification.requestPermission() [0] and PushManager.subscribe() [1]. The rationale is the increasing amount of unsolicited, out-of-context notification permi

Re: Intent to implement and experiment: Require user interaction for notification permission prompts

encourage you to remove your existing Notification permissions in about:preferences. I'll keep you posted on the results of these experiments and whenever we make a decision that impacts the release channel. Thanks! Johann On Tue, Mar 19, 2019 at 2:15 PM Johann Hofmann wrote: > In bug 152461

Re: Intent to implement and experiment: Require user interaction for notification permission prompts

On Tue, Apr 2, 2019 at 10:20 AM Henri Sivonen wrote: > On Tue, Mar 19, 2019 at 3:15 PM Johann Hofmann > wrote: > > > > In bug 1524619 <https://bugzilla.mozilla.org/show_bug.cgi?id=1524619> I > > plan to implement support for requiri

Intent to Ship: Show an indicator for insecure HTTP in the URL bar

In desktop Firefox 70, we intend to show an icon in the “identity block” (the left hand side of the URL bar which is used to display security / privacy information) that marks all sites served over HTTP (as well as FTP and certificate errors) as insecure. This change is part of our new simplified

Intent to Ship: Show an indicator for insecure HTTP in the URL bar

(This was originally posted to both dev-platform and firefox-dev, but seems to have gotten lost on dev-platform at least for some subscribers, so I'm resending. Apologies if you've received this twice now.) In desktop Firefox 70, we intend to show an icon in the “identity block” (the left hand si

Re: Intent to Ship: Show an indicator for insecure HTTP in the URL bar

I tried embedding it in my email but email is apparently complicated, so I also attached it to the bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1562881#c8 Thanks for letting me know :) On Tue, Jul 16, 2019 at 9:08 PM Dirkjan Ochtman wrote: > On Tue, Jul 16, 2019, 19:52 Johann Hofm

Intent to Ship: Move Extended Validation Information out of the URL bar

In desktop Firefox 70, we intend to remove Extended Validation (EV) indicators from the identity block (the left hand side of the URL bar which is used to display security / privacy information). We will add additional EV information to the identity panel instead, effectively reducing the exposure

Re: Intent to prototype: Web Speech API

Putting on my hat as one of the people maintaining our permissions UI, I generally agree with Henri that it would be nice to have a slightly different UI for this use-case, i.e. as far as I can see the presented origin does not in fact get access to the user's microphone and it's a bit unclear what

Re: Intent to prototype: Web Speech API

tible with the other, which I think is not unimaginable here. Hence my recommendation to avoid using the same permission name right now and using a separate UI as soon as that can be prioritized. On Wed, Oct 16, 2019, 19:43 Daniel Veditz wrote: > On Wed, Oct 16, 2019 at 4:40 AM Johann Hof

Intent to Ship: Require user interaction for notification permission prompts

Starting from version 72, Firefox will require a user gesture when calling Notification.requestPermission() [0] and PushManager.subscribe() [1]. Requests that do not follow a user gesture will be automatically denied. We will, however, show a small UI indicator that can be used by Firefox users to

Re: Intent to prototype: Delegate and restrict permission in third party context

I think the main question that needs to be answered here is: "How does that make the situation better?" There is an extensive document from the Chrome team on their motivation,

Visibility of disabled tests

Hi folks, in the past I and other triage owners have experienced some frequently failing tests being disabled without a clear notice to the triage owner, component owner or test author. I've seen this specific pattern a few times: - An intermittent test starts failing very frequently very suddenl

Re: Intent to ship: Optional Chaining Operator

Just a note: Please be conservative about using this in m-c while it's not enabled in release yet, to avoid issues when uplifting patches. Otherwise, I think this is a great new feature that I'd love to use. On Wed, Jan 22, 2020 at 4:30 PM Patrick Brosset wrote: > Thanks Yulia, this is going to

Re: Intent to unship: FTP protocol implementation

Can you share some insight into the usage telemetry that was considered for unshipping this? On Thu, Mar 19, 2020 at 9:02 AM Henri Sivonen wrote: > On Thu, Mar 19, 2020 at 2:24 AM Michal Novotny > wrote: > > We plan to remove FTP protocol implementation from our code. > > Chrome's status dashbo

Intent to Prototype: ETP Cookie Purging

In bug 1628743 I plan to enable ETP cookie purging by default on Nightly only, affecting both desktop and mobile. In short, ETP cookie purging is an attempt to protect against first-party redirect (“bounce”) trackers by periodically clearing t

Re: Intent to Prototype: ETP Cookie Purging

this out. Cheers, Johann On Thu, Apr 9, 2020 at 11:26 PM Johann Hofmann wrote: > In bug 1628743 <https://bugzilla.mozilla.org/show_bug.cgi?id=1628743> I > plan to enable ETP cookie purging by default on Nightly only, affecting > both desktop and mobile. > > In short

Firefox Security Newsletter - 2019 in Recap

d a temporary override to allow early testers to avoid breakage. After a _series of experiments_ < https://blog.nightly.mozilla.org/2019/04/01/reducing-notification-permission-prompt-spam-in-firefox/ >, we launched _strong restrictions_ < https://blog.mozilla.org/futurere

Intent to Ship: Require user interaction for session history entries

In bug 1515073 I plan to land an intervention that is aimed to reduce user frustration from an issue with malfunctioning or malicious websites which is commonly known as the “broken back button”. For user-initiated session history interactions

Re: Intent to Ship: Require user interaction for session history entries

o add once this is available on central. I filed bug 1644595 for continuing that discussion. Thanks for calling that out! On Tue, Jun 9, 2020 at 11:30 PM wrote: > On Tuesday, June 9, 2020 at 2:17:02 PM UTC-7, Johann Hofmann wrote: > > In bug 1515073 <https://bugzilla.mozilla.or

Re: Searchfox now provides code coverage information directly in the code listing!

This is really really cool. Guess I'll stay loyal to the premier source code indexing tool for Mozilla Firefox. Thank you to everyone involved! On Tue, Oct 6, 2020 at 4:12 AM Andrew Sutherland < asutherl...@asutherland.org> wrote: > Have you ever been consulting the most excellent code coverage >