Identity/Security/RP logo
From MozillaWiki
Contents
Displaying logos from Relying Parties in the dialog
Relying parties are able to specify an image, through the siteLogo option.
See this related discussion: https://groups.google.com/d/topic/mozilla.dev.identity/OumzKDFTroE/discussion
Risks
- browser executing scripts contained inside the file
- large image taking over the visible portion of the dialog and changing the layout in a confusing or malicious way
Mitigations
- siteLogo must be specified as an absolute path on the RP site, therefore it has the RP as the origin
- the image be served over HTTPS to avoid mixed content issues
- since the dialog supplies the img, we can be sure that the layout is not confusing to the end-user and we can use CSS rules on outer elements to enforce
a maximum size
Background
- Bugs with executable content embedded in images