Security/Features/Mixed Content Blocker

From MozillaWiki
Jump to: navigation, search
Please use "Edit with form" above to edit this page.

Status

Mixed Content Blocker
Stage Complete
Status Complete
Release target Firefox 23
Health OK
Status note `

Team

Product manager Sid Stamm
Directly Responsible Individual Tanvi Vyas
Lead engineer Tanvi Vyas
Security lead Dan Veditz
Privacy lead Sid Stamm
Localization lead `
Accessibility lead `
QA lead Mihai Morar
UX lead Larissa Co
Product marketing lead `
Operations lead `
Additional members Brandon Sterne, Christoph Kerschbaumer

Open issues/risks

Future UI tweaks

Edge Cases

Stage 1: Definition

1. Feature overview

The Mixed Content Blocker prevents "mixed script" content, defined as mixed content loads of scripts, plugins, and stylesheets, from being loaded into a secure web page. The primary threat model is the active network attacker who modifies the contents of mixed script resources to compromise the integrity of a secure web application. This feature blocks mixed scripts from loading by default, and adds UI that enables a user to reload the page with the insecure content permitted to load.

Detailed blog posts: https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/

https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-firefox-aurora/

https://blog.mozilla.org/security/2013/06/27/mixed-content-blocker-hits-firefox-beta/

2. Users & use cases

`

3. Dependencies

`

4. Requirements

`

Non-goals

To prevent the disclosure of cookies and other sensitive data through mixed display content, such as images, and video. We have a pref, disabled by default, which when enabled would block these loads as well using the same infrastructure.

Stage 2: Design

5. Functional specification

Blocking of the mixed content loads occurs at the nsIContentPolicy level. When such a block occurs, the content policy fires an event at the document containing the mixed content, which causes the browser to display UI notifying the user that content was blocked, and providing the option to reload the page with the mixed content enabled.

The reload-with-insecure-content flag is stored on the session history entry, so navigating back and forward through the browsing history, if a page was allowed to load mixed content, would cause the page to be rendered with mixed content again. If the mixed content page is visited in a new tab, or the navigation chain is otherwise broken, then the page will go back to the default block-mixed-content state.

6. User experience design

http://people.mozilla.com/~lco/ProjectSPF/Mixed_Content/Mixed_Content_Spec/

Stage 3: Planning

7. Implementation plan

https://bugzilla.mozilla.org/show_bug.cgi?id=815321 - Master Bug

8. Reviews

Security review

`

Privacy review

`

Localization review

`

Accessibility

`

Quality Assurance review

`

Operations review

`

Stage 4: Development

9. Implementation

`

Stage 5: Release

10. Landing criteria

`


Feature details

Priority P1
Rank 999
Theme / Goal Product Hardening
Roadmap Security
Secondary roadmap `
Feature list `
Project `
Engineering team Security

Team status notes

  status notes
Products ` `
Engineering ` `
Security ` `
Privacy ` `
Localization ` `
Accessibility ` `
Quality assurance ` Test Plan
User experience ` `
Product marketing ` `
Operations ` `