Open
Bug 413733
Opened 17 years ago
Updated 2 years ago
check for malware on img tags
Categories
(Core :: DOM: Navigation, defect)
Tracking
()
NEW
People
(Reporter: dcamp, Unassigned)
Details
For blocking malware on hacked ad servers, we want to be able to block individual scripts and css loads.
The url-classifier lookup is relatively slow, so checking every script/stylesheet load would be pretty slow. At the security review we discussed the possibility of checking just scripts that come from a different origin as the page. This would allow us to catch script loads coming from ad servers, (hopefully) without penalizing the bulk of the scripts/stylesheet loads.
Flags: blocking1.9?
|
||
Updated•17 years ago
|
Whiteboard: [sg:want P1]
|
||
Comment 1•17 years ago
|
||
Putting on the wanted list
Flags: wanted1.9+
Flags: blocking1.9?
Flags: blocking1.9-
|
Reporter | |
Comment 2•17 years ago
|
||
It might be worth just checking every tag when we do this (subsequent lookups on the same domain are a whole lot faster than the first lookup), so I'm removing that from the summary.
Summary: check for malware on different-origin script/css tags → check for malware on script/css/img tags
|
|
||
Comment 3•16 years ago
|
||
Fixed for scripts and css in bug 441359. I don't think it's that important to do it for images.
Group: core-security
Depends on: 441359
|
||
Comment 4•16 years ago
|
||
(In reply to comment #3)
> Fixed for scripts and css in bug 441359. I don't think it's that important to
> do it for images.
I agree - would you agree that this is no longer [sg:want P1]?
(Morphing bug to drop CSS/Scripts references).
Summary: check for malware on script/css/img tags → check for malware on img tags
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•