Open Bug 413733 Opened 17 years ago Updated 2 years ago

check for malware on img tags

Categories

(Core :: DOM: Navigation, defect)

x86
macOS
defect

Tracking

()

People

(Reporter: dcamp, Unassigned)

Details

For blocking malware on hacked ad servers, we want to be able to block individual scripts and css loads. The url-classifier lookup is relatively slow, so checking every script/stylesheet load would be pretty slow. At the security review we discussed the possibility of checking just scripts that come from a different origin as the page. This would allow us to catch script loads coming from ad servers, (hopefully) without penalizing the bulk of the scripts/stylesheet loads.
Flags: blocking1.9?
Whiteboard: [sg:want P1]
Putting on the wanted list
Flags: wanted1.9+
Flags: blocking1.9?
Flags: blocking1.9-
It might be worth just checking every tag when we do this (subsequent lookups on the same domain are a whole lot faster than the first lookup), so I'm removing that from the summary.
Summary: check for malware on different-origin script/css tags → check for malware on script/css/img tags
Fixed for scripts and css in bug 441359. I don't think it's that important to do it for images.
Group: core-security
Depends on: 441359
(In reply to comment #3) > Fixed for scripts and css in bug 441359. I don't think it's that important to > do it for images. I agree - would you agree that this is no longer [sg:want P1]? (Morphing bug to drop CSS/Scripts references).
Summary: check for malware on script/css/img tags → check for malware on img tags
Yes.
No longer depends on: 441359
Whiteboard: [sg:want P1]
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.