![]() If an undetected bug in Firefox somehow allows the main page of the blog to access data inside the frames despite the protections in place, the malicious owner of (or someone who had already stolen the domain) may be able to take advantage of this bug to impersonate the Firefox user in the Facebook and Twitter frames, and possibly use this impersonation to send fake messages or read private messages. Without Site Isolation, this entire page runs in a single process. With Site Isolation, pages and frames are executed in processes dedicated to their origin.Ĭonsider a blog on with a Facebook like button (frame from ) and a Twitter button (frame from ). Site Isolation is a new counter-measure dedicated to this purpose. However, if a bug somehow slips past developers, analysis and tests, and a sufficiently cunning attacker manages to find the bug before it can be fixed, they can sometimes craft a page specifically designed to access data from other sites that the user is currently visiting or has recently visited.įirefox developers already employ a number of counter-measures to make such undetected bugs less likely to succeed, from programming in memory-safe languages to adopting defensive programming techniques. The Firefox teams and the Mozilla security teams invest considerable effort in avoiding security bugs, or, if they exist, finding them out and fixing them before release. Web security is designed in such a way that websites or webframes cannot access each other's data inside the browser. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |