Brad Fitzpatrick (brad) wrote,
Brad Fitzpatrick
brad

Firefox bugs

My beef with Firefox:

Firefox doesn't have HttpOnly cookies, even though LiveJournal had avva write a patch for Mozilla over a year ago:
https://bugzilla.mozilla.org/show_bug.cgi?id=178993

Javascript in external CSS doesn't have the same-origin restrictions that Internet Explorer does, allowing untrusted remote CSS to do malicious things:
https://bugzilla.mozilla.org/show_bug.cgi?id=324253

See my comment there for more information.

Either one of these would've prevented us from going with one-domain-per-user (our new URL scheme), and the forthcoming cookie changes where we have master cookies and per-domain cookies that are signed by the master cookie.

Fun, but a pain in the ass too.
Tags: javascript, security, tech, work
Subscribe

  • Doing Hos is Hard Work

    Etch-a-Sketch doesn't involve much hill climbing. GPS-a-Sketch in San Francisco does, however: Merry Christmas from me and…

  • Adventurous Weekend

    Before I fall asleep, I'll try to recap the awesomeness that was this weekend. Friday: -- kinda short day at work, due to floor…

  • Bike Route

    A fellow biker last Friday recorded our ride to work: our ride.

  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 30 comments

  • Doing Hos is Hard Work

    Etch-a-Sketch doesn't involve much hill climbing. GPS-a-Sketch in San Francisco does, however: Merry Christmas from me and…

  • Adventurous Weekend

    Before I fall asleep, I'll try to recap the awesomeness that was this weekend. Friday: -- kinda short day at work, due to floor…

  • Bike Route

    A fellow biker last Friday recorded our ride to work: our ride.