Just landed a patch in @FirefoxNightly to disallow FTP subresources everywhere. Only top level documents continue to be allowed. This fixes various security issues as documented here https://blog.hboeck.de/archives/891-Some-minor-Security-Quirks-in-Firefox.html … by @hanno. And less unencrypted stuff on the web!
Excellent. I was wondering if treatment of http as insecure would extend to ftp, etc. BTW are there other legacy protocols (gopher? ...) still supported that might need this treatment too?
-
-
I think I checked that all :-) all other stuff got removed at some point, file URIs can't be used from webpages.
-
but there are other worrying issues of similar kinds, e.g. an iframe can ask for permissions
-
Oh I can see potential issues there. Did you have a bug for that as well?
End of conversation
New conversation -
-
-
I think I remember Gopher support being removed a few years ago.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.