window.open(url, '', 'dialog') is phishing fodder and spoofable itself, what's the UX plan?

In the context of the email app's OAuth2 flow on dev-webapi the issue of 
the phishing risk of doing window.open()-triggered OAuth2 dances was 
raised 
(https://groups.google.com/d/msg/mozilla.dev.webapi/oqPPmSrt1Ws/i5TKEFdkNYIJ). 
And it's a very good point, because even as an expert developer, using 
the v2.1 UI, I have no idea how to tell if I'm getting phished or not 
from within our apps.

Specifically:

- The window.open UI as triggered with the 'dialog' has a title-ish bar 
across the top.  It has an 'x' and the document.title.  (The title is 
initially the URL, but it is replaced with the title almost 
immediately.)  Tapping on the document.title does nothing.  Which is 
probably fine since this whole UI resides inside space controlled by the 
email app, so it's not like a rogue app couldn't spoof that itself.

- The task switcher ends up showing the screenshot of the window.open'ed 
webpage without that title-bar thing.  The app name is still associated 
with the app.  Which is arguably good, except the email app really is 
opening a legitimate Google page and the user has no way to actually 
verify that.


I understand this is a very tricky problem space and that maybe our 
plans call for Haida to resolve this.  I'd love if there's a specific 
URL I could go to to find out our comprehensive strategy for providing 
affordances for user's to tell who/what is in control of the UI and 
setting user expectations to be aware of that (like the lock icon on 
normal Firefox).  I linked to some info on attack-defense trees in a 
dev-b2g post last night 
(https://groups.google.com/d/msg/mozilla.dev.b2g/4JB7B5or1J8/eCpDwOHneywJ) 
that might be interesting if we don't already have a formalism for 
dealing with user expectations/phishing/etc.

Given that we have the single-tap-to-rocketbar idiom that can't be 
escaped except by full-screen, can we include a URL bar / app indicator 
at the top of the screen when it is triggered and the user is in an app 
context where a chrome-controlled URL bar is not already present?  When 
the screen is displaying the email app's window (including things 
spoofed by the email app), it could say "E-mail" app.  When we've got a 
window.open'ed dialog, it could say "Pop-up: [lock icon] 
https://accounts.google.com/o/oauth2/auth?blahblahblbhalbhalbhblalblbhalabhal".

Thanks!
Andrew
0
Andrew
9/10/2014 7:50:34 PM
mozilla.dev.gaia 3196 articles. 0 followers. Post Follow

0 Replies
720 Views

Similar Articles

[PageSpeed] 5

Reply:

Similar Artilces:

''''''''''''''''''''
Name: haznen Email: haznenatyahoodotcom Product: Gran Paradiso Alpha 8 Summary: '''''''''''''''''''' Comments: '''''''''''''''''''''''''''''''''''' Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20061204 UGES/1.7.2.0 GranParadiso/3.0a1 From URL: http://www.mozilla.org/projects/granparadiso/ Note to readers: Hendrix gives...

'''''
Name: mario Email: ramar17atfastwebnetdotit Product: Gran Paradiso Alpha 2 Summary: ''''' Comments: K: Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a2) Gecko/20070206 GranParadiso/3.0a2 ...

'do' won't 'do' if '/'
Greetings to All from Au, Have a NetWare Perl 5.8.4 and wanted to tweak File\Spec\NW.pm to try and standardise on '/' separators. If I run a test script (t/uni/lower.t) with an unmodified NW.pm, it calls t/uni/case.pl, that, in case.pl, (when the path separators are '\'), the $file is '..\lib\unicore\To\Lower.pl' and the following code portion works, with $simple getting a returned table: sub casetest { my ($base, $spec, $func) = @_; my $file = File::Spec->catfile(File::Spec->catdir(File::Spec->updir, "lib", &qu...

'''
Name: L Lachowsky Email: e2brutus_10atyahoodotcom Product: Firefox Summary: ''' Comments: why duddn this surprise me... I change default server from IE to Mozilla, and then i get error messages. well, shud I decide to not get on my computer with Mozilla..or shud I risk security breeches with IE....hmmm at least i can get on the internet with IE Browser Details: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this fee...

Cast from type ''''DBNull'''' to type ''''String'''' is not valid.
How do I avoid getting this error: Cast from type ''''DBNull'''' to type ''''String'''' is not valid. I am trying to get values from the database into a form for updating using a Datareader, SQL is set to allow nulls for certain fields as they are not required but the only way I can get the form to display is by adding a space in SQL. Is there another way around this? Check if it is equal to DBNull.Value first and if it is, don't do the cast.Stanley Tan theSpoke Blog Where in the code does it need to go? I am using the following and it's the profile that isn't always requi...

table_info('','','','%') cannot return any types
I was recently confirming table_info special cases and discovered the case for getting table_types cannot work. table_info('','','','%') should return a list of table types but it returns a list of empty strings instead: my @types = $h->tables('', '', '', '%'); print "all types:\n", join("xxx\n", @types), "\n"; # should output something like: # "dbo" # "INFORMATION_SCHEMA" # "sys" # and actually outputs: xxx xxx It seems to be down to the following ...

'or' or 'union'
Hello I was just wondering, in general what is better to use, an 'or' clause in a select or a 'union' to join two selects together. Do both statements create work tables? Many thanks Alex I think OR will be better than union. because suppose u have 3 tables and using OR u can join table a and table b and table c so each table will have only one read. but using union you will join table a and table b and in another query of union u will use table (a or b) and table c so ur one read is more in union . Ramdas Alex Cheung wrote: > Hello > >...

'b'..'a'
Hello. I'm using defferent 5.6.0's for Win32. I wonder wheter following behaviour is intentional or not: d:\>perl -e "print 'b'..'c'" bc d:\>perl -e "print 'b'..'a'" bcdefghijklmnopqrstuvwxyz I expected empty list in latter case, like in perl -e "print 'bb'..'a'" <!ENTITY Vadim REALLIFE "Vadim V.Konovalov, St.Petersburg, Russia"> &Vadim; On Wed, Sep 20, 2000 at 03:14:41PM +0400, Konovalov, Vadim wrote: > Hello. > > I'm using defferent 5.6.0'...

'IN' Clause or 'OR'
Hello, [1]: select * from TABLEA where COL1 IN('value1','value2''valu3'....) [2]:select * from TABLEA where COL1 = 'value1' OR COL1= 'value2' OR COL1='valu3'. TABLEA is a huge table and it has non-clustered index on COL1. Among the above 2 queries, which query will give me the better performance or fast response and WHY? What is the difference between 'IN' and 'OR' clauses as for as Sybase Optimization is concerned. Which is the better one to be used on huge tables. Thanks. Mac An IN list is treated ...

about open with pipe '-|', '|-'
I guess I need a mnemonic device to trick myself into remembering which way the pipe with dash symbol goes. And I suppose I should apologize for the cry baby rant in advance: Even now I'm flopping around trying to remember... I've written scripts involving sending mail with sendmail from perl. Or capturing the output of rsync etc. I used a piped open like this: open my $ch, '|-', "$sendm" or die "Can't open $sendm: $!"; while (<$sch>){ print $ch bleh; print $ch blah; } Or perhaps it...

no ''Open All in Tabs''
no "Open All in Tabs" --------------------- When you browse a folder @ the "Bookmark Toolbar" and this folder is not displayed (you see this ">>") and when you reach this folder and its got a few bookmarks inside you will not see "Open All in Tabs" * note: first time I thought that this us only happen with a javascript bookmarks folder, but this is the same for all (RSS ATOM General...) images... http://img507.imageshack.us/img507/9/20070616165459fv3.png http://img507.imageshack.us/img507/4949/20070616165541wd9.png http://img507.images...

'NMDayTim', 'Psock' , 'NMTime' , 'NMFtp' can not be opened.
hello, my colleague have developed an application under c++ builder 5. so now i should undertake it and optimize it. last days i have installed the C++ Builder 2010 testversion to get some experience on it, because i have not used it before. when i try to compile the old project in C++ builder 2010, comes some Compile errors. Also, there are some Includes like 'NMDayTim', 'Psock' , 'NMTime' , 'NMFtp' in this old Project. they can be found and compiled in the old c++ Builder 5. but not in c++ builder 2010. so i want to know do i solve this problem or go...

'To', 'CC', & 'BCC'
Name: Dick Tracy Email: philipdottracyatoptusnetdotcomdotau Product: Thunderbird Summary: 'To', 'CC', & 'BCC' Comments: I have just started using Thunderbird and while I find it quite excellent- I suggest having a button to add addressees to 'BCC' as well. Currently each 'BCC' addressee has to be selected manually. I send e-mail to quite a number of people at a time and I do not wish to readily spread others addresses easily. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0....

'Value' should be between 'minimum' and 'maximum'.
I'm attempting to invoke with parameters:  Dim thing2 As New mydelsubPBStep(AddressOf pbStep) Me.Invoke(thing2, "setMax", dt.Rows.Count)      <---- this is where the error occurs   the delegate looks like this: Private Delegate Sub mydelsubPBStep(ByVal mode As String, ByVal value As Integer)   the function it's calling looks like this:Private Sub pbStep(ByVal mode As String, ByVal value As Integer) Select Case mode.ToLower Case "clear" ProgressBar1.Value = 0 Case "step" ProgressBar1.PerformStep() L...

Web resources about - window.open(url, '', 'dialog') is phishing fodder and spoofable itself, what's the UX plan? - mozilla.dev.gaia

Resources last updated: 12/25/2015 2:18:10 PM