Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Critical security issue still exists for FF4 #28

Closed
fkling opened this issue Mar 7, 2011 · 8 comments

Comments

@fkling
Copy link
Owner

commented Mar 7, 2011

The solution introduced in a3e799e does not work in FF4.

To me this seems to be a bug in Firefox itself. I will follow this issue and hope this will be fixed by them. If not, I have to think about something else :-/

@jthomas65

This comment has been minimized.

Copy link

commented Mar 11, 2011

so, is it better not to update in FF4?

@fkling

This comment has been minimized.

Copy link
Owner Author

commented Mar 11, 2011

Well, I would not say that you should not upgrade to FF4 just because of this plugin. But you should be aware of that fact that pages could read the content of your notes.

Honestly I think it is an unlikely scenario, but it is a potential thread. Just don't put any sensitive information in the notes.

I will figure out a way how to make it work...

@jthomas65

This comment has been minimized.

Copy link

commented Mar 11, 2011

sorry... misunderstanding ;)
I wondered if it's better not to upgrade the add-on to this version...
working with FF4 since Beta10, now RC1, and the current version of floatnotes is working greatly :)))

@fkling

This comment has been minimized.

Copy link
Owner Author

commented Mar 11, 2011

Ah :) The plugin works exactly as before. The only difference is that now in Firefox 3.6, webpages cannot access the contents anymore. But this security measure has no effect in Firefox 4.

So you can "safely" upgrade. I still hope that the reason why it does not work is a bug in Firefox 4. If not... I actually have no idea what I can do else to protect "in-page" notes...

@jthomas65

This comment has been minimized.

Copy link

commented Mar 11, 2011

;) thnx!

I would have some more spare time in this period.. maybe I could help :-/

@fkling

This comment has been minimized.

Copy link
Owner Author

commented Mar 13, 2011

:) Thank you for your offer! There is always something to do. Unfortunately, my code is not very well documented (actually it is not at all ;))

Anyway, regarding this issue, I wrote to the security mailing list and it seems to be a bug in FF4. I filed a bug report, so lets see what will happen.

@fkling

This comment has been minimized.

Copy link
Owner Author

commented Mar 16, 2011

Thanks to the mailing list it was easy to make it work for FF4. I will release a new version in the next days.

@fkling

This comment has been minimized.

Copy link
Owner Author

commented Mar 23, 2011

Closed by 0cd02e5: Content is not accessible in Firefox 4 anymore.

@fkling fkling closed this Mar 23, 2011

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.