[WEB SECURITY] Re: Minimal User Interaction with Links

51l3n73y3s 51l3n7 at live.in
Mon Aug 17 14:27:29 EDT 2009


Bil,

Now it's crystal. Thank you so much, I somehow didn’t get that at bugzilla.

-Sandeep Cheema

--------------------------------------------------
From: "Bil Corry" <bil at corry.biz>
Sent: Monday, August 17, 2009 11:48 PM
To: "51l3n73y3s" <51l3n7 at live.in>
Cc: "Schmidt, Chris" <cschmidt at servicemagic.com>; "Steven M. Christey" 
<coley at linus.mitre.org>; <micheal.espinola at gmail.com>; 
<security-basics at securityfocus.com>; <websecurity at webappsec.org>
Subject: Re: [WEB SECURITY] Re: Minimal User Interaction with Links

> 51l3n73y3s wrote on 8/17/2009 12:14 PM:
>> You got it wrong too.The certificate is popping right after the "google"
>> search, not after clicking on any of the links. I have attached the
>> screenshot at the bugzilla link mentioned before.
>
> Google includes a prefetch link for the search first result which causes 
> Firefox to prefetch the URL.  You can disable this behavior in Firefox by 
> going to "about:config", filter on "network.prefetch-next" and set it to 
> "false".  More info here:
>
> http://kb.mozillazine.org/Network.prefetch-next
> https://developer.mozilla.org/en/Link_prefetching_FAQ
>
> That second URL mentions pre-fetching on HTTPS was originally disabled for 
> security reasons, but in FF3.5 was enabled.  Perhaps you could make the 
> argument that it should be disabled again via your bug.
>
>
> - Bil
>
> 

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list