- Mozilla Connect
- Ideas
- Put supported security feature to (real/better) us...
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
The Quarantined Domains functionality exists, but, by default is barely being used, it seems. It does make sense that most plugins not work on safety-critical sites, by default.
~.list just contains 6 domains, all the .br (Brazil) TLD. Should it be expanded or sunset?
Adding hundreds or thousands of domains to the list, for the worlds largest banks, crypto sites, github, etc doesn't feel scalable. (Wikipedia has a List_of the world's 100 largest_banks; here's a list of the top n(24) bank domains from AI. We could add them, but doesn't feel like a good strategy.)
Or, the feature could expand the quarantine to include, e.g. all domains with Extended Validation (EV) TLS/SSL certificates - I'm guessing/presuming it could be a good proxy for high value target.
Brazil is a big country, but it seems odd to have this feature since 115, but for these 6 domains, only. Sunset the feature?
Context:
Firefox version 115 introduced Quarantined Domains to protect user privacy and security when we discover significant security issues presented by malicious actors. This feature allows us to prevent attacks by malicious actors targeting specific domains when we have reason to believe there may be malicious add-ons we have not yet discovered. - as noted at https://support.mozilla.org/en-US/kb/quarantined-domains?as=u&utm_source=inproduct
Which is linked to from each extension's settings under
- New idea 8,985
- Trending idea 62
- Needs more 2
- In review 12
- Exploring more 11
- In development 58
- Not right now 8
- Delivered 223
- Closed 44
