Re: Announcing the next Extended Support Release of Firefox - ESR60 with policy engine

On Wednesday, December 20, 2017 at 9:42:50 AM UTC-6, Sylvestre Ledru wrote: > First, as Dave Camp mentioned during the Firefox All Hands, we are started > some developments to improve > our support for enterprise users. > More information can be found on the wiki: > https://wiki.mozilla.org/Firef

Re: Intent to ship: Changes to ‘X-Frame-Options: SAMEORIGIN’

On Monday, November 27, 2017 at 9:32:20 AM UTC-6, Jonathan Kingston wrote: > Currently XFO only enforces same origin checks of the loading frame against > the top-level document when the SAMEORIGIN value is set[1][2]. However, XFO > does not check the entire ancestor chain before making a decision

Re: Intent to implement and ship: CSP exemptions for content injected by privileged callers

On Friday, September 29, 2017 at 2:32:57 PM UTC-5, Kris Maglione wrote: > Security & privacy concerns: > > This change will allow extensions to inject content into sites which can > (and probably will) cause security and privacy issues. However, it's > already quite easy for malicious or badly-