102
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 22 Jan 2024
102 points (100.0% liked)
Firefox
20340 readers
77 users here now
/c/firefox
A place to discuss the news and latest developments on the open-source browser Firefox.
Rules
1. Adhere to the instance rules
2. Be kind to one another
3. Communicate in a civil manner
Reporting
If you would like to bring an issue to the moderators attention, please use the "Create Report" feature on the offending comment or post and it will be reviewed as time allows.
founded 5 years ago
MODERATORS
I wish the invalid SSL cert warning and the password field on HTTP warning could be permanently disabled for all private IP ranges. They are incredibly annoying.
That would mean malware can use your local ip and hostfile for mitm attacks.
Isn't it already game over if malware can write into your hostfile? At least on Windows you need some elevated access for it, which means such malware could just read/write the target program's memory directly instead of resorting to clunky MitM.
If malware can write my hosts file it's probably all over anyways, it has admin access and just keylog everything and pull passwords directly from browsers.
I'm not saying it should be the default, I just want an
about:configoption to disable them (they used to have one for the insecure password field but it no longer works).Pretty much the only place where I see them. Let’s hope we can disable it in the future.