Tanvi Vyas

Security Engineer – @TanviHacks

Archive for Browser Security

Contextual Identities on the Web

The Containers Feature in Firefox Nightly enables users to login to multiple accounts on the same site simultaneously and gives users the ability to segregate site data for improved privacy and security. We all portray different characteristics of ourselves in different situations. The way I speak with my son is much different than the way… Read more

Categories: Browser Security

No More Passwords over HTTP, Please!

Firefox Developer Edition 46 warns developers when login credentials are requested over HTTP. Username and password pairs control access to users’ personal data. Websites should handle this information with care and only request passwords over secure (authenticated and encrypted) connections, like HTTPS. Unfortunately, we too frequently see non-secure connections, like HTTP, used to handle user… Read more

Categories: Browser Security

Updated Firefox Security Indicators

Cross posting this. It was written a couple months ago and posted to Mozilla’s Security Blog This article was coauthored by Aislinn Grigas, Senior Interaction Designer, Firefox Desktop November 3, 2015 Over the past few months, Mozilla has been improving the user experience of our privacy and security features in Firefox. One specific initiative has… Read more

Categories: Browser Security

Mixed Content Blocking Enabled in Firefox 23!

For the last few months, I’ve been working on the Mixed Content Blocker for Firefox.  I’ve been landing patches since Firefox 18 in hope of reaching this day. Mixed Active Content is now blocked by default in Firefox 23! What is Mixed Content? When a user visits a page served over HTTP, their connection is… Read more

Categories: Browser Security

User Specified Content Security Policy

This summer I worked on a Google Summer of Code Project called User Specified Content Security Policy with Kailas Patil (CS PhD student at the National University of Singapore). We created a Firefox add-on called UserCSP that allows users and developers to apply custom Content Security Policies to websites. A Content Security Policy is a… Read more

Categories: Browser Security