On Thu, Feb 8, 2018 at 3:08 PM, Arthur D. Edelstein arthuredelstein@gmail.com wrote:
In general, login status can affect exploit risk significantly, so allowing blocking decisions to leak between login and non-login sites appears to be a security issue. If we modify NoScript to respect FPI, then that problem is averted.
Another variant might be: a government wants to deliver an exploit to everyone anonymously visiting a particular (first-party) site, say embarrassing-government-secrets.com. They again force a popular CDN provider, such as ajax.googleapis.com, to provide the exploit via a third-party script for that site specifically. Again, High Security users who have already unblocked that CDN under another, non-controversial first party such as stackoverflow.com are vulnerable in the absence of FPI. So that's an example where the risk of unblocking a third-party script depends on the trust a user has in the first-party domain.