(In reply to Daniel Veditz [:dveditz] from comment #3) > mozAddonManager needs to die for sure (look at the conniptions WebExtensions code goes through keeping useful extensions away from that site for fear that API will be abused). Also users assume language packs are safe ("it's just text, right?") although they never have been and were treated as fully privileged legacy addons in the past for good reason. Just pondering 1538008 which stems basically from the same problem. In that bug there was discussion of isolating the domain (accounts.firefox.com) to prevent access to the API. Just mentioning it here for completeness - maybe we want to follow the same solution for both. (I don't know if isolation privileged origins is an option for this bug though, especially not when we include remote js on AMO still - bug 1422131).
Bug 1538007 Comment 31 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Daniel Veditz [:dveditz] from comment #3) > mozAddonManager needs to die for sure (look at the conniptions WebExtensions code goes through keeping useful extensions away from that site for fear that API will be abused). Also users assume language packs are safe ("it's just text, right?") although they never have been and were treated as fully privileged legacy addons in the past for good reason. Just pondering 1538008 which stems basically from the same problem. In that bug there was discussion of isolating the domain (accounts.firefox.com) to prevent access to the API. Just mentioning it here for completeness - maybe we want to follow the same solution for both. (I don't know if isolation privileged origins is an option for this bug though, especially not when we include remote js on AMO still - bug 1380537).
(In reply to Daniel Veditz [:dveditz] from comment #3) > mozAddonManager needs to die for sure (look at the conniptions WebExtensions code goes through keeping useful extensions away from that site for fear that API will be abused). Also users assume language packs are safe ("it's just text, right?") although they never have been and were treated as fully privileged legacy addons in the past for good reason. Just pondering bug 1538008 which stems basically from the same problem. In that bug there was discussion of isolating the domain (accounts.firefox.com) to prevent access to the API. Just mentioning it here for completeness - maybe we want to follow the same solution for both. (I don't know if isolation privileged origins is an option for this bug though, especially not when we include remote js on AMO still - bug 1380537).