>If it would be the former, then that would be a security issue, although I am not informed either on how the security model for extensions looks like, how far they are intended to be isolated from whatever parts of the browser Native messaging extensions contain a native code part that runs with the same permissions as the main process of the browser itself. It's hence not clear what the security issue would be, given that you're already starting from such a privileged state, i.e. you already have the same powers as Firefox itself. Similarly: >IMHO this can be exploited by a malicious extension, at least to collect meta information about the network connections opened by Firefox. If you have installed and are running native code (required for WebExtensions' native messaging) and it is malicious, then it doesn't need this bug to snoop on Firefox's network connections. It can just replace the real Firefox binary by a fake one that sends all the data to the attacker directly. So although this is a bit ugly, I don't see any indications there's a real security issue here. >I first found out about this bug when I discovered that deleting large files downloaded by Firefox doesn't always free up the space they were using because a native messaging subprocess could still be holding handles to them. Downloads aren't sockets, so this should be easier to address. It may be worth filing this separately.
Bug 1452461 Comment 13 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
>If it would be the former, then that would be a security issue, although I am not informed either on how the security model for extensions looks like, how far they are intended to be isolated from whatever parts of the browser Native messaging extensions contain a native code part that runs with the same permissions as the main process of the browser itself. It's hence not clear what the security issue would be, given that you're already starting from such a privileged state, i.e. you already have the same powers as Firefox itself. Similarly: >IMHO this can be exploited by a malicious extension, at least to collect meta information about the network connections opened by Firefox. If you have installed and are running native code (required for WebExtensions' native messaging) and it is malicious, then it doesn't need this inheritance behavior to snoop on Firefox's network connections. It can just replace the real Firefox binary by a fake one that sends all the data to the attacker directly. So although this is a bit ugly, I don't see any indications there's a real security issue here. >I first found out about this bug when I discovered that deleting large files downloaded by Firefox doesn't always free up the space they were using because a native messaging subprocess could still be holding handles to them. Downloads aren't sockets, so this should be easier to address. It may be worth filing this separately.
>If it would be the former, then that would be a security issue, although I am not informed either on how the security model for extensions looks like, how far they are intended to be isolated from whatever parts of the browser Native messaging extensions contain a native code part that runs with the same permissions as the main process of the browser itself. It's hence not clear what the security issue would be, given that you're already starting from such a privileged state, i.e. you already have the same powers as Firefox itself. Similarly: >IMHO this can be exploited by a malicious extension, at least to collect meta information about the network connections opened by Firefox. If you have installed and are running native code (required for WebExtensions' native messaging) and it is malicious, then it doesn't need this inheritance behavior to snoop on Firefox's network connections. It can just replace the real Firefox binary by a fake one that sends all the data to the attacker directly. So although this is a bit ugly, I don't see any indications there's a real security issue here. The starting point for any exploit of this behavior ("I installed native code that is malicious") already amounts to a full system compromise, at which point any browser security feature is meaningless. >I first found out about this bug when I discovered that deleting large files downloaded by Firefox doesn't always free up the space they were using because a native messaging subprocess could still be holding handles to them. Downloads aren't sockets, so this should be easier to address. It may be worth filing this separately.