>Does gecko have Web API or Browser Extension API that allows a third-party application to read the local files? Extensions are allowed to communicate with native apps, which could read those files. >If not, does changing 0644 to 0600 make it a bit safer? As already explained, this makes no difference whatsoever because it would be running as the same user anyway. *I can't really give meaningful input here without understanding what the threat model would be.* I can only observe what is technically possible and what is being done right now.
Bug 1642729 Comment 20 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
>Does gecko have Web API or Browser Extension API that allows a third-party application to read the local files? Extensions are allowed to communicate with native apps, which could read those files. >If not, does changing 0644 to 0600 make it a bit safer? As already explained, this makes no difference whatsoever because it would be running as the same user anyway. If the file contains highly sensitive content, perhaps it should sit somewhere where content process don't have access to it (i.e. where it would be blocked by sandbox restrictions)? I don't know if the current dir qualifies. *I can't really give meaningful input here without understanding what the threat model would be.* I can only observe what is technically possible and what is being done right now.
>Does gecko have Web API or Browser Extension API that allows a third-party application to read the local files? Extensions are allowed to communicate with native apps, which could read those files. >If not, does changing 0644 to 0600 make it a bit safer? As already explained, this makes no difference whatsoever because it would be running as the same user anyway. If the file contains highly sensitive content, perhaps it should sit somewhere where content processes don't have access to it (i.e. where it would be blocked by sandbox restrictions)? I don't know if the current dir that is used qualifies. *I can't really give meaningful input here without understanding what the threat model would be.* I can only observe what is technically possible and what is being done right now.
>Does gecko have Web API or Browser Extension API that allows a third-party application to read the local files? Extensions are allowed to communicate with native apps, which could read those files. >If not, does changing 0644 to 0600 make it a bit safer? As already explained, this makes no difference whatsoever because it would be running as the same user anyway. If the file contains highly sensitive content, perhaps it should sit somewhere where content processes don't have access to it (i.e. where it would be blocked by sandbox restrictions)? I don't know if the current dir that is used qualifies. *I can't really give meaningful input here without understanding what the threat model would be.* I can only observe what is technically possible and what is being done right now, and I'm not sure if that's really helpful :)