[BrowserAPI] Change "browser" permission to certified apps only

NEW
Unassigned

Status

()

P5
normal
4 years ago
3 months ago

People

(Reporter: kanru, Unassigned)

Tracking

(Blocks: 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

4 years ago
As discussed in mozlandia we both think it's a mistake to allow privileged app to use browser-api. We should change it to certified only, or restrict a subset to certified only.
We're using this API in our app: https://github.com/andreasgal/j2me.js
I chatted a bit with Paul about that. While not ideal, he believes we are not at risk of permission leakage because of csp and origin checks. So hold on for now.
I think getScreenshot() is probably the most privileged bit of the Browser API?
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046

Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5.

If you have questions, please contact :mdaly.
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.