Open Bug 1110074 Opened 8 years ago Updated 3 years ago

[BrowserAPI] Change "browser" permission to certified apps only

Categories

(Core :: DOM: Core & HTML, defect, P5)

defect

Tracking

()

People

(Reporter: kanru, Unassigned)

References

Details

As discussed in mozlandia we both think it's a mistake to allow privileged app to use browser-api. We should change it to certified only, or restrict a subset to certified only.
I chatted a bit with Paul about that. While not ideal, he believes we are not at risk of permission leakage because of csp and origin checks. So hold on for now.
I think getScreenshot() is probably the most privileged bit of the Browser API?
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046

Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5.

If you have questions, please contact :mdaly.
Priority: -- → P5
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.