Open Bug 1110074 Opened 9 years ago Updated 8 months ago

[BrowserAPI] Change "browser" permission to certified apps only


(Core :: DOM: Core & HTML, defect, P5)





(Reporter: kanru, Unassigned)



As discussed in mozlandia we both think it's a mistake to allow privileged app to use browser-api. We should change it to certified only, or restrict a subset to certified only.
We're using this API in our app:
I chatted a bit with Paul about that. While not ideal, he believes we are not at risk of permission leakage because of csp and origin checks. So hold on for now.
I think getScreenshot() is probably the most privileged bit of the Browser API?

Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5.

If you have questions, please contact :mdaly.
Priority: -- → P5
Component: DOM → DOM: Core & HTML
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.