1197456 - Launching child_process from add-on must use allowed origins

Status: RESOLVED WONTFIX

(Add-on SDK Graveyard :: General, defect, P1)

Description

[nkanand]

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36

Steps to reproduce:

The following API allows to execute child program in new process.
https://developer.mozilla.org/en-US/Add-ons/SDK/Low-Level_APIs/system_child_process.

Using these, add-ons can connect to native applications and provide business logic that may be available only on local machine.


Actual results:

This mechanism is prone to add-on spoofing, as a malicious add-on can use this to impersonate a legitimate add-on and interact with native application.


Expected results:

Lack of being able to validate add-on that launches the child program poses a big security risk.

Firefox must support "allowed_origins" as in: https://developer.chrome.com/extensions/nativeMessaging.

Using this, the native applications can control and authenticate add-ons that launch the child program. This helps in add-on authentication and prevent attacks by impersonation.

Comment 1

[MDN Team (:mdn-dev)]

Commits pushed to master at https://github.com/mozilla/kuma

https://github.com/mozilla/kuma/commit/f27d25dc79d2400201d20a0b1413b39872d58e9f
Bug 1197456: Allow RTD documentation to use fonts

https://github.com/mozilla/kuma/commit/f87e1e2366c9667359be27a33828338a69254803
Merge pull request #3590 from openjck/bug-1197456-rtd-fonts

Bug 1197456: Allow RTD documentation to use fonts

Comment 2

[Andy McKay]

We will be supporting this nativeMessaging in WebExtensions and using that protocol.