[whatwg] Security risks of persistent background content (Re: Installed Apps)

On Jul 30, 2009, at 10:18 AM, Michael Davidson wrote:

> On Tue, Jul 28, 2009 at 10:58 PM, Maciej Stachowiak<mjs at apple.com>  
> wrote:
>>
>> Here's some security risks I've thought about, for persistent  
>> workers and
>> persistent background pages:
>>
>> <great list of risks>
>
> Thanks for the list, Maciej. However, Firefox extensions today have
> all of the same problems. Do you consider the permission UI in Firefox
> insufficient? Given Safari's extension model, I'm going to guess the
> answer is yes. The fact that FF has extensions, however, at least
> shows that one browser vendor believes that sufficient permission UI
> exists.

I'm not sure if I'd be totally comfortable with putting something as  
streamlined as the Firefox extensions model. As presented on <http://addons.mozilla.org/ 
 >, it seems fine - the extensions posted there are centrally vetted  
and reviewed, the user has to take a clear explicit step to start the  
install, and there is a revocation model.

But the fact that third party pages can trigger automated extension  
install seems problematic. For example, just visiting <http://gears.google.com/download.html 
 > in Firefox, I am immediately faced with an alert dialog where the  
default button will install native code that runs in my browser. If  
any page can do that, then browsing with Firefox puts you one "enter"  
keystroke away from running native code (well, once Firefox restarts,  
anyway). I'm not really sure why Mozilla thinks that is ok.

Regards,
Maciej

Received on Thursday, 30 July 2009 14:04:35 UTC