On Jul 30, 2009, at 10:18 AM, Michael Davidson wrote:
On Tue, Jul 28, 2009 at 10:58 PM, Maciej Stachowiak<[email protected]>
wrote:
Here's some security risks I've thought about, for persistent
workers and
persistent background pages:
<great list of risks>
Thanks for the list, Maciej. However, Firefox extensions today have
all of the same problems. Do you consider the permission UI in Firefox
insufficient? Given Safari's extension model, I'm going to guess the
answer is yes. The fact that FF has extensions, however, at least
shows that one browser vendor believes that sufficient permission UI
exists.
I'm not sure if I'd be totally comfortable with putting something as
streamlined as the Firefox extensions model. As presented on <http://addons.mozilla.org/
>, it seems fine - the extensions posted there are centrally vetted
and reviewed, the user has to take a clear explicit step to start the
install, and there is a revocation model.
But the fact that third party pages can trigger automated extension
install seems problematic. For example, just visiting <http://gears.google.com/download.html
> in Firefox, I am immediately faced with an alert dialog where the
default button will install native code that runs in my browser. If
any page can do that, then browsing with Firefox puts you one "enter"
keystroke away from running native code (well, once Firefox restarts,
anyway). I'm not really sure why Mozilla thinks that is ok.
Regards,
Maciej
