Support
Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Fully support Web USB and Web Serial

ali1234
Making moves
‎01-03-2022 12:34 PM
Status: New idea

Web-based IDEs like Arduino and Github Codespaces are now commonplace. They are hobbled in Firefox due to an inability to access development boards without installing extra system software, which rather defeats the purpose of having an IDE that runs in your browser. This is not the case on Chrome, where Web USB and Web Serial can be used. (Clarification: they *could* be used on Chrome, but often are not because developers don't want to maintain two separate codebases.)

I will preempt the response I have received every previous time I brought up this topic: Web USB and Web Serial present no more of a security risk than web camera or location data, and Firefox already has a permissions system to protect those. On the other hand, the software you have to install to make Arduino IDE work in Firefox starts a webserver that shares your serial port over a websocket, just so that your browser can connect to it. It isn't clear if there are any protections at all on that websocket.

I will also note than the current prevalence of web-based development environments is in part due to Mozilla's insistence that everything should be able to run in the browser, along with projects like Firefox OS.

https://developer.mozilla.org/en-US/docs/Web/API/Web_Serial_API

https://developer.mozilla.org/en-US/docs/Web/API/USB

Comment
92 Comments
Nebula-System
Strollin' around
‎23-10-2025 08:22 AM
‎23-10-2025 08:22 AM

@Jon if similar ideas have been merged does that mean we finally have enough votes to escalate this to the devs?

i think i speak for most people here when i say this: we're tired of waiting and having to switch to something chromium just to use features that are required for lots of modern development, and in lots of cases, ease of use, and in some, increased safety due to avoiding having to install software that's potentially vulnerable, and left installed after, increasing attack surfaces, when this would be locked behind an about:config flag and prompts for every use. no harm to normal users with it locked behind about:config, and requires manual approval for every site that asks to use it.

seriously, please escalate this to someone who can make this happen. i think at 136 votes, and you noting similar ideas being merged on at least a couple occasions, it's worth escalation, or can you at least tell us at what point it will be escalated, so we know how many votes we need?

Tyeth
New member
‎23-10-2025 10:49 AM
‎23-10-2025 10:49 AM

They'll likely be no escalation. This is an older bug+issue brought to the new forum so likely more votes, this just seems to be the thread new related posts gets appended to.

Key devs / decision makers feel it's beyond the abilities of Mozilla to educate users enough to have a safe level of consent / trust established, mainly due to the existing permissions model and UI, but also around code signing and how to establish trust with websites.

I feel to be honest that it's fair to point at the old adage, "You can try to make it foolproof, but you'll always find a bigger fool", and while limiting damage is the aim, you shouldn't deny all users a feature based on the risk for the biggest fool.

Sure, stick it disabled-by-default behind the protection of the about:flags page, with extra info and docs links, and make users agree on each site visit + reconnection, but you can't stop the tide (people just pick another browser).

 

There has instead been an officially endorsed attempt to use Addon's to alleviate this, unfortunately they don't seem to recognise that that's a bad practise in IT security terms (asking users to install addons). 

https://github.com/mozilla/standards-positions/issues/720

Copyright © 2025 Khoros, LLC