cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Minabsapi
New member
Status: New idea

(Before starting, I'd like to apologize for how broad the title of this idea looks, but I didn't find anything more straightforward).

Firefox, like most popular browsers, implement access control over some functionalities, such as camera, microphone, screen, notifications... for evident security reasons and/or convenience.

Although this is some great effort, I still do not think we users have enough control over what's happening when loading a webpage and the behavior of its scripts. I'd suggest some more eventual permission-based restrictions, suggestions that could hopefully be extended later:

  • Clipboard access: system's clipboard is known to possibly hold sensitive data, such as passwords. It isn't hard to imagine a scenario where a malicious script could be injected by any way in a login page and grab clipboard content to then send it to an external server on loading. Another problem regarding clipboard access is the fact it can be injected anything, which is not only inconvenient but a real danger in some cases like, for a more concrete scenario, users copying code that will then be pasted to a shell. Dedicated article here. (note: there may obviously may be possible ways to circumvent those specific problems, but they aren't relevant here)
  • Key events access: many websites use keypress listeners to, for instance, improve webpage navigation by adding key based shortcuts, such as pressing a specific letter to focus a search box. While this is a handy addition, leaving this unchecked is rather dangerous as it could in my opinion help the implementation of malicious scripts, such as keyloggers.

Those restrictions could perhaps not be default and left to the users to apply, but I seriously think they, if possible, have to be integrated, and I honestly wonder why this haven't been the case after so long

1 Comment
Status changed to: New idea
Jon
Community Manager
Community Manager

Hey @Minabsapi, no apologies needed! The title is detailed and will help others find it easier. Thanks!