[Proposal] Isolated content environment

Isolated content environment proposal (2016)

It would be super-cool to have an isolated environment on each tab. It may be a bit hard technically, but it should make Firefox the best browser for security/privacy ever.

  • This provides a secure and intuitive practice for a common case among the add-ons.
  • This could eliminate many add-on fingerprintability issues beautifully.
  • Isolated resource references (Content scripts can reference and inject add-on resources but webpages can’t)
    • Actually, the number of the cases where webpages themselves need to access add-on resources is small. Just content scripts use them in most cases. We can always make exceptions for minority cases via whitelisting.
  • DOM isolation: webpages can’t see add-on-injected DOM. (Unless explicitly whitelisted, obviously)
  • Isolated privileges (this is mostly managed by sandboxing)

Possibly related:
https://bugzilla.mozilla.org/show_bug.cgi?id=863246
https://bugzilla.mozilla.org/show_bug.cgi?id=1120398

(I don’t intend to disclose a secret report. I can’t access 1120398, sorry… As the developer of this add-on, I’d appreciate updates on the bug, though.)

… More?


Whitelisting ideas

  • An add-on that wants to use web-exposed content scripts should request the permission explicitly.
  • AMO and Add-on manager show which add-ons have web-exposed content scripts or add-on resources.

Previous posts

https://discourse.mozilla-community.org/t/efficient-method-to-script-embedded-pages-in-an-addon/7353/6?u=desktopd


I think this is the way to go. Any idea is welcome. I’d like more people to think about this. Thanks.