On 9/23/2013 4:59 PM, Brian Smith wrote:
Given that Pepper presents little benefit to users,
Pepper presents a huge benefit to users because it allows the browser to
sandbox the plugin. Once we have a sandbox in Firefox, NPAPI plugins will
be the security weak spot in Firefox.
You're making some assumptions here:
* That "the plugin" is only Flash. No other plugin has Pepper or is
likely to use pepper. And a significant number of users are still using
non-Flash plugins.
* That we could have a pepper Flash for Firefox in a reasonable
timeframe (highly unlikely given the engineering costs of Pepper).
* That Flash is the primary plugin attack vector we should protect
against. We know *out of date* Flash is an attack vector, but our
security blocking already aims to protect that segment of the
population. Up-to-date Flash does not appear to be highly dangerous.
I don't think it makes any sense to focus on it relative to other things
such as graphics performance, web API improvements, and asm.js which can
serve the sam general niche as plugins, but will improve the open web at
the same time.
We need a story and a timeline for securing plugins. Click-to-play was a
great start, but it is not enough.
If our story for securing plugins is to
drop support for them then we should develop the plan with a timeline for
that.
What is your definition of "enough"? With the change to mark plugins as
click-to-play by default, they will be at least as secure as Firefox
extensions, and less attack surface.
We all agree that users would be more secure without plugins. But we
can't make security decisions in a vacuum: some users *use* Java and
other minority plugins. Turning that off just means that those users are
stuck with IE or downrev Firefox. What we *can* do is use a combination
of carrots and sticks to decrease plugin usage to the point where
removing it won't affect our viability as a product:
* Use the leverage of growing mobile device populations that don't have
any plugins to incent websites authors to stop using plugins.
* Add the most common features to the web platform which currently
require plugins. This is well underway with websockets, graphics/gaming
improvements, and webrtc; I am already working with Andrew Overholt on
some other web APIs which we've identified as important.
* Replace the Adobe Flash runtime either partly or entirely with shumway.
These are all longer-term items, some of which are still research-y. I
don't think it's either possible or necessary to "develop a plan with a
timeline" in our current situation.
--BDS
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
