On Thursday, June 22, 2017 at 6:29:17 AM UTC-5, Jakob Bohm wrote: > The most obvious concern to me is random web servers, possibly through > hidden web elements (such as script tags) gaining access to anything > outside the Browser's sandbox without clear and separate user > action. For example, if I visit a site that carries an advertisement > for Spotify, I don't want that site to have any access to my locally > running Spottify software, its state or even its existence.
That's a good point. Even if you might be able to trust the software running on your computer not to reveal sensitive information or accept commands from random, unauthenticated sites, it's still a potential privacy concern if those sites can detect what software you're running in the first place (by, for example, checking to see if an image known to be hosted by that program successfully loads). A properly-designed application could take steps to mitigate this problem (such as checking the referer header before serving resources like images to an external site), but not all such applications may be sensitive enough to privacy issues to actually implement such features. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
