> Many have this idea that Firefox should be able to take support/health > data and "self heal." e.g. we take the set of installed addons, compare > it against a blacklist (or possibly a graylist of > not-quite-banned-but-discouraged e.g. performance-sucking) and > automatically take action.
I think this is a great idea, and I strongly support the necessary APIs for self-healing. Misbehaving addons have a huge impact on Firefox security. Even though the blocklist ping supports disabling misbehaving addons, being able to revert hijacked preferences (such as search) would be a huge benefit. With the multitude of 0-days that come out on a regular basis, it would be great to have more options way to prevent users from getting owned by making it more difficult to ignore updates, as well. So, that's another opinion for you. If you have a documented list of APIs that you want to support, it would make it easier to discuss. Thanks, Monica _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security