> Firefox components can obviously access the filesystem.
Which is a hole that should be plugged.
Beyond its home subdirectory and a tmpfs Downloads location an Internet-connected browser should be prevented from writing anywhere.
Bonus points for preventing read access to non-runtume locations too. Not only prevent bad data from coming in but prevent good data from being sucked out.
Sandboxing extensions' access to the file system would be acceptable. We could work with that, just as OS X app developers have. But Chrome and the current WebExtensions API don't allow extensions any file system access beyond what webpages get.
Which is a hole that should be plugged.
Beyond its home subdirectory and a tmpfs Downloads location an Internet-connected browser should be prevented from writing anywhere.
Bonus points for preventing read access to non-runtume locations too. Not only prevent bad data from coming in but prevent good data from being sucked out.