mozilla

Revision 433873 of Bypassing Security Restrictions and Signing Code

  • Revision slug: Bypassing_Security_Restrictions_and_Signing_Code
  • Revision title: Bypassing Security Restrictions and Signing Code
  • Revision id: 433873
  • Created:
  • Creator: kohei.yoshino
  • Is current revision? Yes
  • Comment format

Revision Content

{{ non-standard_header() }} {{ deprecated_header() }}

Early versions of Firefox allowed web sites to segregate principals using signed scripts, and request extra permissions for scopes within signed scripts using a function called enablePrivelege. These Privilege Manager feature was not used much (aside from abuse), and its complexity made performance improvements difficult. Signed script segregation was removed in {{ bug(726125) }}, the enablePrivilege prompt was removed in {{ bug(750859) }}, and enablePrivilege itself was nerfed in {{ bug(757046) }}.

The Privilege Manager has been deprecated in Firefox 12 and disabled in Firefox 17.

Sites that require additional permissions should now ask Firefox users to install an extension, which can interact with non-privileged pages if needed.

See also

Revision Source

<div>{{ non-standard_header() }} {{ deprecated_header() }}</div>
<p>Early versions of Firefox allowed web sites to segregate <a href="https://developer.mozilla.org/en-US/docs/Security_check_basics">principals</a> using signed scripts, and request extra permissions for scopes within signed scripts using a function called <code>enablePrivelege</code>. These <strong>Privilege Manager</strong> feature was not used much (aside from abuse), and its complexity made performance improvements difficult. Signed script segregation was removed in {{ bug(726125) }}, the <code>enablePrivilege</code> prompt was removed in {{ bug(750859) }}, and <code>enablePrivilege</code> itself was nerfed in {{ bug(757046) }}.</p>
<p>The Privilege Manager has been deprecated in Firefox 12 and disabled in <a href="/en-US/docs/Site_Compatibility_for_Firefox_17">Firefox 17</a>.</p>
<p>Sites that require additional permissions should now ask Firefox users to install an <a href="https://developer.mozilla.org/en-US/docs/Extensions">extension</a>, which can <a href="https://developer.mozilla.org/en-US/docs/Code_snippets/Interaction_between_privileged_and_non-privileged_pages">interact with non-privileged pages</a> if needed.</p>
<h2>See also</h2>
<ul>
  <li><a href="http://www-archive.mozilla.org/projects/security/components/signed-scripts.html">Signed Scripts in Mozilla</a> (an archived document)</li>
</ul>
Revert to this revision