Labels Milestones

New Issue

Add controls for WASM #1814

Closed

opened 3 years ago by wolfbeast · 3 comments

wolfbeast commented 3 years ago (Migrated from github.com)

Despite the inherent issues with script safety, especially with unauthenticated blobs of bytecode, the increasing prevalence of WASM on the web demands that we enable it for web compatibility.
Extending the functionality of the traditional browser model to run arbitrary code - in this case, WebAssembly - once again expands the local attack surface for web-borne exploits.
So should we just throw up our hands and go with the program?
Yes, apparently we have to.

After examining the security issues with it and verifying that currently-known CVEs with it are addressed, I've come to the conclusion that aside from a known issue in the JIT compiler on 32-bit platforms, it should be safe to enable by default.
This does need an added control in preferences (probably under content) for people to easily enable/disable WASM content, and the JIT should be off by default on 32-bit platforms.

Despite the inherent issues with script safety, especially with unauthenticated blobs of bytecode, the increasing prevalence of WASM on the web demands that we enable it for web compatibility. Extending the functionality of the traditional browser model to run arbitrary code - in this case, WebAssembly - once again expands the local attack surface for web-borne exploits. So should we just throw up our hands and go with the program? Yes, apparently we have to. After examining the security issues with it and verifying that currently-known CVEs with it are addressed, I've come to the conclusion that aside from a known issue in the JIT compiler on 32-bit platforms, it should be safe to enable by default. This does need an added control in preferences (probably under content) for people to easily enable/disable WASM content, and the JIT should be off by default on 32-bit platforms.

mattatobin commented 3 years ago (Migrated from github.com)

I am preserving this issue but splitting off the Platform bits to another issue.

Pale Moon bits are as follows, add tickbox to Preferences -> Content for javascript.options.wasm plus strings.

I am preserving this issue but splitting off the Platform bits to another issue. Pale Moon bits are as follows, add tickbox to Preferences -> Content for `javascript.options.wasm` plus strings.

mattatobin commented 3 years ago (Migrated from github.com)

@JustOff

@JustOff

JustOff commented 3 years ago (Migrated from github.com)

Strings changes were pushed to CrowdIn.

Strings changes were pushed to CrowdIn.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

release

theme-hidpi

27.9_RelBranch

27.8_RelBranch

27.7_RelBranch

27.6_RelBranch

27.5_RelBranch

27.4_RelBranch

27.3_RelBranch

27.2_RelBranch

27.1_RelBranch

27.0_RelBranch

26.5_Atom_RelBranch

Atom

26.5_RelBranch

v26_Dev

v25-LTS

26.4_Atom_RelBranch

26.4_RelBranch

26.3_Atom_RelBranch

26.3_RelBranch

26.2_Atom_RelBranch

26.2_RelBranch

26.1_Atom_RelBranch

26.1_RelBranch

26.0_Atom_RelBranch

26.0_RelBranch

25.8_Atom_Relbranch

25.8_RelBranch

v25_Atom

v25_Dev

25.7_Atom_Relbranch

25.7_RelBranch

25.6_Atom_RelBranch

25.6_RelBranch

25.5_Atom_RelBranch

25.5_RelBranch

25.4_Atom_RelBranch

25.4_RelBranch

25.3_RelBranch

25.3_Atom_RelBranch

25.2_Atom_RelBranch

25.2_RelBranch

25.1_RelBranch

25.1_Atom_RelBranch

25.0_Atom_RelBranch

25.0_RelBranch

24.7_RelBranch

24.6_RelBranch

32.2.0_Release

32.2.0_RC1

32.1.1_Release

32.1.1_RC1

32.1.0_Release

32.1.0_RC2

32.1.0_RC1

32.1.0_beta3

32.1.0_beta2

32.1.0_beta1

32.0.1_Release

32.0.0_Release

31.4.2_Release

31.4.2_RC1

31.4.1.1_Release

31.4.1_Release

31.4.1_RC1

31.4.0_Release

31.4.0_RC2

31.4.0_RC1

31.3.1_Release

31.3.1_RC1

31.3.0.1_Release

31.3.0_Release

31.3.0_RC2

31.3.0_RC1

31.2.0.1_Release

31.2.0_Release

31.2.0_RC1

31.1.1_Release

31.1.0_Release_build2

RB_20220607_2

RB_20220607

31.1.0_Release

31.1.0_RC1

31.0.0_Release

RB_20220510

31.0.0_RC2

RC_20220507

31.0.0_RC1

29.4.6_Release

RB_29.4.6

29.4.6_RC1

29.4.5.1_Release-UXP

RC_20220409

29.4.5_Release-UXP

29.4.4_Release-UXP

29.4.3_Release-UXP

29.4.2.1_Release-UXP

29.4.2_Release-UXP

29.4.1_Release-UXP

RB_29.4.5-UXP

RB_29.4.5.1-UXP

RELBASE_20220127-UXP

RELBASE_20220118-UXP

RELBASE_20211214-UXP

RELBASE_20211110-UXP

RELBASE_20211109-UXP

RELBASE_20210914-UXP

29.4.5.1_Release

29.4.5_Release

30.0.1_Release

30.0.0_Release

30.0.0_RC4

30.0.0_RC3

30.0.0_RC2

30.0.0_RC1

29.4.4_Release

29.4.4_RC1

29.4.3_Release

29.4.3_RC1

29.4.2.1_Release

29.4.2_Release

29.4.2_RC1

29.4.1_Release

RELBASE_20210823

29.4.0.2_Release

29.4.0.1_Release

29.4.0_Release

RELBASE_20210817

29.4.0_RC2

RC_20210815

29.4.0_RC1

RC_20210813

29.3.0_Release

RELBASE_20210719

RC_20210715

RELBASE_20210608

29.2.1_Release

29.2.1_RC1

RC_20210604

29.2.0_Release

RELBASE_20210427

29.2.0_RC2

29.2.0_RC1

RC_20210421

29.1.1_Release

RELBASE_20210330

29.1.1_RC1

RC_20210326

29.1.0_Release

RELBASE_20210302

29.1.0_RC2

RC_20210226

29.1.0_RC1

RC_20210225

RELBASE_20210205

29.0.1_Release

RELBASE_20210202

29.0.0_Release

RC_20210130

29.0.0_RC2

RC_20210128

29.0.0_RC1

RELBASE_20201218

28.17.0_RC2

RC_20201216

28.17.0_RC1

RC_20201215

RELBASE_20201124

28.16.0_Release

RELBASE_20201120

28.16.0_RC1

RC_20201120

28.15.0_Release

RELBASE_20201024

28.15.0_RC1

RC_20201024

RELBASE_20201001

28.14.2_Release

RELBASE_20200930

28.14.1_Release

RELBASE_20200929

28.14.0_Release

28.14.0_RC2

28.14.0_RC1

RC_20200924

RELBASE_20200901

28.13.0_Release

RELBASE_20200831

28.12.0_Release

RELBASE_20200730

28.11.0_Release

RELBASE_20200712

RELBASE_20200711

28.10.0_Release

RELBASE_20200603

28.9.3_Release

RELBASE_20200506

28.9.2_Release

RELBASE_20200427

RELBASE_20200426

28.9.1_Release

RELBASE_20200408

RELBASE_20200324

28.9.0.2_Release

28.9.0.1_Release

28.9.0_Release

PM28.8.4_Release

v2020.02.18

PM28.8.3_Release

v2020.02.06

PM28.8.2.1_Release

PM28.8.2_Release

v2020.01.12

PM28.8.1_Release

PM28.8.0_Release

v2019.10.31

PM28.7.2_Release

v2019.09.12

PM28.7.1_Release

v2019.09.03

PM28.7.0_Release

PM28.6.1_Release

PM28.6.0.1_Release

PM28.6.0_Release

v2019.06.08

PM28.5.2_Release

PM28.5.1_Release

PM28.5.0_Release

PM28.4.1_Release

v2019.03.27

v2019.03.08

PM28.4.0_Release

v2019.02.11

PM28.3.1_Release

PM28.3.0_Release

v2018.12.18

PM28.2.2_Release

PM28.2.1_Release

PM28.2.0_Release

v2018.11.07

v2018.11.04

v2018.09.27

PM28.1.0_Release

v2018.09.05

PM28.0.1_Release

PM28.0.0.1_Release

PM28.0.0_Release

PM28.0.0_Build1

PM28.0.0b5_Unstable

PM28.0.0b4_Unstable

v2018.07.18

27.9.4_Release

PM28.0.0b3_Unstable

PM28.0.0b2_Unstable

PM28.0.0b1_Unstable

27.9.3_Release

PM28.0.0a4_Unstable

NSS_3.35_TEST

PM28.0.0a3_Unstable

v2018.06.01

PM28.0.0a2_Unstable

27.9.2_Release

27.9.1_Release

27.9.0_Release

27.8.3_Release

27.8.2_Release

27.8.1_Release

27.8.0_Release

Checkpoint_1

FullFunction_CP1

FF_Checkpoint_1

27.7.2_Release

27.7.1_Release

27.7.0_Release

27.6.2_Release

27.6.1_Release

27.6.0_Release

27.6.0-RC1

27.5.1_Release

27.5.0_Release

27.4.2_Release

27.4.1_Release

27.4.0_Release

27.3.0_Release

27.2.1_Release

27.2.0_Release

27.1.2_Release

27.1.1_Release

27.1.0b2

27.0.3_Release

27.0.2_Release

27.0.1_Release

27.0.0_Release

27.0.0b3r2

27.0.0b3

27.0.0b2

27.0.0b1

26.5.0_Release_Atom

26.5.0_Release

26.4.1_Release

26.4.1_Release_Atom

26.4.0.1_Release_Linux

26.4.0.1_Release_Atom_Linux

25.9.5_Release_Android

26.4.0_Release_Atom

26.4.0_Release

26.3.3_Release_Atom

26.3.3_Release

26.3.2_Release_Atom

26.3.2_Release

26.3.1_Release_Atom

26.3.1_Release

25.9.3_Release_Android

26.3.0_Release_Atom

26.3.0_Release

25.9.2_Release_Android

26.2.2_Release_Atom

26.2.2_Release

26.2.2_RC1

25.9.1_Release_Android

26.2.1_Release_Atom

26.2.1_Release

26.2.0_Release_Atom

26.2.0_Release

26.2.0_RC2

26.2.0_RC3

26.2.0_RC1

25.9_Release_Android

26.1.1_Release_Atom

26.1.1_Release

26.1.0_Release_Atom

26.1.0_Release

26.1.0b1

26.0.3_Release_Atom

26.0.3_Release

26.0.2_Release_Atom

26.0.2_Release

26.0.1_Release

26.0.1_Release_Atom

26.0.0_Release_Atom

26.0.0_Release

25.8.1_Release_Android

25.8.1_Release_Atom

25.8.1_Release

25.8.0_Release_Android

25.8.0_Release_Atom

25.8.0_Release

25.8.0_beta1

Goanna-publicbeta-3

Goanna-publicbeta-2

25.7.3.1_Release_Android

25.7.3_Release_Android

25.7.3_Release

25.7.3_Release_Atom

25.7.2_Release_Android

25.7.2_Release_Atom

25.7.2_Release

25.7.1_Release_Android

25.7.1_Release_Atom

25.7.1_Release

25.7.0_Release_Atom

25.7.0_Release

Goanna-publicbeta-1

25.6.0_Release_Atom

25.6.0_Release

25.6.0_beta2

25.6.0_beta1

25.5.0_Release_Atom

PM4XP64_25.5.0_RELEASE

PM4XP32_25.5.0_RELEASE

25.5.0_Release

25.5.0_beta1

PM4XP32_25.4.1_RELEASE

PM4XP64_25.4.1_RELEASE

PM4XP64_25.4.0_RELEASE

PM4XP32_25.4.0_RELEASE

25.4.1_Release_Atom

25.4.1_Release

PM4XP32_25.3.2_RELEASE

25.4.0_Release_Atom

25.4.0_Release

25.4.0_beta3

25.3.2_Release_Atom

25.3.2_Release

25.4.0_beta2

PM4XP64_25.3.1_RELEASE

PM4XP32_25.3.1_RELEASE

25.3.1_Release_Atom

25.3.1_Release

PM4XP32_25.3.0_RELEASE

PM4XP64_25.3.0_RELEASE

25.3.0_Release

25.3.0_Release_Atom

25.3.0_beta4

25.3.0_beta3

25.1.1_Release

25.3.0_beta2

PM4XP64_25.2.1_RELEASE

PM4XP32_25.2.1_RELEASE

25.3.0_beta1

25.2.1_Release_Atom

25.2.1_Release

SUMOZI_25.2.0_MERGE

PM4XP64_25.2.0_RELEASE

PM4XP32_25.2.0_RELEASE

25.2.0_Release_Atom

25.2.0_Release

25.2.0_RC2

25.2.0_beta3

25.2.0_beta2

25.2.0_beta1

25.1.1_Release-Android

25.0_Release

PM4XP32_25.1.0_RELEASE

PM4XP64_25.1.0_RELEASE

SUMOZI_25.1.0_MERGE

25.1.0_Release_Atom

25.1.0_Release

25.1.0_beta3

25.1.0_beta2

SUMOZI_25.0.2_MERGE

SUMOZI_25.0.1_MERGE

SUMOZI_25.0.0_MERGE

PM4XP64_25.0.2_RELEASE

PM4XP64_25.0.1_RELEASE

PM4XP32_25.0.2_RELEASE

PM4XP32_25.0.1_RELEASE

25.0.2_Release_Atom

25.0.2_Release

25.0.1_Release

25.0.1_Release_Atom

PM4XP32_25.0.0_RELEASE

PM4XP64_25.0.0_RELEASE

25.0.0_Release_Atom

PM4XP64_25.0.0_PRERELEASE

PM4XP32_25.0.0_PRERELEASE

25.0.0_Release

25.0.0_beta3

PM4XP64_24.7.2_RELEASE

SUMOZI_24.7.2_RELEASE

24.7.2_Release

24.7.1_Release

25.0.0_beta2

25.0.0_beta1

Milestone_25

PM4XP64_24.7.1_RELEASE

SUMOZI_24.7.1_RELEASE

SUMOZI_24.7.0_RELEASE

PM4XP64_24.7.0_RELEASE

24.7.0_Release_Android

24.7.0_Release

24.7.0_Release_build1

24.7.0_RC1

24.7.0_beta4

GUID_working_base

24.7.0_beta3

24.7.0_beta2

24.6.2-r2_Release

24.6.2_Release

24.6.1_Release

24.6.0_Release

24.6.0_RC_Build1

24.6.0_beta5

24.5.1_beta4

27.1.0_Release

28.17.0_Release

Labels

Apply labels

Clear labels   

Assigned

  

Backed Out

  

Bounty

  

Bounty Paid

  

Browser-Parity

  

Bug

  

Build Bustage

  

Build System

  

Code Cleanup

  

Crash

  

Critical

  

Devtools

  

Documentation

  

Duplicate

  

Enhancement

  

Extensions

  

Fixed

  

Good first issue

Good issue for contributors new to the project   

Help Wanted

  

High Risk Patch

  

Images

  

Incomplete

  

Invalid

  

Leave Open

  

Legal

  

Locale

  

Media

  

More Info Needed

  

Mozregression Wanted

  

On Hold

  

OS: Linux

  

OS: Mac OS X

  

OS: Other

  

OS: Windows

  

Performance

  

Places

Bookmarks/History   

Plugins

  

Privacy

  

Question

  

Redirected to forum

  

Regression

  

Release Engineering

  

Security

  

SSUAO

Site-Specific User Agent Overrides   

String changes

  

Sync

  

Tabbed browsing

Tab handling and switching   

Theme changes

  

Theme/UI

  

Unconfirmed

  

Uplift Wanted

  

Verification Needed

  

Verified

  

Wontfix

  

Works For Me

No Label

Assigned

Backed Out

Bounty

Bounty Paid

Browser-Parity

Bug

Build Bustage

Build System

Code Cleanup

Crash

Critical

Devtools

Documentation

Duplicate

Enhancement

Extensions

Fixed

Good first issue

Help Wanted

High Risk Patch

Images

Incomplete

Invalid

Leave Open

Legal

Locale

Media

More Info Needed

Mozregression Wanted

On Hold

OS: Linux

OS: Mac OS X

OS: Other

OS: Windows

Performance

Places

Plugins

Privacy

Question

Redirected to forum

Regression

Release Engineering

Security

SSUAO

String changes

Sync

Tabbed browsing

Theme changes

Theme/UI

Unconfirmed

Uplift Wanted

Verification Needed

Verified

Wontfix

Works For Me

Milestone

Set milestone

Clear milestone

No items

No Milestone

Assignees

Assign users

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: MoonchildProductions/Pale-Moon#1814

Write Preview

Loading…

Cancel

Save

There is no content yet.