----- Original Message ----- > Jonas, I would be really interested in your thoughts. Try as we might (in the > WebSerial API docs, at least), noone could actually think of a use case > where providing access to a physical (RS232), or Virtual (VirtualUSB or > VirtualBluetooth) serial port could be a privacy and/or security issue. > > It's a whole different beast when you provide access for cameras or any USB > device, of course, but what could someone do with access to a serial port?
I don't know much about serial port access in particular, but at a minimum I would think that you are adding whatever software the serial device runs to the attack surface. I would guess they are not very well hardened against malicious attackers. We have enough problems with graphics drivers as it is, and that can be worked around to an extent by blacklisting particular drivers from hardware acceleration. Andrew _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
