Comment 46 for bug 1741074

Revision history for this message
Max (m-gorodok) wrote :

It seems, Belgium eID (Comment #36) uses PKCS#11, not native messaging:
https://github.com/Fedict/eid-mw/blob/master/plugins_tools/xpi/new-src/manifest.json
However the problem is essentially the same: native manifest.
Olivier filed a bug in Firefox bugzilla:
https://bugzilla.mozilla.org/1734371
"Firefox snap can't load PKCS#11 modules on the host system"

I suppose, the title of this bug does not reflect scale of the problem.
All browser add-ons that relies on native manifests are affected
in Chromium and Firefox.

I came across this issue testing an extension in Firefox using Ubuntu-21.10
live image. I am considering whether it is feasible to run a kind of thin
proxy server on host that creates a socket inside a directory mounted to snap
and runs a binary in response to connection (something like inetd).
It requires a stub for native messaging app that connects to the server
and pass through requests and responses. Generally it does not differ
too much from D-Bus and ideally requires support from Firefox for robust
checks if particular add-on is allowed to run a specific app.