celenity/Phoenix
8
198
Fork
You've already forked Phoenix
19

[OTHER] dom.webserial.enabled (unintentionally) locked to false #312

Closed
opened 2026年06月10日 22:26:04 +02:00 by degausser · 1 comment
Lines 3871 to 3873 in d3cc0d7
// Toggling 'dom.webserial.enabled' itself could be fingerprintable, but setting these instead just causes the permission to be automatically denied
defaultPref("dom.webserial.gated", true); // [DEFAULT]
defaultPref("permissions.default.serial", 2); // [HIDDEN]

the implication here is not entirely correct: if any policies are defined (as they are in phoenix, shipping its own policies.json), dom.webserial.enabled is locked to false*. if fingerprinting truly is a concern, with the webserial api turned on by default in desktop release builds, or the api support is intended to be left user-modifiable by default (aka defaultPref instead of lockPref), DefaultSerialGuardSetting: 3 should be set as policy, which would ironically allow the api by default (dom.webserial.enabled->true), and then it would be gated by abovementioned prefs. the policy should not be set on android, since false is the default on mobile and should not be overridden; the value being locked to false by policy usage is not an issue there (that is, until the default changes to true everywhere).

*EDIT:
in ff152+, the pref might no longer be locked to false by policy usage, just default false in that case (it is locked in 151); the fingerprinting angle remains the same. so for 152, explicitly setting defaultPref("dom.webserial.enabled", true); // [NO-ANDROID] [DEFAULT] might be enough.

https://codeberg.org/celenity/Phoenix/src/commit/d3cc0d78b3533d409e181c8c0fec6964c835cf54/phoenix-unified.cfg#L3871-3873 the implication here is not entirely correct: if _any policies are defined_ (as they are in phoenix, shipping its own `policies.json`), `dom.webserial.enabled` is [locked to false](https://hg-edge.mozilla.org/mozilla-central/rev/69d447bb852a)*. if fingerprinting truly is a concern, with the webserial api [turned on by default](https://bugzilla.mozilla.org/show_bug.cgi?id=2029625) in desktop release builds, or the api support is intended to be left user-modifiable by default (aka `defaultPref` instead of `lockPref`), [`DefaultSerialGuardSetting: 3`](https://firefox-admin-docs.mozilla.org/reference/policies/defaultserialguardsetting/) should be set as policy, which would ironically allow the api by default (`dom.webserial.enabled->true`), and then it would be gated by abovementioned prefs. the policy should not be set on android, since `false` is the default [on mobile](https://searchfox.org/firefox-main/source/modules/libpref/init/StaticPrefList.yaml#6027) and should not be overridden; the value being locked to `false` by policy usage is not an issue there (that is, until the default changes to `true` everywhere). *EDIT: in ff152+, the pref might no longer be [locked to false](https://bugzilla.mozilla.org/show_bug.cgi?id=2042826) by policy usage, just default `false` in that case (it is locked in 151); the fingerprinting angle remains the same. so for 152, explicitly setting `defaultPref("dom.webserial.enabled", true); // [NO-ANDROID] [DEFAULT]` might be enough.

@degausser Thank you for letting me know! I'm surprised by this behavior, this was definitely something I missed.

if fingerprinting truly is a concern, with the webserial api turned on by default in desktop release builds, or the api support is intended to be left user-modifiable by default (aka defaultPref instead of lockPref), DefaultSerialGuardSetting: 3 should be set as policy, which would ironically allow the api by default (dom.webserial.enabled->true), and then it would be gated by abovementioned prefs.

Yeah, the intention is basically to disable/block usage of the API by default, while allowing users to override/re-enable it if desired.

The problem with setting dom.webserial.enabled to false directly is that it's fingerprintable (outside of Android currently), due to it impacting the DOM (as it controls the exposure of ex. Serial and SerialPort) - so it adds an extra vector for us to stand out from stock Firefox. As long as dom.webserial.gated is set to true (Maybe we should lock that pref, TBH?), setting permissions.default.serial to 2 effectively achieves the same result, just without impacting the DOM (and thus minimizing the impact on fingerprinting).

in ff152+, the pref might no longer be locked to false by policy usage, just default false in that case (it is locked in 151); the fingerprinting angle remains the same. so for 152, explicitly setting defaultPref("dom.webserial.enabled", true); // [NO-ANDROID] [DEFAULT] might be enough.

Unfortunately, I don't think it will be - IIRC, based on testing in the past, prefs set by policies seem to take priority over prefs set by us (at phoenix.cfg), will test to confirm this is still the case though.

It's annoying how this is handled, wish there was a way we could avoid setting it at all via policies, but it seems to be hardcoded. So I think the best solution for now will be your idea of setting DefaultSerialGuardSetting to 3 for desktop. Will add for next release!

@degausser Thank you for letting me know! I'm surprised by this behavior, this was definitely something I missed. > if fingerprinting truly is a concern, with the webserial api [turned on by default](https://bugzilla.mozilla.org/show_bug.cgi?id=2029625) in desktop release builds, or the api support is intended to be left user-modifiable by default (aka `defaultPref` instead of `lockPref`), [`DefaultSerialGuardSetting: 3`](https://firefox-admin-docs.mozilla.org/reference/policies/defaultserialguardsetting/) should be set as policy, which would ironically allow the api by default (`dom.webserial.enabled->true`), and then it would be gated by abovementioned prefs. Yeah, the intention is basically to disable/block usage of the API by default, while allowing users to override/re-enable it if desired. The problem with setting `dom.webserial.enabled` to `false` directly is that it's fingerprintable *(outside of Android currently)*, due to it impacting the `DOM` *(as it controls the exposure of ex. `Serial` and `SerialPort`)* - so it adds an extra vector for us to stand out from stock Firefox. As long as `dom.webserial.gated` is set to `true` *(Maybe we should lock that pref, TBH?)*, setting `permissions.default.serial` to `2` effectively achieves the same result, just without impacting the `DOM` *(and thus minimizing the impact on fingerprinting)*. > in ff152+, the pref might no longer be locked to false by policy usage, just default false in that case (it is locked in 151); the fingerprinting angle remains the same. so for 152, explicitly setting defaultPref("dom.webserial.enabled", true); // [NO-ANDROID] [DEFAULT] might be enough. Unfortunately, I don't think it will be - IIRC, based on testing in the past, prefs set by policies seem to take priority over prefs set by us *(at `phoenix.cfg`)*, will test to confirm this is still the case though. It's annoying how this is handled, wish there was a way we could avoid setting it at all via policies, but it seems to be hardcoded. So I think the best solution for now will be your idea of setting `DefaultSerialGuardSetting` to `3` for desktop. Will add for next release!
Sign in to join this conversation.
No Branch/Tag specified
dev
pages
2026年07月08日.1
2026年06月10日.1
2026年05月21日.2
2026年05月21日.1
2026年04月27日.1
2026年03月31日.1
2026年03月30日.1
2026年02月23日.1
2026年02月16日.1
2026年01月21日.1
2025年12月23日.1
2025年11月27日.1
2025年11月07日.1
2025年10月26日.1
2025年10月12日.1
2025年10月03日.1
2025年09月07日.1
2025年08月06日.1
2025年07月30日.1
2025年07月11日.1
2025年06月24日.1
2025年06月12日.1
2025年06月10日.1
2025年06月06日.1
2025年06月02日.2
2025年06月02日.1
2025年05月11日.1
2025年04月27日.1
2025年04月15日.1
2025年04月11日.1
2025年04月02日.1
2025年03月25日.1
2025年03月20日.1
2025年03月12日.1
2025年03月05日.1
2025年02月28日.1
2025年02月21日.1
2024年02月18日.1
2025年02月14日.1
2025年02月13日.1
2025年02月01日.1
2025年01月30日.1
2025年01月27日.1
2025年01月24日.1
2025年01月22日.2
2025年01月22日.1
2025年01月20日.2
2025年01月20日.1
2025年01月19日.1
2025年01月14日.1
2025年01月13日.1
2025年01月12日.2
2025年01月12日.1
2025年01月06日.1
05January2025v1
20240103.2
20250103.1
20241229-1
20241225-1
20241216-1
20241211-1
20241204-1
20241203-1
31November2024v1
20241103-1
20240924-1
20240914-1
20240907-1
20240902-1
20240831-1
20240825-1
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
celenity/Phoenix#312
Reference in a new issue
celenity/Phoenix
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?