uWolf (LibreWolf)

Introduction to the uWolf thread.

This thread is dedicated to discussing the uWolf LibreWolf wrapper, where you can ask questions, help with development, and receive updates on the project.

Useful Links

• The uWolf project is hosted on GitHub and can be found here.
• The latest stable release is available on Open Store.
  

Development Log (DEVLOG)

Release: v0.7.13

STATUS: Released on GitHub

• Search Engine Fix: Alternative Solution: Although the underlying issue persists, I've implemented a workaround by injecting a pre-populated database containing search engine data. This approach circumvents the need for manual configuration, effectively masking the problem. It's essential to note that this is not a bug on my end, but rather a compatibility issue between LibreWolf/Firefox and fx-autoconfig. I've opened an issue here for those interested in resolving the root cause.
• Enhanced OSK Hide Mechanism: The On-Screen Keyboard (OSK) hide mechanism has been refined to dynamically respond to URL changes. For instance, when searching on a search engine, the OSK overlay will now automatically hide, eliminating the previous awkward behavior that required manual intervention.

For those interested in the technical details of the database injection and to address the security concerns raised by @domubpkm, I've included a flowchart that illustrates the management of the LibreWolf profile. This should provide a clear understanding of the process and help alleviate any concerns.

Release: v0.7.11

STATUS: Released on github
Significant updates have been made in the release:

• OSK Dynamic Reactions: The browser detection mechanisms have been replaced with a more robust approach, utilizing a Dbus monitor to listen for OSK focus events. However, this new method has a limitation: the Dbus monitor can only detect when the OSK gains focus, but not when it loses focus. This introduced a challenge in detecting unfocus events, which has been temporarily addressed by implementing a crude solution involving a tinted overlay over the screen. This overlay is active when the OSK overlay is shown, allowing the system to detect when to unfocus.
• Bug Fix: The is_tablet function, which resulted in many crashes in the v0.6.10, has been fixed.

For those interested in a more detailed understanding of the new OSK dynamic reactions architecture, a flow chart is provided.

---

If you have any questions or would like to discuss the development of uWolf, please don't hesitate to ask in this thread. Your input and feedback are valuable to the project. Feel free to share your thoughts, suggestions, or concerns, and I'll do my best to address them.

@domubpkm There is a security issue, but it's relatively minor and manageable. The problem lies in JavaScript files with privileged execution that can access browser internals and read files on the host. However, the risk is mitigated by the fact that:

• Librewolf stores sessions in cache, so malicious code would only execute in the next session (after restart)
• The sensitive files are re-read and replaced every time a session is launched, making it difficult for changes to persist
• The time window for tampering with the files is small (between verification of the Chrome folder and Librewolf launch)

To further reduce the risk, encryption and obfuscation of the sensitive files could be implemented, but this would make it harder for me (the developer) to test and debug code. The issue will be addressed once the more significant problems are resolved.

It's worth noting that Librewolf is considered a secure browser, and the privileged code execution is heavily sandboxed, preventing access to web content among other things. While this issue could potentially be exploited to steal data, the overall security of the browser is still robust, and any other security problems would likely originate from the Librewolf/Firefox source code itself.

@Lakotaubp Done! https://forums.ubports.com/topic/11060/uwolf-librewolf