RE: uWolf (LibreWolf)

@domubpkm There is a security issue, but it's relatively minor and manageable. The problem lies in JavaScript files with privileged execution that can access browser internals and read files on the host. However, the risk is mitigated by the fact that:

• Librewolf stores sessions in cache, so malicious code would only execute in the next session (after restart)
• The sensitive files are re-read and replaced every time a session is launched, making it difficult for changes to persist
• The time window for tampering with the files is small (between verification of the Chrome folder and Librewolf launch)

To further reduce the risk, encryption and obfuscation of the sensitive files could be implemented, but this would make it harder for me (the developer) to test and debug code. The issue will be addressed once the more significant problems are resolved.

It's worth noting that Librewolf is considered a secure browser, and the privileged code execution is heavily sandboxed, preventing access to web content among other things. While this issue could potentially be exploited to steal data, the overall security of the browser is still robust, and any other security problems would likely originate from the Librewolf/Firefox source code itself.

@Lakotaubp Done! https://forums.ubports.com/topic/11060/uwolf-librewolf

Introduction to the uWolf thread.

This thread is dedicated to discussing the uWolf LibreWolf wrapper, where you can ask questions, help with development, and receive updates on the project.

Useful Links

• The uWolf project is hosted on GitHub and can be found here.
• The latest stable release is available on Open Store.
  

Development Log (DEVLOG)

Release: v0.7.11

STATUS: Released on github
Significant updates have been made in the release:

• OSK Dynamic Reactions: The browser detection mechanisms have been replaced with a more robust approach, utilizing a Dbus monitor to listen for OSK focus events. However, this new method has a limitation: the Dbus monitor can only detect when the OSK gains focus, but not when it loses focus. This introduced a challenge in detecting unfocus events, which has been temporarily addressed by implementing a crude solution involving a tinted overlay over the screen. This overlay is active when the OSK overlay is shown, allowing the system to detect when to unfocus.
• Bug Fix: The is_tablet function, which resulted in many crashes in the v0.6.10, has been fixed.

For those interested in a more detailed understanding of the new OSK dynamic reactions architecture, a flow chart is provided.

---

If you have any questions or would like to discuss the development of uWolf, please don't hesitate to ask in this thread. Your input and feedback are valuable to the project. Feel free to share your thoughts, suggestions, or concerns, and I'll do my best to address them.

@Lakotaubp will do

@Vlad-Nirky why thanks!
i just realized there was a forum, can you tell I have no social platforms?
also there has been quite a bit of development since v0.3.3 as the current version is v0.6.10
I am nearing the end of my list of features I can add before mir2.x hits the scene.
soon I'll be able to focus only on fixing bugs and refining whats already there, when we get to that point uWolf will be a lot more desirable as a browser.