About a month ago, Telefonica announced that it had launched the Firefox OS – Mozilla’s mobile operating system – in Colombia and Venezuela. Separately, ZTE is also selling Firefox OS devices via their eBay store directly to end users.
Firefox OS architecture overview
The Firefox OS has to connect web-based applications to the underlying hardware. It does this using an integrated technology stack consisting of the following levels:
Gonk consists of the Linux kernel, system libraries, firmware, and device drivers.
Firefox OS also has its own application layer design. There are three kinds of apps: hosted apps, privileged apps and certified apps.
Hosted apps can be installed from any website, without any further verification. This doesn’t grant the app any additional permissions besides those already exposed to a web site. Privileged apps are allowed to request more permissions, but they must be verified and signed by a Marketplace (i.e., app store). Certified apps, which have the most permissions, can only be pre-installed on the device by the manufacturer.
There is a B2G process in the Gecko layer that has high privileges running in the background, and every app will run in a content process with low authority. Every request to the device asked by an app needs to pass to B2G process first, and the B2G process will check the permissions of the app.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.