Investigating the security of the Firefox OS
by Peter Pi - Threats Analyst at Trend Micro - Monday, 23 September 2013.
Firefox OS is Mozilla’s foray into the mobile operating system field and promises a more adaptive mobile OS. But as mobile threats, in particular in the Android platform, has gained momentum, the question in everyone’s mind is – how safe is it?

About a month ago, Telefonica announced that it had launched the Firefox OS – Mozilla’s mobile operating system – in Colombia and Venezuela. Separately, ZTE is also selling Firefox OS devices via their eBay store directly to end users.

The Firefox OS uses uses a Linux kernel and boots into a Gecko-based runtime engine, which lets users run apps developed entirely using HTML, JavaScript, and other open web technologies. Overall, Firefox possesses good app permission management, but core processes (with more privileges) may become a target for exploits. In addition, HTML5 features may become sources of potential vulnerabilities.

Firefox OS architecture overview

The Firefox OS has to connect web-based applications to the underlying hardware. It does this using an integrated technology stack consisting of the following levels:

Gonk consists of the Linux kernel, system libraries, firmware, and device drivers.

Gecko is the application runtime layer that provides the framework for app execution, and implements the Web APIs used to access features in the mobile device. Gaia is the suite of web apps that make up the user experience (apps consist of HTML5, CSS, JavaScript, images, media, and so on). The Gecko layer acts as the intermediary between web apps (at the Gaia layer) and the phone. It also enforces permissions and prevents access to unauthorized requests.

Application security

Firefox OS also has its own application layer design. There are three kinds of apps: hosted apps, privileged apps and certified apps.

Hosted apps can be installed from any website, without any further verification. This doesn’t grant the app any additional permissions besides those already exposed to a web site. Privileged apps are allowed to request more permissions, but they must be verified and signed by a Marketplace (i.e., app store). Certified apps, which have the most permissions, can only be pre-installed on the device by the manufacturer.

There is a B2G process in the Gecko layer that has high privileges running in the background, and every app will run in a content process with low authority. Every request to the device asked by an app needs to pass to B2G process first, and the B2G process will check the permissions of the app.


Firefox OS also contains extensive sandboxing. Each app runs in its own worker space and it has access only to the Web APIs and the data it is permitted to access, as well as the resources associated with that worker space (Indexed DB databases, cookies, offline storage, and so on).

In addition, apps communicate only with the B2G process, not with other processes or apps. Apps do not run independently of B2G, nor can apps “open” each other. The only “communication” between apps is indirect, and is mediated by the B2G process.

Exploiting the B2G process

The B2G process is a core process of Firefox OS. It is in the Gecko layer in the Firefox OS technology stack. If this process is exploited, an attacker can obtain high-level privileges (like root access.)


101,000 US taxpayers affected by automated attack on IRS app

The IRS has revealed more details about an attack it suffered last month, mounted by unknown individuals with the aim to file fraudulent tax returns and funnel the returned money to their own bank accounts.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Feb 10th