mirror of
https://github.com/zen-browser/desktop.git
synced 2025-12-24 15:18:54 +00:00
d87315da49
For some reason, Zen is currently not only exposing Remote Debugging... but also disabling prompting for it? This is very concerning from a security perspective and quite literally acts as a backdoor - You can see here: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222 & here: https://firefox-source-docs.mozilla.org/devtools/backend/protocol.html for some details Not even Firefox Developer Edition enables these prefs by default. Respectfully, I have no idea what your team was thinking flipping them, and I seriously have to question the motives here. I hope that this was simply incompetence & not malicious, but it is concerning regardless. The browser is one of the, if not the most security critical component in our lives. Treating it as a hobbyist project like this is unacceptable. Please do better in the future. There's various other prefs I think are highly questionable that I'll leave feedback for separately - But this was the most severe & needed to be taken care of ASAP.