Owners

Who is driving this feature

Status

Feature tracking bug

• bug 266533
• bug 396196

Overview and Motivations

Describe the goals and objectives of the feature here.

Potential Areas Affected / Issues

• application registration with the system
• product updates
• helper and protocol handler app services involving launching of 3rd party apps
• directory services (default locations)
• general file access - write access restrictions to %userprofile%\AppData\LocalLow
• profile management
• drag and drop
• copy paste
• registry access
• COM interfacing
• Windows api restrictions - api that communicate with objects of a higher integrity level. (cert, crypt, theming, networking, os settings)
• Security Zone Policy settings - Internet Explorer's broker makes decisions as to what integrity level a particular URL should execute within. Intranet and local resources are launched in a seperate medium level process. Whether or not Firefox must support similar decision making and functionality is unknown at this point.

Schedule and Milestones

It's hard to say at this point how long (or even how possible) protected mode is. The first work required is research and testing, followed by the implementation of a basic broker shim aimed at better OS integration. Conservatively this might land for Fx 3.1, with full support for running under protected mode landing in Fx 4.0. We might get farther for Fx 3.1 depending on how much work is involved. The shim should definitely land and be well tested before protected mode support is added.

References

• MSDN Integrity Technical Reference Articles
• Protected Mode in Internet Explorer