We currently use the default sandboxing rules for the extension content process. We should be able to tighten it considerably, given the limitations of the environment. In particular: - There should be no need for filesystem write access, or read access outside of omni.ja. We will need to proxy moz-extension: protocol requests to the parent process in order to accomplish this, however. - Ideally, we shouldn't allow web content to be loaded into the extension process. I'm not sure how strictly we can enforce this at the process sandbox level, though, since some existing extension code depends on loading remote resources like images and fonts which aren't declared anywhere in their permissions. - As a caveat, Google Chrome allows extensions arbitrary filesystem read access via requests to file: URLs if a user has given them permission. We should discuss what kind of support, if any, we want to add for this, but it should probably be deferred until we support multiple extension content processes.