I am hosting this special app which helps me infer/test the current permissions despite what the manifest says. This is rather helpful for security testing. It's available on http://freddyb.github.com/allperms/ (demo) or http://github.com/freddyb/allperms/ (code). The app tries to access certain APIs and catches the Security Errors to see which calls fail and which ones go through. I noticed that testing wifi is a bit problematic, since there is no navigator.mozWifiManager property if you have no wifi. So this only works on my unagi device: Whenever I access navigator.mozWifiManager my application gets killed. adb logcat says: I/Gecko ( 1233): Security problem: Content process does not have `wifi-manage'. It will be killed. Reproduce: 1) Visit http://freddyb.github.com/allperms/ 2) Click on tests 3) scroll down to wifi, click the text 4) "Well, this is embarrassing." OR If you're running some kind of test build, it comes with a JS shell. Open it and enter navigator.mozWifiManager. The shell will be killed I suppose this is a low risk DoS but I will mark it as a security problem just to be sure.

Expected behaviour: throw SecurityError instead

Looks like paul already filed this