126
edits
Changes
Add some security-relevant information
'''GeckoView''' wraps Mozilla's [https://wikipedia.org/wiki/Gecko_(software) Gecko browser engine] in a reusable Android libraryfor applications that wish to use Mozilla’s JavaScript, HTML layout, and rendering engines (generally referred to as SpiderMonkey and Gecko).
Mozilla uses GeckoView to power [https://www.mozilla.org/en-US/firefox/browsers/mobile/android/ Firefox for Android], [https://blog.mozilla.org/blog/2018/09/18/firefox-reality-now-available/ Firefox Reality], [https://www.mozilla.org/firefox/mobile/#focus Firefox Focus], and other Android apps. GeckoView serves a similar purpose to Android's built-in WebView, but it has its own APIs and is ''not'' a drop in replacement.
* '''Self-Contained''': Because GeckoView is a standalone library that you bundle with your application, you can be confident that the code you test is the code that will actually run.
* '''Standards Compliant''': Like Firefox, GeckoView offers excellent support for modern Web standards.
== About GeckoView ==
Mozilla provides a GeckoView package and a [https://maven.mozilla.org/?prefix=maven2/org/mozilla/geckoview/ Maven Repo] along with [https://mozilla.github.io/geckoview/javadoc/mozilla-central/org/mozilla/geckoview/package-summary.html package documentation]. GeckoView has Stable, Beta, and Nightly channels that follow the [https://wiki.mozilla.org/Release_Management/Calendar Firefox browser’s Release Calendar] which typically ships a new major version to the Stable channel every 4 weeks and the maven repository is updated accordingly.
When a new version is released to the Stable channel, any relevant security fixes will be published to the [https://www.mozilla.org/en-US/security/advisories/ Mozilla Security Advisories page]. While GeckoView is not explicitly called out in the advisories, most but not strictly all vulnerabilities will affect GeckoView. Exceptions would be vulnerabilities that occur in user-facing components excluded from GeckoView (such as the address bar) or desktop-platform-specific vulnerabilities. Keeping the GeckoView dependency up-to-date is the most effective way to incorporate security fixes.
== Getting Help ==
If you have questions or need assistance, please reach out to us in the [https://chat.mozilla.org/#/room/#geckoview:mozilla.org #geckoview] Matrix room.
The overall Mozilla security team can be reached at security@mozilla.org. If you ship GeckoView in your application you are encouraged to let us know at that address.
== Get Started ==