Mozilla Brings Web Serial Workflows to Firefox, Collaborates With Adafruit

The Web Serial API lets websites write to (and read from) serial devices using JavaScript, including USB and Bluetooth devices with virtual serial ports. And this week's Firefox 151 release introduced support for the Web Serial API on desktop.

"Most folks won't use this API," acknowledges Mozilla's blog, "but for our community of builders and tinkerers, it unlocks the ability to use Firefox to communicate directly with compatible hardware devices like microcontrollers, development boards, and other serial-connected devices..." With Firefox's browser engine, Gecko, now supporting Web Serial, users can now connect, code, configure, and control compatible hardware directly from the browser in many workflows, often without additional software or complicated setup...

As part of this week's launch, Adafruit, one of the internet's most beloved open-source hardware communities, is collaborating with us to test and validate what browser-based hardware development can look like in Firefox with Web Serial support... With Web Serial support in Firefox 151, Adafruit's browser-based hardware workflows now work directly in Firefox as well, with no additional software or complicated setup required for many projects. We invite you to give it a try...

We want the web to be open, flexible, and shaped by the diversity of people building on it. If you're wiring up your first board, experimenting with hardware projects, or dusting off an old electronics kit, give Adafruit and Web Serial in Firefox a try. Build something amazing. Make something useful. Tell us what works. Tell us what breaks. Most of all, make it your own.
Mozilla's "Hacks" blog demonstrates with an Adafruit ESP32-S2 based board "where messages sent from web code can be directly displayed on the device over Web Serial."

And Mozilla engineer Alex Franchuk even built a handheld device that changes a web page's CSS properties.

This Is Great News

[crunchy_one]

Now I can dump Chrome in the trash where it belongs. Web Serial support was the sole reason I've kept it on my machines.Thank you Mozilla, thank you Adafruit!

Re:

[ArchieBunker]

All this time I've bee doing it wrong. Using minicom to browse the internet.

Re:

[Himmy32]

I was using Lynx and thankfully the haven't implemented Web Serial / USB shennanigans otherwise it'd eat my mouse.

Re:

[caseih]

Yes I'm happy to see this as well. It's funny to read the comments here on slashdot. It's readily apparent those who know what this API is for and those that don't! Indeed the Web Serial API makes it fast and easy for beginners to get into Arduino using the web-based Arduino cloud IDE, or even just to install Circuit Python or MicroPython to a microcontroller. Also good for interacting with and setting up IOT devices.

This is great.

[Kamineko]

I do love it when malware advert javascripts can upload random new firmware updates into my mouse and keyboard turning them into stealth keyloggers. This is great.

This feels like when Flash sandbox breaks became a thing, but worse. At least in those days we got smooth fullscreen vector animations and games to enjoy. I'd rather Flash had just been bloody fixed instead of browsers themselves becoming Shit Flash But Holy Cow It Runs Worse And Gets Worse.

Re:

[znrt]

I do love it when malware advert javascripts can upload random new firmware updates into my mouse and keyboard turning them into stealth keyloggers. This is great.

so you're using a serial mouse in 2026 to browse porn? that's so "cool"!!

Re:This is great.

[Kamineko]

All keyboards are serial. In fact, almost every keyboard ever is a giant parallel to serial convertor.

Re:

[znrt]

in that sense so is every display monitor, but nowadays we use things like hdmi or displayport. this api is about ports that everyday hardware (like e.g. mice and keyboards) hasn't used for decades, and is only used in very specific gadgets or virtualized in tinkering gear sold for people who likes tinkering.

telling you this just so you know that you can safely keep surfing malware ads with your mouse and keyboard, this nasty devil's api will not hurt you.

Re:

[Smidge204]

> this api is about ports that everyday hardware (like e.g. mice and keyboards) hasn't used for decades,

If by "decades" you mean to this very day. A serial port is not the physical connector. Your keyboard is almost certainly USB (no points for guessing what the "S" in "USB" stands for). It presents as a serial device at the hardware and OS level, like all USB devices do. If your OS puts it into a special category and doesn't explicitly label it as a serial device, that still doesn't mean it's not a ser

Re:

[znrt]

If by "decades" you mean to this very day.

what else :-?

A serial port is not the physical connector.

you're really splitting hairs, that's not what is meant. a serial port is very much the physical rs232 "connector" or an emulation of it. usb devices can ofc identify as serial devices and prompt the os to provide such emulation. so what?

That's *already* well within the realm of plausible exploits, even without the WebSerial API. This is just another surface to attack.

of course, which is why the browser asks the user for permission to acces all these devices! i do agree that 0.000001 more surface is technically "more surface", but this is splitting hairs, and doesn't help the claim I do love it when malware advert javascript

Re:

[ceoyoyo]

WebSerial is about USB. As far as I know it doesn't even support any other kind of serial port.

Re: This is great.

[getuid()]

It's called Universal SERIAL Bus, btw.

Re:

[bill_mcgonigle]

You'd get a popup to choose the port and grant permissions.

Have you ever flashed a Meshtastic or ESPHome device or updated firmware on a radio transceiver?

That's what they're talking about here.

Re:

[TheDarkMaster]

Given the current level of developers involved, I question whether the permissions will always work.

Re:

[caseih]

How did this get modded insightful? Kameniko uses rs232 keyboards? Obviously they don't have any clue what web serial is used for.

Sounds peachy

[YuppieScum]

It had better be disabled by default.

Re:

[mmiscool]

It requires permissions just like accessing a camera or microphone. Stop being paranoid.

Re:

[rsilvergun]

It's still a new code base and one that can access hardware so it's understandable that people would be nervous.

At the very least it should probably be something that has to be enabled in settings. And maybe it does I haven't looked into it. There are too many examples of security vulnerabilities that can bypass permissions. That's what the grandparents is worried about

Years ago...

[LordHighExecutioner]

...a way to freeze Internet explorer was by inserting a < img src=lpt1: > tag in the html code.

it's about firggin time

[mmiscool]

Sites like https://serialterminal.com/ [serialterminal.com] will work in firefox. It was like pulling teeth to finally get brave to support this also. Now the only one left is safari.

Does it support token certificates?

[fabioalcor]

Because it's the first thing that comes to my mind: much easier support for client-side digital document signatures using token certificates (like thumbdrive or smartcard devices) plugged in the client machine.
This has been a pain in both my previous and current job. Both provided SaaS products that worked with digitally-signed XML files. But when the client opted for using tokens/smartcards, we had no other choice than make the client install a client-side software to do it locally and send it back to the

My first thought

[mattr]

was "uh-oh". I really hope I'm wrong but I don't want Chrome to gain access to my hardware. Nope. How to disable this thing? As far as making a device to change css, okay Adafruit is cool but did Chrome need to blow open a whole new manifold of attack surfaces for this otherwise fun project? (again hope I'm wrong but tldr so will wait for someone else to figure it out)