We are witnessing a shift in the design of mobile operating systems from custom architectures to web-based platforms. This paper attempts to understand the security implications of bringing the smartphone to the web. We base our work on Firefox OS as the open nature of the project offers an insight into its design, and allows for the introduction of extensions to its security architecture. This paper has the following contributions: (1) Systematizing our knowledge about the security architecture of Firefox OS, (2) Pointing out shortcomings of Firefox OS's security architecture, (3) Formulating a threat model that web-based OSes face, and (4) Outlining directions for future research in the field.