PSM provides interfaces that embedding applications can override. They are designed to allow applications to use their own chrome. Some interfaces are designed to give users a choice to review sensitive information and make momentous decisions, like installing a CA cert as trusted or providing a private key to an issuing authority. This bug proposes to review the existing interfaces and use more obvious comments. This will prevent embeddors from accidentially using wrong function result values and hopefully will prevent security issues. The following interfaces might be of interest: nsITokenPasswordDialogs, nsICertificateDialogs, nsIClientAuthDialogs, nsICertPickDialogs, nsITokenDialogs, nsIDOMCryptoDialogs, nsIGeneratingKeypairInfoDialogs There might be other interfaces I'm missing. Here are some first proposals: ConfirmDownloadCACert // If an implementation chooses not to implement UI for displaying // the cert and asking the user for confirmation, // then this function must return PR_FALSE. ConfirmKeyEscrow // If an implementation chooses not to implement UI that asks the user for // confirmation to hand out the private key, // then this function must return PR_FALSE.
I'm not sure this bug needs to be security-sensitive, although I guess it won't hurt to it that way until Nokia can update their implementation.
Whiteboard: [sg:want P1]
Kai will you have time for this before ship?
Priority: P1 → P2
I'm no longer sure this deserves to have a high priority. Nobody else has made the same mistake in the previous 4 years.
The PSM IDL documentation is somewhat lacking, but AIUI, nobody really embeds Gecko anymore. So, we can just fix each IDL one at a time as reasonable.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.