[Security Review] Web Intents/Activities

RESOLVED FIXED

Status

task
P2
normal
RESOLVED FIXED
7 years ago
7 years ago

People

(Reporter: pauljt, Assigned: dveditz)

Tracking

Firefox Tracking Flags

(blocking-basecamp:+)

Details

(Whiteboard: [secreview complete][start mm/dd/yyyy][target mm/dd/yyyy], URL)

(Reporter)

Description

7 years ago
Security Review for Web Intents
(Reporter)

Comment 1

7 years ago
Still chasing appropriate bug for this.
Assignee: nobody → dveditz
Blocks: 715814
Status: NEW → ASSIGNED
(Reporter)

Updated

7 years ago
(Reporter)

Comment 3

7 years ago
Possibly limited set of activities for milestone 3
Priority: -- → P1
(Reporter)

Comment 5

7 years ago
Brain dump of a list of threats:

1. Handle an activity that provides access to sensitive information 
    - Mitigation: only certified (trusted and from carrier) apps can register for certain types TODO: what types? sms, dialing, 
2. Handle an activity, and deliberately return malicious/malformed/empty data (.e.g pretend to be the Contact app and PICK the wrong number for a contact)
    - Mitigation: Apps should treat all data as untrusted input
    - Mitigation: An app that returns broken or no data should be not chosen in the future by the user
3. Start an activity with a malicious payload (e.g. SMS to expensive number, SHARE exe instead of a photo
    - Mitigation: Apps fulfilling activities must validate the data provided
    - Mitigation: Handling of activity must allow for user review (e.g. for SMS, the user has a chance to clearly review where the SMS is going to be sent, and it's contents)
4. Start an activity that is sensitive: 
     - Mitigation: Ensure that ALL activities are safe to start (user should always have a chance to review the action before it is completed)
     (NB: in the gallery app case, should the LAUNCH camera be changed to PICK photo from camera since that is really what you are doing here?)
5. Too many apps are registered so the user can't see all the apps registered for an activity
    - Mitigation: provide a way to hide/remove an activity handler for a given app (or is the only option to remove the app entirely)
https://wiki.mozilla.org/Security/Reviews/B2GWebActivities
Whiteboard: [pending secreview][start mm/dd/yyyy][target mm/dd/yyyy] → [secreview complete][start mm/dd/yyyy][target mm/dd/yyyy]
(Reporter)

Updated

7 years ago
Priority: P1 → P2
(Reporter)

Updated

7 years ago
blocking-basecamp: --- → ?
(Reporter)

Updated

7 years ago
Depends on: 807557
review is done, marking resolved fixed, we still have a blocking bug for this bug before we can go confirmed fixed
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
blocking-basecamp: ? → +
(Reporter)

Updated

7 years ago
Depends on: 824670
You need to log in before you can comment on or make changes to this bug.