Closed
Bug 751018
Opened 12 years ago
Closed 12 years ago
[Security Review] Web Intents/Activities
Categories
(mozilla.org :: Security Assurance, task, P2)
Tracking
(blocking-basecamp:+)
RESOLVED
FIXED
| blocking-basecamp | + |
People
(Reporter: pauljt, Assigned: dveditz)
References
()
Details
(Whiteboard: [secreview complete][start mm/dd/yyyy][target mm/dd/yyyy])
Security Review for Web Intents
|
Reporter | |
Comment 1•12 years ago
|
||
Still chasing appropriate bug for this.
|
||
Updated•12 years ago
|
|
|
Reporter | |
Updated•12 years ago
|
Blocks: B2G-secreview
|
|
Reporter | |
Comment 3•12 years ago
|
||
Possibly limited set of activities for milestone 3
Priority: -- → P1
|
|
Reporter | |
Comment 5•12 years ago
|
||
Brain dump of a list of threats:
1. Handle an activity that provides access to sensitive information
- Mitigation: only certified (trusted and from carrier) apps can register for certain types TODO: what types? sms, dialing,
2. Handle an activity, and deliberately return malicious/malformed/empty data (.e.g pretend to be the Contact app and PICK the wrong number for a contact)
- Mitigation: Apps should treat all data as untrusted input
- Mitigation: An app that returns broken or no data should be not chosen in the future by the user
3. Start an activity with a malicious payload (e.g. SMS to expensive number, SHARE exe instead of a photo
- Mitigation: Apps fulfilling activities must validate the data provided
- Mitigation: Handling of activity must allow for user review (e.g. for SMS, the user has a chance to clearly review where the SMS is going to be sent, and it's contents)
4. Start an activity that is sensitive:
- Mitigation: Ensure that ALL activities are safe to start (user should always have a chance to review the action before it is completed)
(NB: in the gallery app case, should the LAUNCH camera be changed to PICK photo from camera since that is really what you are doing here?)
5. Too many apps are registered so the user can't see all the apps registered for an activity
- Mitigation: provide a way to hide/remove an activity handler for a given app (or is the only option to remove the app entirely)https://wiki.mozilla.org/Security/Reviews/B2GWebActivities
Whiteboard: [pending secreview][start mm/dd/yyyy][target mm/dd/yyyy] → [secreview complete][start mm/dd/yyyy][target mm/dd/yyyy]
|
|
Reporter | |
Updated•12 years ago
|
Priority: P1 → P2
|
|
Reporter | |
Updated•12 years ago
|
blocking-basecamp: --- → ?
review is done, marking resolved fixed, we still have a blocking bug for this bug before we can go confirmed fixed
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
||
Updated•12 years ago
|
blocking-basecamp: ? → +
You need to log in
before you can comment on or make changes to this bug.
Description
•