I am hosting this special app which helps me infer/test the current permissions despite what the manifest says. This is rather helpful for security testing. It's available on http://freddyb.github.com/allperms/ (demo) or http://github.com/freddyb/allperms/ (code). The app tries to access certain APIs and catches the Security Errors to see which calls fail and which ones go through. I noticed that testing wifi is a bit problematic, since there is no navigator.mozWifiManager property if you have no wifi. So this only works on my unagi device: Whenever I access navigator.mozWifiManager my application gets killed. adb logcat says: I/Gecko ( 1233): Security problem: Content process does not have `wifi-manage'. It will be killed. Reproduce: 1) Visit http://freddyb.github.com/allperms/ 2) Click on tests 3) scroll down to wifi, click the text 4) "Well, this is embarrassing." OR If you're running some kind of test build, it comes with a JS shell. Open it and enter navigator.mozWifiManager. The shell will be killed I suppose this is a low risk DoS but I will mark it as a security problem just to be sure.
Expected behaviour: throw SecurityError instead
blocking-b2g: --- → leo?
tracking-b2g18: --- → ?
Looks like paul already filed this
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 815110
You need to log in before you can comment on or make changes to this bug.