accessing navigator.mozWifiManager kills applications instead of raising an exception

RESOLVED DUPLICATE of bug 815110

Status

Firefox OS
General
RESOLVED DUPLICATE of bug 815110
5 years ago
3 years ago

People

(Reporter: freddyb, Unassigned)

Tracking

({csectype-dos, sec-low})

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 years ago
I am hosting this special app which helps me infer/test the current permissions despite what the manifest says. This is rather helpful for security testing. It's available on http://freddyb.github.com/allperms/ (demo) or http://github.com/freddyb/allperms/ (code).

The app tries to access certain APIs and catches the Security Errors to see which calls fail and which ones go through.

I noticed that testing wifi is a bit problematic, since there is no navigator.mozWifiManager property if you have no wifi. So this only works on my unagi device:

Whenever I access navigator.mozWifiManager my application gets killed.
adb logcat says:
I/Gecko   ( 1233): Security problem: Content process does not have `wifi-manage'.  It will be killed.

Reproduce:

1) Visit http://freddyb.github.com/allperms/
2) Click on tests
3) scroll down to wifi, click the text
4) "Well, this is embarrassing."

OR
If you're running some kind of test build, it comes with a JS shell. Open it and enter navigator.mozWifiManager. The shell will be killed


I suppose this is a low risk DoS but I will mark it as a security problem just to be sure.
(Reporter)

Comment 1

5 years ago
Expected behaviour: throw SecurityError instead

Updated

5 years ago
Component: Gaia → General
Keywords: csec-dos, sec-low
(Reporter)

Updated

5 years ago
blocking-b2g: --- → leo?
tracking-b2g18: --- → ?
tracking-b2g18: ? → ---
(Reporter)

Comment 2

5 years ago
Looks like paul already filed this
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 815110

Updated

5 years ago
blocking-b2g: leo? → ---
Group: core-security
You need to log in before you can comment on or make changes to this bug.