Closed
Bug 914587
Opened 11 years ago
Closed 11 years ago
secreview: Replaceable homescreen
Categories
(mozilla.org :: Security Assurance: Review Request, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: pauljt, Assigned: freddy)
References
Details
(Whiteboard: [score:medium] u= c= p=1 s=ready)
Gaia is planning to allow the home screen to be replaced. The plan, as I understand it, is: - allow privileged apps to request the 'webapps-manage' - apps specify the 'homescreen' role in their manifest - the settings app contains a menu option to select homescreen app (displaying a list of apps with the homescreen role) There are a number of security implications of this, for which this review has been created.
Comment 1•11 years ago
|
||
Also, bug 819882 (window.open to remote process) might fall under this scope.
Reporter | ||
Comment 2•11 years ago
|
||
Also see bug 899994
Assignee | ||
Updated•11 years ago
|
Assignee: nobody → fbraun
Assignee | ||
Updated•11 years ago
|
Whiteboard: [score:medium]
Updated•11 years ago
|
Whiteboard: [score:medium] → [score:medium] u= c= p=1 s=ready
Reporter | ||
Updated•11 years ago
|
Component: Security Assurance → Security Assurance: Review Request
Assignee | ||
Comment 3•11 years ago
|
||
I am mostly concerned with the webapps-manage role *implying* a permission without it being required in the manifest. The other concerns O have are just the pure fact that anybody can write a homescreen. A malicious homescreen could a) hide an app from the list of available apps (either to make a competitor unavailable or to hide the fact that something unwanted is isntalled) b) pretend it uninstalls an app without actually doing so (similar to a)) c) replace arbitrary apps with something else that looks similar (phishing, but more serious) etc. It would be really bad if an evil homescreen would mock the system app and make the real one unavailable so there's no point in going back.
See Also: → 899994
Comment 4•11 years ago
|
||
FYI: https://bugzilla.mozilla.org/show_bug.cgi?id=900551 would render the current TrustedUI implementation useless.
Assignee | ||
Comment 5•11 years ago
|
||
(In reply to Frederik Braun [:freddyb] from comment #3) > I am mostly concerned with the webapps-manage role *implying* a permission > without it being required in the manifest. There is no implicit handling of homescreens as a role if the permissions aren't in the manifest. I think this review is done.
You need to log in
before you can comment on or make changes to this bug.
Description
•