Confirmed users
169
edits
Security/Reviews/F1 (round 2): Difference between revisions
Security/Reviews/F1 (round 2) (view source)
Revision as of 18:12, 26 September 2011
, 26 September 2011→Threat Brainstorming (30-40 minutes)
Mixedpuppy (talk | contribs) |
Mixedpuppy (talk | contribs) |
||
| Line 56: | Line 56: | ||
* potential clickjacking due to dialog being displayed over content, possibly phishing also by mimicing the experience (particularly in full screen mode) | * potential clickjacking due to dialog being displayed over content, possibly phishing also by mimicing the experience (particularly in full screen mode) | ||
** potential mitigation - exit fullscreen mode when dialog is shown | ** potential mitigation - exit fullscreen mode when dialog is shown | ||
** I don't see this as an F1/OWA problem, but rather a generic issue with panels (shanec). we could mitigate in F1/OWA, but the problem still exists for lots of other features in firefox | |||
* Starting Share/F1 (or any activity) could be the "new window.open()" | * Starting Share/F1 (or any activity) could be the "new window.open()" | ||
** jstenback is the person to talk to about trusted events being required for startActivity | ** jstenback is the person to talk to about trusted events being required for startActivity | ||