Confirmed users
971
edits
Security/Reviews/Gaia/Dialer: Difference between revisions
Jump to navigation
Jump to search
Security/Reviews/Gaia/Dialer (view source)
Revision as of 19:00, 27 February 2013
, 27 February 2013→2. Secure Communications
| Line 219: | Line 219: | ||
====2. Secure Communications ==== | ====2. Secure Communications ==== | ||
===== Remote Services ===== | |||
The dialer does not directly talk to remote services. There is talk to Facebook through the Contacts but that will be looked at in the Contacts review. | The dialer does not directly talk to remote services. There is talk to Facebook through the Contacts but that will be looked at in the Contacts review. | ||
===== BlueTooth ===== | |||
The dialer blindly accepts phone numbers from a bluetooth device, which are passed directly to <code>mozTelephony</code> without any further (input) validation. Since <code>mozTelephony</code> passes this data on to the RIL without validation, it opens up possibilities for RIL attacks. | |||
* {{bug|845930}} Dialer does not validate phone numbers received via BlueTooth | |||
====3. (Secure) data storage ==== | ====3. (Secure) data storage ==== | ||