Security/Reviews/Gaia/Dialer: Difference between revisions

← Older edit

Security/Reviews/Gaia/Dialer (view source)

Revision as of 20:00, 27 February 2013

748 bytes added , 27 February 2013

→‎Overview

St3fan

Confirmed users

971

edits

@@ Line 1: / Line 1: @@
 === App Review Details ===
-WORK IN PROGRESS WORK IN PROGRESS
 * App: Dialer, which is part of the Communications application
@@ Line 7: / Line 5: @@
 * Review Lead: Stefan Arentz
 * Review Bug: {{bug|754741}} [Security Review] B2G Gaia - Dialer
-* Dependency Tree: https://bugzilla.mozilla.org/showdependencytree.cgi?id=754741&hide_resolved=1
+* Dependency Tree: https://bugzilla.mozilla.org/showdependencytree.cgi?id=754741&hide_resolved=0
 === Overview ===
-TODO The dialer.
+This review only looks at the Dialer component of the communications app.
 ===Architecture===
@@ Line 270: / Line 268: @@
 === Actions & Recommendations ===
-The application unnecessarily has access to all system settings. This is an issue with the Settings API that should be improved in a future version of Firefox OS:
+The dialer unnecessarily has access to all system settings. This is an issue with the Settings API that should be improved in a future version of Firefox OS:
 * {{bug|841071}}  Settings are globally shared between applications
+The dialer is embedded in a bigger app, which is not great from a security pov:
+* {{bug|845945}} Dialer should be turned into minimal standalone application
+Multiple input validation issues that need to be fixed:
+* {{bug|845383}} Dialer accepts super long phone number which breaks the phone until reboot
+* {{bug|845361}} Dialer does not correctly validate input to the dial activity handler
+* {{bug|845045}} Dialer can be tricked into displaying one number but dialing another
+* {{bug|845930}} Dialer does not validate phone numbers received via BlueTooth
+The dialer does not verify the source of 'postMessage()' messages:
+* {{bug|845487}} Dialer responds to cross-origin messages without verifying the source (exploitable)