WebAPI/Security/NetworkInformation: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Created page with " Name of API: Network Information API Sec Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=677166 https://wiki.mozilla.org/WebAPI/NetworkAPI Brief purpose of API: General...")
 
(Blanked the page)
 
Line 1: Line 1:


Name of API: Network Information API Sec
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=677166
https://wiki.mozilla.org/WebAPI/NetworkAPI
Brief purpose of API:
General Use Cases:
Read current bandwidth estimate or ask if connection is metered
Listen for connection change events
Inherent threats: Privacy (de-anonymize users based on connection change
events?)
Threat severity:Low
== Regular web content (unauthenticated) ==
Use cases for unauthenticated code: Read current bandwidth estimate or
ask if connection is metered
Authorization model for normal content: Read current bandwidth estimate
or ask if connection is metered
Authorization model for installed content:
Potential mitigations: Maybe fuzz the exact time of the network change
event in a similar manner to idle API.
== Trusted (authenticated by publisher) ==
Use cases for authenticated code:As above
Use cases for trusted code:
Potential  mitigations:
== Certified (vouched for by trusted 3rd party) ==
Use cases for certified code:  As above
Authorization model:
Potential mitigations:

Latest revision as of 11:24, 25 June 2012

Retrieved from "https://wiki.allizom.org/index.php?title=WebAPI/Security/NetworkInformation&oldid=445037"