Security/Reviews/Mobile/ExposeJNI: Difference between revisions
Jump to navigation
Jump to search
Full Query
(Created page with "{{SecReviewInfo |SecReview name=Expose some JNI to js through js-ctypes }} {{SecReview}} {{SecReviewActionStatus |SecReview action item status=None }}") |
No edit summary |
||
| Line 1: | Line 1: | ||
{{SecReviewInfo | {{SecReviewInfo | ||
|SecReview name=Expose some JNI to js through js-ctypes | |SecReview name=Expose some JNI to js through js-ctypes | ||
|SecReview target=* SecReview: Mobile - Expose some JNI to js through js-ctypes | |||
** https://bugzilla.mozilla.org/show_bug.cgi?id=813985 | |||
* Expose some JNI to js through js-ctypes | |||
** https://bugzilla.mozilla.org/show_bug.cgi?id=787271 | |||
* Application shortcuts wrongly scaled? (DPI) | |||
** https://bugzilla.mozilla.org/show_bug.cgi?id=783921#c15 | |||
<bugzilla> | |||
{ | |||
"id":"813985,787271" | |||
} | |||
</bugzilla> | |||
}} | |||
{{SecReview | |||
|SecReview feature goal=* allow the call of Java methods or objects via extensions | |||
** can't do anything that fennec can't do | |||
|SecReview alt solutions=* could have implemented in pure JS | |||
* https://github.com/cscott/skeleton-addon-fxandroid/blob/jni/jni.jsm | |||
** does not use native parts | |||
|SecReview threats considered=* same subset as in desktop | |||
** addons have a great deal of power as they have the same rights as the browser | |||
|SecReview threat brainstorming=* Malicious addons using this API | |||
* What if an addon exposes some API to content. And content causes a buffer overflow (eg) in this API. Could that give content access to chrome via bugs in ctypes? | |||
}} | }} | ||
{{SecReviewActionStatus | {{SecReviewActionStatus | ||
|SecReview action item status=None | |SecReview action item status=None | ||
|SecReview action items=*dchan: Find out if we have metrics about non-AMO installed addons on Fennec | |||
** File a bug to create pref. for non AMO addons in Fennec | |||
* SA-TBD: Has ctypes been reviewed? Fuzzed? | |||
}} | }} | ||
Revision as of 01:42, 29 November 2012
Please use "Edit with form" above to edit this page.
Item Reviewed
| Expose some JNI to js through js-ctypes | |||||||||||||
| Target | * SecReview: Mobile - Expose some JNI to js through js-ctypes
2 Total; 0 Open (0%); 2 Resolved (100%); 0 Verified (0%); |
||||||||||||
{{#set:SecReview name=Expose some JNI to js through js-ctypes |SecReview target=* SecReview: Mobile - Expose some JNI to js through js-ctypes
- Expose some JNI to js through js-ctypes
- Application shortcuts wrongly scaled? (DPI)
| ID | Summary | Priority | Status |
|---|---|---|---|
| 787271 | Expose some JNI to js through js-ctypes | -- | RESOLVED |
| 813985 | SecReview: Mobile - Expose some JNI to js through js-ctypes | -- | RESOLVED |
2 Total; 0 Open (0%); 2 Resolved (100%); 0 Verified (0%);
}}
Introduce the Feature
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
- allow the call of Java methods or objects via extensions
- can't do anything that fennec can't do
What solutions/approaches were considered other than the proposed solution?
- could have implemented in pure JS
- https://github.com/cscott/skeleton-addon-fxandroid/blob/jni/jni.jsm
- does not use native parts
Why was this solution chosen?
`
Any security threats already considered in the design and why?
- same subset as in desktop
- addons have a great deal of power as they have the same rights as the browser
Threat Brainstorming
- Malicious addons using this API
- What if an addon exposes some API to content. And content causes a buffer overflow (eg) in this API. Could that give content access to chrome via bugs in ctypes?
{{#set: SecReview feature goal=* allow the call of Java methods or objects via extensions
- can't do anything that fennec can't do
|SecReview alt solutions=* could have implemented in pure JS
- https://github.com/cscott/skeleton-addon-fxandroid/blob/jni/jni.jsm
- does not use native parts
|SecReview solution chosen=' |SecReview threats considered=* same subset as in desktop
- addons have a great deal of power as they have the same rights as the browser
|SecReview threat brainstorming=* Malicious addons using this API
- What if an addon exposes some API to content. And content causes a buffer overflow (eg) in this API. Could that give content access to chrome via bugs in ctypes?
}}
Action Items
| Action Item Status | None |
| Release Target | ` |
| Action Items | |
*dchan: Find out if we have metrics about non-AMO installed addons on Fennec
|
|
{{#set:|SecReview action item status=None
|Feature version=` |SecReview action items=*dchan: Find out if we have metrics about non-AMO installed addons on Fennec
- File a bug to create pref. for non AMO addons in Fennec
- SA-TBD: Has ctypes been reviewed? Fuzzed?
}}