MozillaWiki

WebAPI/Security/NetworkInformation

< WebAPI‎ | Security
Revision as of 11:22, 25 June 2012 by Ptheriault (talk | contribs) (Created page with " Name of API: Network Information API Sec Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=677166 https://wiki.mozilla.org/WebAPI/NetworkAPI Brief purpose of API: General...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Name of API: Network Information API Sec Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=677166 https://wiki.mozilla.org/WebAPI/NetworkAPI

Brief purpose of API: General Use Cases: Read current bandwidth estimate or ask if connection is metered

Listen for connection change events

Inherent threats: Privacy (de-anonymize users based on connection change events?)

Threat severity:Low

Regular web content (unauthenticated)

Use cases for unauthenticated code: Read current bandwidth estimate or ask if connection is metered Authorization model for normal content: Read current bandwidth estimate or ask if connection is metered Authorization model for installed content: Potential mitigations: Maybe fuzz the exact time of the network change event in a similar manner to idle API.

Trusted (authenticated by publisher)

Use cases for authenticated code:As above Use cases for trusted code: Potential mitigations:

Certified (vouched for by trusted 3rd party)

Use cases for certified code: As above Authorization model: Potential mitigations:

Retrieved from "https://wiki.allizom.org/index.php?title=WebAPI/Security/NetworkInformation&oldid=445035"