Labs/Weave/Sync Client Security Review

Synchronize your bookmarks, history, tabs and passwords wherever you go. Whether you use Firefox on your phone, laptop, or desktop, securely access all your data.

Background links

• https://mozillalabs.com/weave/
• https://hg.mozilla.org/labs/weave/
• https://addons.mozilla.org/en-US/firefox/addon/10868

• Is this feature a security feature? If it is, what security issues is it intended to resolve?
  • Securely sync data across browser profiles by encrypting and storing data on Weave servers
• What potential security issues in your feature have you already considered and addressed?
  • Encrypting data that requires a passphrase that only the user knows to unlock
• Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing?
• Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project.
• How are transitions in/out of Private Browsing mode handled?
  • Sync is disabled during private browsing and reschedules on exit

• Please provide a table of exported interfaces (APIs, ABIs, protocols, UI, etc.)
  • Firefox status bar: allows triggering sync and connect
  • Firefox pref pane: configure what data to sync to which account
  • Firefox tabs view: view and open tabs from other profiles in a menu
  • Fennec pref pane: connect and sync
  • Fennec tabs view: view and open tabs from content space
• Does it interoperate with a web service? How will it do so?
  • https://wiki.mozilla.org/Labs/Weave/API storage/user APIs
• Explain the significant file formats, names, syntax, and semantics.
  • JSON: local temporary storage (changes, to fetch)
• Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully?
  • https://wiki.mozilla.org/Labs/Weave/Developer
• Does it change any existing interfaces?
  • Extra data is stored using existing annotation interfaces

• What other modules are used (REQUIRES in the makefile, interfaces)?
  • NSS: WeaveCrypto
  • Places: Bookmarks/History
  • LoginManager: Passwords
  • FormHistory: autofill data
  • Browser/Sessionstore: Open tabs
  • Prefs: some preferences synced

• What data is read or parsed by this feature?
• What is the output of this feature?
• What storage formats are used?

• What failure modes or decision points are presented to the user?
  • Login:
  • Sync:
• Can its files be corrupted by failures? Does it clean up any locks/files after crashes?

• Can the end user configure settings, via a UI or about:config? Hidden prefs? Environment variables?
• Are there build options for developers? [#ifdefs, ac_add_options, etc.]
• What ranges for the tunable are appropriate? How are they determined?
• What are its on-going maintenance requirements (e.g. Web links, perishable data files)?

Are there related projects in the community?

• If so, what is the proposal's relationship to their work? Do you depend on others' work, or vice-versa?
• Are you updating, copying or changing functional areas maintained by other groups? How are you coordinating and communicating with them? Do they "approve" of what you propose?