Security/Reviews/B2G/mozapp
Item Reviewed
| mozapp iframe | |
| Target | 751026 |
{{#set:SecReview name=mozapp iframe |SecReview target=751026 }}
Introduce the Feature
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
This is a review of the Firefox OS specifics for mozapp embedding.
What solutions/approaches were considered other than the proposed solution?
`
Why was this solution chosen?
`
Any security threats already considered in the design and why?
`
Threat Brainstorming
' {{#set: SecReview feature goal=This is a review of the Firefox OS specifics for mozapp embedding. |SecReview alt solutions=' |SecReview solution chosen=' |SecReview threats considered=' |SecReview threat brainstorming=' }}
Action Items
| Action Item Status | None |
| Release Target | FxOS 1.0 |
| Action Items | |
| ' | |
{{#set:|SecReview action item status=None
|Feature version=FxOS 1.0 |SecReview action items=` }}
Technical details
A non-standard attribute was added to the iframe tag called mozapp [1] This attribute allows a webpage to specify a manifest URL, that was previously pre-installed on the device or installed through window.navigator.mozApps.install [2]. A valid manifest meets the requirements set forth at [3] and may grant an app more privileges than a normal webpage has.
A mozapp iframe must also have the mozbrowser attribute set. This is currently a limitation in the design of the feature and may be removed in the future. [4]
This means that an embed mozapp iframe will have mozbrowser capabilities. [5] This is only relevant to the embeddor or the mozapp iframe, since it will be able to listen for certain events. Currently mozapp iframes are embedded by the System app which is fully trusted.
Embedding a mozapp iframe requires the "embed-apps" permissions which is only given to certified apps. [6][7]
Suffice to say, a user submitted app will never be able to create mozapp iframes under the current model.
[1] - https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe [2] - https://developer.mozilla.org/en-US/docs/Web/API/Apps.install [3] - https://developer.mozilla.org/en-US/docs/Web/Apps/Manifest [4] - http://hg.mozilla.org/mozilla-central/file/70cfbdceb63a/content/html/content/src/nsGenericHTMLFrameElement.cpp#l381 [5] - https://developer.mozilla.org/en-US/docs/WebAPI/Browser [6] - http://hg.mozilla.org/mozilla-central/file/70cfbdceb63a/content/html/content/src/nsGenericHTMLFrameElement.cpp#l393 [7] - http://hg.mozilla.org/mozilla-central/file/dd2ffe93fb2f/dom/apps/src/PermissionsTable.jsm#l208
What does a mozapp iframe do?
separately keyed cookie / session storage / etc permissions associated with your manifest different origin extendedprincipal http://mxr.mozilla.org/mozilla-central/source/caps/src/nsScriptSecurityManager.cpp#2887 2887 // aExtendedOrigin = appId + "+" + { 't', 'f' } "+" + origin;