From MozillaWiki
Jump to: navigation, search

Name of API: WebUSB API


Brief purpose of API: Allow core (certified) apps to interact directly with USB devices General Use Cases:

Inherent threats:

  • Theft of sensitive data
  • Device compromise (mounting of device USB filesystem)

Threat severity: Critical

Regular web content (unauthenticated)

Use cases for unauthenticated code: None

Authorization model for normal content: None

Authorization model for installed content: None

Potential mitigations: N/A

Trusted (authenticated by publisher)

Same as for installed unauthenticated app

Certified (vouched for by trusted 3rd party)

Use cases for certified code: Configure, enable/disable USB devices. Interact with USB devices.

Authorization model for normal content: Implicit


Non-certified use cases are out of scope for 1.0. We will consider those for a subsequent release.