Security/Reviews/Firefox5/ReviewNotes/Mobile
Jump to navigation
Jump to search
Date of Review: 2011.04.27
Links of interest:
Android Gallery
- Android media scanner (images specifically
- Trigger intentionally when download completes
- downloads: automatically sent to associated app (media scanner) when downloaded
Concerns:
- concern is that there is no way for someone to turn on "prompt before opening" in case of malware in the wild
- Possibility that this could trigger system compromise due to code flaws we don't control (e.g., android's image decoding libraries)
- Randomly registered mime types from not so well coded applications could cause compromis
Actions:
- File bug: add (hidden) pref to turn off the media scanning (fail-safe in case of widespread attack on Android itself). target FX5 (dveditz)
- Possibly add dialogue about the downloaded item "do you want to open this?" kind of thing (optional) > target FX5+ (dveditz)
Theme / Styles for Dialog Prompts
- CSS to make things look correct
- no changes to behavior
- not content, appearance only
Concerns:
- None at this time
Landscape Virtual Keyboard
- Keyboard should only show for non-synthetic focus events (i.e. -- actual user clicking in an edit box, not the web page calling input.focus().