WebAPI/Security/TCPSocket

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Socket API

Brief purpose of API: Grant full access to raw sockets to allow applications such as SMTP clients etc

General Use Cases: None

Inherent threats: Malicious apps attacking internal systems (firewall bypass), local device access

Threat severity: High

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=733573
Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/Asm37KDoVB4/discussion

Permissions Table

Type	Use Cases	Authorization Model	Notes & Other Controls
Web Content	None	No access
Installed Web Apps	None	No access
Privileged Web Apps	Talk to non-HTTP services. SSH, FTP, mail clients, supporting custom protocols	Implicit	Firewall should prohibit access to privileged low number OS ports (<1024). Listening on a port < 1024 should be prohibited. Specify hosts/ports in the manifest, permissions granted implicitly.
Certified Web Apps	Open a connection to any domain/port	Implicit	specify hosts/ports in the manifest, permissions granted implicitly and not able to be revoked (unless device is in developer mode)

WebAPI/Security/TCPSocket

Socket API

Permissions Table

Navigation menu

Search