WebAPI/Security/WebUSB

From MozillaWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Name of API: WebUSB API

Reference:
https://wiki.mozilla.org/WebAPI/WebUSB
https://bugzilla.mozilla.org/show_bug.cgi?id=674718

Brief purpose of API: Allow core (certified) apps to interact directly with USB devices General Use Cases:

Inherent threats:

  • Theft of sensitive data
  • Device compromise (mounting of device USB filesystem)

Threat severity: Critical

Regular web content (unauthenticated)

Use cases for unauthenticated code: None

Authorization model for normal content: None

Authorization model for installed content: None

Potential mitigations: N/A

Trusted (authenticated by publisher)

Same as for installed unauthenticated app

Certified (vouched for by trusted 3rd party)

Use cases for certified code: Configure, enable/disable USB devices. Interact with USB devices.

Authorization model for normal content: Implicit

Notes

Non-certified use cases are out of scope for 1.0. We will consider those for a subsequent release.

Retrieved from "https://wiki.mozilla.org/index.php?title=WebAPI/Security/WebUSB&oldid=1021354"