Security/Reviews/Firefox10/CSS3DTransforms

From MozillaWiki
Jump to: navigation, search
Items to be reviewed

CSS3 3D Transforms

Introduce Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

  • extends CSS transforms with new keywords to transform any CSS into a 3D perspective
    • this uses the 3D features of the graphics card, most of this already done in the graphics area so this just extended into that

What solutions/approaches were considered other than the proposed solution?

Why was this solution chosen?

  • proposed CSS standard

Any security threats already considered in the design and why?

  • N/A

Threat Brainstorming

  • interaction with graphics card, support, crashes (QA perspective)
    • this is nothing we did not already have with layout
    • consider fuzzing on a wider variety of graphics cards/drivers. but this is most likely to find graphics card bugs (in which case we'd blacklist) rather than firefox/cairo bugs, and it's probably not worth the effort.
  • <discussion of Jesse's fuzzing techniques>
    • seems to indicate that he is using the correct path
  • Does the 3D transform code use a different path compared to 2D when page is navigated
    • No, there shouldn't be a residual image in graphics framebuffer
  • Since this is a proposed spec is it prefixed or pref-ed off by default?
    • prefixed with -moz-
    • we have a pref for now, default to enabled, and will probably remove it in a few releases

Conclusions / Action Items

  • [Jesse] continue fuzzing, general CSS fuzzing