Security Review Pre-Work

Please fill our the short section below prior to the review, and make sure you contact security@mozilla.org to schedule your actual review.

Overview

We wanted to make sticky tabs that were the same in every window and persisted between sessions. We didn't get the "same in every window" feature done, so they are merely "pinned tabs" which will persist between sessions.

Background links

• bug 575560 - hook into session restore
• bug 563730 - pinned tabs
• bug 551849 - meta home/app tabs

Threats

Please list the top 3 security threats you have considered during the design and implementation of this feature. Consider attack points as well as code that feels fragile.

I (zpao) only did some of the followup work and have had to deal with app tabs in session restore. I haven't encountered any security threats while doing this work.

What mitigations have you implemented?

None.

Topics To Discuss During The Review

Privacy

• Does the feature cache or store data that could strengthen super-cookies?

Since app tabs persist, their session cookies do too (for the current page anyway). App tabs follow the browser.sessionstore.privacy_level pref.

• How are transitions in/out of Private Browsing mode handled?

App tabs are removed & restored just like normal tabs.

• How is "Clear Recent History" handled?

App tabs are treated just like normal tabs here.

Review comments

Notes and bug numbers will be recorded here. Let's try not to spend too much time on any one topic during the meeting.

• simple host check on link clicks to determine target.
  • window.location = not guaranteed to stay in "app"
  • only link target is checked, it can redirect
  • search site app-tabs navigate to random sites when clicking link (at least Google; some might have a different-host redirector)
  • links opened in new tab might be able to navigate app-tab opener