Security/Reviews/Firefox5/ReviewNotes/Mobile

From MozillaWiki
Jump to: navigation, search

Date of Review: 2011.04.27

Links of interest:

Android Gallery

bug 646550

  • Android media scanner (images specifically
  • Trigger intentionally when download completes
    • downloads: automatically sent to associated app (media scanner) when downloaded

Concerns:

  • concern is that there is no way for someone to turn on "prompt before opening" in case of malware in the wild
    • Possibility that this could trigger system compromise due to code flaws we don't control (e.g., android's image decoding libraries)
    • Randomly registered mime types from not so well coded applications could cause compromis

Actions:

  • File bug: add (hidden) pref to turn off the media scanning (fail-safe in case of widespread attack on Android itself). target FX5 (dveditz)
  • Possibly add dialogue about the downloaded item "do you want to open this?" kind of thing (optional) > target FX5+ (dveditz)

Theme / Styles for Dialog Prompts

bug 618989

  • CSS to make things look correct
  • no changes to behavior
  • not content, appearance only

Concerns:

  • None at this time

Landscape Virtual Keyboard

bug 614355 bug 532738

  • Keyboard should only show for non-synthetic focus events (i.e. -- actual user clicking in an edit box, not the web page calling input.focus().