canmove, Confirmed users
1,220
edits
Security/WebAPI/Web Telephony: Difference between revisions
Jump to navigation
Jump to search
no edit summary
Ptheriault (talk | contribs) No edit summary |
Ptheriault (talk | contribs) No edit summary |
||
| Line 63: | Line 63: | ||
|- | |- | ||
| 3||Content spoofing phones dialer app||Webpage or app masquerades as the dialer for a complex phishing attack|| | | 3||Content spoofing phones dialer app||Webpage or app masquerades as the dialer for a complex phishing attack|| | ||
*Sort of a broader B2G issue (all apps could be spoofed)* Only high-privileged content process will have access to send dialer IPDL messages||Malicious web content||||||?|||| | *Sort of a broader B2G issue (all apps could be spoofed) | ||
* Only high-privileged content process will have access to send dialer IPDL messages | |||
||Malicious web content | |||
||||||?|||| | |||
|- | |- | ||
| 4||Content framing the dialer app||If content could frame the dialer app, or load it in a manner where it was obscured, malicious content might be able to induce the user to make a call.|| | | 4||Content framing the dialer app||If content could frame the dialer app, or load it in a manner where it was obscured, malicious content might be able to induce the user to make a call. | ||
|| | |||
* Broader B2G issue | * Broader B2G issue | ||
* Only high-privileged content process will have access to send dialer IPDL messages||Malicious web content|||||||||| | * Only high-privileged content process will have access to send dialer IPDL messages | ||
||Malicious web content|||||||||| | |||
|} | |} | ||