Security/Reviews/Mobile/ExposeJNI: Difference between revisions

Security/Reviews/Mobile/ExposeJNI (view source)

1,246 bytes added , 29 November 2012

no edit summary

canmove, Confirmed users, Bureaucrats and Sysops emeriti

2,776

edits

@@ Line 1: / Line 1: @@
 {{SecReviewInfo
 |SecReview name=Expose some JNI to js through js-ctypes
+|SecReview target=* SecReview: Mobile -  Expose some JNI to js through js-ctypes
+** https://bugzilla.mozilla.org/show_bug.cgi?id=813985
+* Expose some JNI to js through js-ctypes
+** https://bugzilla.mozilla.org/show_bug.cgi?id=787271
+* Application shortcuts wrongly scaled? (DPI)
+** https://bugzilla.mozilla.org/show_bug.cgi?id=783921#c15
+<bugzilla>
+{
+"id":"813985,787271"
+}
+</bugzilla>
+}}
+{{SecReview
+|SecReview feature goal=* allow the call of Java methods or objects via extensions
+** can't do anything that fennec can't do
+|SecReview alt solutions=* could have implemented in pure JS
+* https://github.com/cscott/skeleton-addon-fxandroid/blob/jni/jni.jsm
+** does not use native parts
+|SecReview threats considered=* same subset as in desktop
+** addons have a great deal of power as they have the same rights as the browser
+|SecReview threat brainstorming=* Malicious addons using this API
+* What if an addon exposes some API to content. And content causes a buffer overflow (eg) in this API. Could that give content access to chrome via bugs in ctypes?
 }}
-{{SecReview}}
 {{SecReviewActionStatus
 |SecReview action item status=None
+|SecReview action items=*dchan: Find out if we have metrics about non-AMO installed addons on Fennec
+** File a bug to create pref. for non AMO addons in Fennec
+* SA-TBD:  Has ctypes been reviewed? Fuzzed?
 }}