canmove, Confirmed users
1,220
edits
Security/Reviews/Gaia/SystemMessageHandler: Difference between revisions
Security/Reviews/Gaia/SystemMessageHandler (view source)
Revision as of 23:08, 25 March 2013
, 25 March 2013→Code Review Notes
Ptheriault (talk | contribs) |
|||
| Line 167: | Line 167: | ||
===Code Review Notes=== | ===Code Review Notes=== | ||
=== Security Risks & Mitigating Controls === | |||
* Bluetooth file transfer contains malicious data (in contents or metadata) | |||
** Need further investigation, and testing of bluetooth_transfer.js | |||
* Wallpaper setting is a CSS url | |||
**if this could be controlled, this may be an injection point (not sure what attack this would grant though really) | |||
* Background App interferes with foreground app | |||
=== Actions & Recommendations === | === Actions & Recommendations === | ||