: Etherpad users! We are developing an extension that will allow you to create pages from etherpads quickly and easily. Please visit our sandbox and help us test it.


From MozillaWiki
Jump to: navigation, search

Browser API

Brief purpose of API: Provide an iframe that acts as a web browser

General Use Cases: A browser app.

Inherent threats:

  • browser can see all data from all websites, and perform all actions
  • can steal passwords (user-entered; enumerate all saved passwords)
  • can steal cookies (by enumerating websites)
  • NOT a use case: OAuth or other app-content or content-content interactions

Threat severity: high per https://wiki.mozilla.org/Security_Severity_Ratings


Permissions Table

Type Use Cases Authorization Model Notes & Other Controls
Web Content None No access
Installed Web Apps None No access
Privileged Web Apps Implement a 3rd party browser application Implicit Each app has separate cookie and password stores from other apps (including system browser app)
Certified Web Apps Replacement Browser Implicit