MozillaWiki

Security/Reviews/SocialAPI: Difference between revisions

Page Discussion

Security/Reviews/SocialAPI (view source)

Revision as of 09:30, 14 June 2012

1 byte added ,  14 June 2012
more formatting...
m (formatting)
(more formatting...)
Line 185: Line 185:
* We create an iframe (for each provider) on the hidden window with the src attribute set to workerURL from the providers manifest. The content retrieved is copied and eval'd in the sandbox. Can code run in the hidden window, prior to being sandboxed?
* We create an iframe (for each provider) on the hidden window with the src attribute set to workerURL from the providers manifest. The content retrieved is copied and eval'd in the sandbox. Can code run in the hidden window, prior to being sandboxed?
* The remote code is loaded into a sandboxed content iframe without access to chrome privileges or the hidden xul window.   
* The remote code is loaded into a sandboxed content iframe without access to chrome privileges or the hidden xul window.   
*  Not sure if this is part of the threat or remediation, I don't know enough about this part of firefox
**  Not sure if this is part of the threat or remediation, I don't know enough about this part of firefox
Proposed Remediation
Proposed Remediation
* ?
* ?
Amuntner
297

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/441229"