Name of API: Socket API
Reference
- https://bugzilla.mozilla.org/show_bug.cgi?id=733573
- Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/Asm37KDoVB4/discussion
Brief purpose of API: Grant full access to raw sockets to allow applications such as SMTP clients etc
General Use Cases: None
Inherent threats: Malicious apps attacking internal systems (firewall bypass), local device access
Threat severity: High
Regular web content (unauthenticated)
Use cases for unauthenticated code: None
Authorization model for normal content: None
Authorization model for installed content: None
Potential mitigations:N/A
Privileged (approved by app store)
Use cases: Talk to non-HTTP services. SSH, FTP, mail clients, supporting custom protocols
Authorization model: Implicit
Potential mitigations:
- Firewall should prohibit access to privileged low number OS ports (<1024).
- Listening on a port < 1024 should be prohibited.
- Specify hosts/ports in the manifest, permissions granted implicitly. user can modify permissions?
Certified (system-critical apps)
- Use cases: Open a connection to any domain/port
- Authorization model: Implicit
- Potential mitigations: specify hosts/ports in the manifest, permissions granted implicitly and not able to be revoked (unless device is in developer mode)