MozillaWiki

Security/Reviews/Shumway

< Security‎ | Reviews
Please use "Edit with form" above to edit this page.

Item Reviewed

Shumway SWF Player
Target 
   
     Full Query
ID Summary Priority Status
780311 Security Review - Shumway SWF Runtime -- RESOLVED

1 Total; 0 Open (0%); 1 Resolved (100%); 0 Verified (0%);

{{#set:SecReview name=Shumway SWF Player

|SecReview target=

Full Query
ID Summary Priority Status
780311 Security Review - Shumway SWF Runtime -- RESOLVED

1 Total; 0 Open (0%); 1 Resolved (100%); 0 Verified (0%);

}}

Introduce the Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

  • The Shumway engine allows flash content to be rendered
  • currently in a work week with 2 goals to implement
    • video play for h264 video, aac audio, flv container
    • mobile game

What solutions/approaches were considered other than the proposed solution?

`

Why was this solution chosen?

  • avoid current issues with other players

Any security threats already considered in the design and why?

`

Threat Brainstorming

  • use firefox security model over flash security model
    • this is what they are working towards
    • the issue here is that we need to remain consistent with the flash player security model
    • or explicitly decide that we are going to violate the security assumptions of the author of the SWF
  • we will want to look into how CheckLoadURI interacts with shumway
    • Current plugins (incl. Flash) try most of their normal web loads through the browser (NPAPI) to take advantage of proxy settings, etc.
    • ALL of those calls ARE checked against nsIContentPolicy using the load type TYPE_OBJECT_SUBREQUEST
  • SWF is loaded via rsrc://
  • only API's exposed right now are drawing API's - other API's will throw errors

{{#set: SecReview feature goal=* The Shumway engine allows flash content to be rendered

  • currently in a work week with 2 goals to implement
    • video play for h264 video, aac audio, flv container
    • mobile game

|SecReview alt solutions=' |SecReview solution chosen=* avoid current issues with other players |SecReview threats considered=' |SecReview threat brainstorming=* use firefox security model over flash security model

    • this is what they are working towards
    • the issue here is that we need to remain consistent with the flash player security model
    • or explicitly decide that we are going to violate the security assumptions of the author of the SWF
  • we will want to look into how CheckLoadURI interacts with shumway
    • Current plugins (incl. Flash) try most of their normal web loads through the browser (NPAPI) to take advantage of proxy settings, etc.
    • ALL of those calls ARE checked against nsIContentPolicy using the load type TYPE_OBJECT_SUBREQUEST
  • SWF is loaded via rsrc://
  • only API's exposed right now are drawing API's - other API's will throw errors

}}

Action Items

Action Item Status None
Release Target `
Action Items
'

{{#set:|SecReview action item status=None

|Feature version=` |SecReview action items=` }}

Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Reviews/Shumway&oldid=474213"