Please reply-to [email protected] Name of API: Socket API Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=733573
Brief purpose of API: Grant full access to raw sockets to allow applications such as SMTP clients etc General Use Cases: None Inherent threats:Malicious apps attacking internal systems (firewall bypass), local device access Threat severity: High == Regular web content (unauthenticated) == Use cases for unauthenticated code:None Authorization model for normal content: Authorization model for installed content: Potential mitigations: == Trusted (authenticated by publisher) == Use cases for authenticated code: Talk to non-HTTP services. SSH, FTP, mail clients, supporting custom protocols Use cases for trusted code: Implicit Potential mitigations: Firewall should prohibit access to privileged low number OS ports (<1024). Listening on a port < 1024 should be prohibited. == Certified (vouched for by trusted 3rd party) == Use cases for certified code: Open a connection to any domain/port Authorization model: Implicit Potential mitigations: None _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
