Closed
Bug 850609
Opened 12 years ago
Closed 12 years ago
accessing navigator.mozWifiManager kills applications instead of raising an exception
Categories
(Firefox OS Graveyard :: General, defect)
Firefox OS Graveyard
General
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 815110
People
(Reporter: freddy, Unassigned)
Details
(Keywords: csectype-dos, sec-low)
I am hosting this special app which helps me infer/test the current permissions despite what the manifest says. This is rather helpful for security testing. It's available on http://freddyb.github.com/allperms/ (demo) or http://github.com/freddyb/allperms/ (code).
The app tries to access certain APIs and catches the Security Errors to see which calls fail and which ones go through.
I noticed that testing wifi is a bit problematic, since there is no navigator.mozWifiManager property if you have no wifi. So this only works on my unagi device:
Whenever I access navigator.mozWifiManager my application gets killed.
adb logcat says:
I/Gecko ( 1233): Security problem: Content process does not have `wifi-manage'. It will be killed.
Reproduce:
1) Visit http://freddyb.github.com/allperms/
2) Click on tests
3) scroll down to wifi, click the text
4) "Well, this is embarrassing."
OR
If you're running some kind of test build, it comes with a JS shell. Open it and enter navigator.mozWifiManager. The shell will be killed
I suppose this is a low risk DoS but I will mark it as a security problem just to be sure.
Reporter | ||
Comment 1•12 years ago
|
||
Expected behaviour: throw SecurityError instead
Updated•12 years ago
|
Component: Gaia → General
Updated•12 years ago
|
Reporter | ||
Updated•12 years ago
|
blocking-b2g: --- → leo?
tracking-b2g18:
--- → ?
Updated•12 years ago
|
tracking-b2g18:
? → ---
Reporter | ||
Comment 2•12 years ago
|
||
Looks like paul already filed this
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Updated•12 years ago
|
blocking-b2g: leo? → ---
Updated•9 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•