A First Look at Firefox OS Security

by   Daniel Defreez, et al.

With Firefox OS, Mozilla is making a serious push for an HTML5-based mobile platform. In order to assuage security concerns over providing hardware access to web applications, Mozilla has introduced a number of mechanisms that make the security landscape of Firefox OS distinct from both the desktop web and other mobile operating systems. From an application security perspective, the two most significant of these mechanisms are the the introduction of a default Content Security Policy and code review in the market. This paper describes how lightweight static analysis can augment these mechanisms to find vulnerabilities which have otherwise been missed. We provide examples of privileged applications in the market that contain vulnerabilities that can be automatically detected. In addition to these findings, we show some of the challenges that occur when desktop software is repurposed for a mobile operating system. In particular, we argue that the caching of certificate overrides across applications–a known problem in Firefox OS–generates a counter-intuitive user experience that detracts from the security of the system.



There are no comments yet.


page 1

page 2

page 3

page 4


Vulnerabilities Mapping based on OWASP-SANS: a Survey for Static Application Security Testing (SAST)

The delivery of a framework in place for secure application development ...

WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms

The complexity of browsers has steadily increased over the years, driven...

Security Smells in Android

The ubiquity of smartphones, and their very broad capabilities and usage...

On Security Measures for Containerized Applications Imaged with Docker

Linux containers have risen in popularity in the last few years, making ...

Análise de Segurança Baseada em Roles para Fábricas de Software

Most software factories contain applications with sensitive information ...

A Simple and Intuitive Algorithm for Preventing Directory Traversal Attacks

With web applications becoming a preferred method of presenting graphica...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.