WebAPI/Security/Contacts
From MozillaWiki
Contacts API
Brief purpose of API: Access to users contacts.
General Use Cases:N/A
Inherent threats:
- Read/exfiltrate confidential information,
- Destroy user's contact data
- DoS via filling address book with bogus data
Threat severity: High
References:
- https://wiki.mozilla.org/WebAPI/ContactsAPI
- https://groups.google.com/d/topic/mozilla.dev.webapps/hvG5PXsFyzw/discussion
Permissions Table
Type | Use Cases | Authorization Model | Notes & Other Controls |
---|---|---|---|
Web Content | None | No direct access (access via web activities) |
|
Installed Web Apps | None | No direct access (access via web activities) |
|
Privileged Web Apps | Create, read or edit contact information | Explicit |
|
Certified Web Apps | Create, read or edit contact information | Implicit |