Specifically, we use static analysis to study capability leaks in Jetpack modules and addons.
In this paper, we study the extent to which the Jetpack framework achieves its goals. Its modular structure also facilitates code reuse across addons. The overall goal of the Jetpack framework is to ensure that the effects of any vulnerabilities are contained within a module. Jetpack also recommends that each module satisfy the principle of least authority (POLA). Modules are isolated from each other, and communicate with other modules via cleanly-defined interfaces. Motivated primarily by the need to improve how scriptable extensions (also called addons in Firefox parlance) are developed, the Jetpack framework structures addons as a collection of modules. The Jetpack framework is Mozilla’s newly-introduced extension development technology.
0 kommentar(er)
