TL;DR - We need to do a better job on input validation. We need to be very careful with postMessage() messages. Highly recommended to pull the dialer out of of the communications app to limit its attack surface and complexity. This was a relatively big one. I have looked at all code and I have an ok feeling about it.
Review: https://wiki.mozilla.org/Security/Reviews/Gaia/Dialer Bugs: https://bugzilla.mozilla.org/showdependencytree.cgi?id=754741&hide_resolved=0 Please give feedback. Specially if you can think about attacks or vulnerabilities. S. _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
