Name of API: Vibration Reference: http://dev.w3.org/2009/dap/vibration/
Brief purpose of API: Let content activate the vibration motor Inherent threats: Obnoxious if mis-used, consume extra battery Threat severity: low == Regular web content (unauthenticated) == Use cases for unauthenticated code: Vibrate when hit in a game Authorization model for uninstalled web content: Explicit Authorization model for installed web content: Implicit Potential mitigations: Limit how long vibrations can run == Trusted (authenticated by publisher) == Use cases for authenticated code:[Same] Authorization model: Implicit Potential mitigations: == Certified (vouched for by trusted 3rd party) == Use cases for certified code: Authorization model: implicit Potential mitigations: Notes: This API may be implicitly granted. User can deny from Permission Manager to over-ride an abusive app. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
