Proceedings of the 26th European Conference on Object-Oriented Programming (ECOOP 2012). Published as Volume 7313 of Lecture Notes in Computer Science (LNCS), pages 333-355; Beijing, China; June 11-16, 2012.
The Jetpack framework is Mozilla's newly-introduced extension development technology. Motivated primarily by the need to improve how scriptable extensions (also called add-ons in Firefox parlance) are developed, the Jetpack framework structures add-ons as a collection of modules. Modules are isolated from each other, and communicate with other modules via cleanly-defined interfaces. Jetpack also recommends that each module satisfy the principle of least authority (POLA). The overall goal of the Jetpack framework is to ensure that the effects of any vulnerabilities are contained within a module. Its modular structure also facilitates code reuse across add-ons.
In this paper, we study the extent to which the Jetpack framework achieves its goals. Specifically, we use static analysis to study capability leaks in Jetpack modules and add-ons, i.e., cases where code violates modularity by leaking a pointer to a privileged resource to another module. We implemented Beacon, a static analysis tool to identify the leaks and used it to analyze 77 core modules from the Jetpack framework and another 359 Jetpack add-ons. In total, Beacon analyzed over 600 Jetpack modules and detected 12 capability leaks in 4 core modules and another 24 capability leaks in 7 Jetpack add-ons. Beacon also detected 10 over-privileged core modules. We have shared the details with Mozilla who have acknowledged our findings.
Slides: [ Powerpoint ]
DOI: [ 10.1007/978-3-642-31057-7_16 ]