Paper Info
Title
An analysis of the mozilla jetpack extension framework
Abstract
The Jetpack framework is Mozilla's newly-introduced extension development technology. Motivated primarily by the need to improve how scriptable extensions (also called addons in Firefox parlance) are developed, the Jetpack framework structures addons as a collection of modules. Modules are isolated from each other, and communicate with other modules via cleanly-defined interfaces. Jetpack also recommends that each module satisfy the principle of least authority (POLA). The overall goal of the Jetpack framework is to ensure that the effects of any vulnerabilities are contained within a module. Its modular structure also facilitates code reuse across addons. In this paper, we study the extent to which the Jetpack framework achieves its goals. Specifically, we use static analysis to study capability leaks in Jetpack modules and addons. We implemented Beacon, a static analysis tool to identify the leaks and used it to analyze 77 core modules from the Jetpack framework and another 359 Jetpack addons. In total, Beacon analyzed over 600 Jetpack modules and detected 12 capability leaks in 4 core modules and another 24 capability leaks in 7 Jetpack addons. Beacon also detected 10 over-privileged core modules. We have shared the details with Mozilla who have acknowledged our findings.
Year
DOI
Venue
2012
10.1007/978-3-642-31057-7_16
ECOOP
Keywords
Field
DocType
core module,jetpack addons,mozilla jetpack extension framework,firefox parlance,capability leak,over-privileged core module,jetpack module,static analysis tool,jetpack framework,static analysis,jetpack framework structures addons
Programming language,Software engineering,Computer science,Static analysis,Real-time computing,Code reuse,Modular structure
Conference
Volume
ISSN
Citations 
7313
0302-9743
24
PageRank 
References 
Authors
0.95
14
4
Name
Order
Citations
PageRank
Rezwana Karim1654.68
Mohan Dhawan219211.15
Vinod Ganapathy371342.69
Chung-chieh Shan448533.27