[Bug 25809] New: Security issue we should identify from bugzilla@jessica.w3.org on 2014-05-19 (public-media-capture@w3.org from May 2014)

From: <bugzilla@jessica.w3.org>
Date: Mon, 19 May 2014 18:20:59 +0000
To: public-media-capture@w3.org
Message-ID: <bug-25809-5753@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25809

            Bug ID: 25809
           Summary: Security issue we should identify
           Product: WebRTC Working Group
           Version: unspecified
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Media Capture and Streams
          Assignee: public-media-capture@w3.org
          Reporter: fluffy@cisco.com
                CC: public-media-capture@w3.org

The security section should warn people about the risk of having a website that
took URL like www.example.com?call=evil or www.example.com?call=+1900-PAY-FLUF.
If  the site automatically makes that call if example.com had permission, then
an advertisement network can display an add that redirects you to this and the
users camera will sending stuff and sending it to an attacker.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

Received on Monday, 19 May 2014 18:21:00 UTC