Version | Date | Comment |
---|---|---|
v 2.0 | 2015-06-16 | Application Software Extended Package for Web Browsers |
v 1.0 | 2014-03-31 | Initial release - Protection Profile for Web Browsers |
1. Introduction
1.1. Overview
1.2. Terms
1.2.1. Common Criteria Terms
1.2.2. Technology Terms
1.3. Compliant Targets of Evaluation
1.4. Use Cases
3. Security Problem Description
3.1. Threats
4.1. Security Objectives for the TOE
5.1. Security Functional Requirements
5.1.1. User Data Protection (FDP)
5.1.2. Security Management (FMT)
5.1.3. Protection of the TSF (FPT)
Appendix A: Optional Requirements
Appendix B: Selection-Based Requirements
Appendix C: Objective Requirements
Appendix D: References
Appendix E: Acronyms
Note: JavaScript is not included in references to mobile code in this browser EP. | |
geolocation,
browser history,
browser preferences,
browser statistics
] is requested by a website.Management Function | Administrator | User |
Enable/disable storage of third party cookies | O | X |
Enable/disable use of OCSP for obtaining the revocation status of X.509 certificates | O | O |
Configure inclusion of user-agent information in HTTP headers | O | O |
Enable/disable ability for websites to collect tracking information about the user through [selection: zombie cookies, add-on based tracking (e.g. Flash cookies), browsing history, [assignment: other tracking mechanisms] ] | O | O |
Enable/disable deletion of stored browsing data (cache, web form information) | O | X |
Enable/disable storage of sensitive information (e.g., auto-fill, auto-complete) in persistent storage | O | O |
Configure size of cookie cache | O | O |
Configure size of cache | O | O |
Enable/disable interaction with Graphic Processing Units (GPUs) | O | O |
Configure the ability to advance to a web site with an invalid or unvalidated X.509 certificate | O | O |
Enable/disable establishment of a trusted channel if the browser cannot establish a connection to determine the validity of a certificate | O | O |
Configure the use of an application reputation service to detect malicious applications prior to download | O | O |
Configure the use of a URL reputation service to detect sites that contain malware or phishing content | O | O |
Enable/disable automatic installation of software updates and patches | O | O |
Enable/disable ability for websites to register protocol handlers | O | O |
Enable/disable display notification when unsigned, untrusted or unverified mobile code is encountered | O | O |
Enable/disable user's ability to select default actions upon download of a file (e.g., always open, or always save, a downloaded file) | O | O |
Enable/disable launching of downloaded files outside the browser | O | O |
Enable/disable JavaScript | O | O |
Enable/disable [selection: ActiveX, Flash, Java, [assignment: other mobile code types supported by the browser] ] mobile code | O | O |
Enable/disable support for add-ons | O | O |
Enable/disable individual add-ons | O | O |
Enable/disable HSTS mode | O | O |
ActiveX,
Flash,
Java,
ActionScript,
[assignment: other mobile code types supported by the browser] ,
no
] mobile code.ActiveX,
Flash,
Java,
ActionScript,
[assignment: other mobile code types supported by the browser]
] mobile code without executing it.Identifier | Title |
---|---|
[CC] |
|
[AppPP] |
Acronym | Meaning |
---|---|