Closed Bug 1137943 Opened 9 years ago Closed 8 years ago

Review Shumway's sandboxes


(Firefox Graveyard :: Shumway, defect)

Not set


(Not tracked)



(Reporter: till, Assigned: yury)



Shumway has three different layers of sandboxing:

- An outermost sandbox that prevents content from getting direct access to chrome-privileged code.
- An inner one around the content script-executing part of Shumway that prevents content from directly accessing the Shumway instance's iframe.
- An implementation of Flash's SecurityDomains for controlling access between SWFs from different domains loaded into the same player instance.

These sandboxes are in very different shapes: the outermost is ready for review right now, the inner one needs some work on our part (mostly bug 1137942, but also some cleanup of how the communication works) to ease verification but largely works, while the SecurityDomains implementation isn't finished at all.

I'll file blocking bugs for verifying the three different sandboxes next.

We should probably do a kick-off meeting to go over the general strokes as a first step.
Depends on: 1137947
Depends on: 1137950
Depends on: 1137953
Depends on: 1138055
As long as the outer sandbox is verified and we only load stuff from domains that crossdomain.xml allows, this doesn't block enabling on Nightly.
Blocks: shumway-m4
No longer blocks: shumway-m3
Yury needs to confirm he has addressed bholley's initial review feedback (before asking bholley for a final review).
Assignee: nobody → ydelendik
Product: Firefox → Firefox Graveyard
Closed: 8 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.