Closed Bug 1517607 Opened 1 year ago Closed 1 year ago

Security Review for Firebase SDK

Categories

(Firefox for Android :: General, enhancement)

Product:
Firefox for Android
Component:
General
Version:
Firefox 66
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX
Milestone:
Firefox 66
Tracking Flags:
Tracking Status
firefox65 --- unaffected
firefox66 --- affected

People

(Reporter: sdaswani, Assigned: sdaswani)

Details

We have to integrate the open source Firebase into SDK to support FCM push notifications: https://bugzilla.mozilla.org/show_bug.cgi?id=1510730

Does the security team want / need to review the SDK?
Security reviews don't need to be confidential. If issues are found then the individual bugs can be flagged as such.
Group: firefox-core-security

Susheel, can you cc me into bug 1510730? Thanks.

Flags: needinfo?(sdaswani)

done.

Flags: needinfo?(sdaswani)

Dan, Wennie mentioned I could n-i to you for security review, at least until there is some more formal process.

Flags: needinfo?(dveditz)

(In reply to Liz Henry (:lizzard) (use needinfo) from comment #4)

Dan, Wennie mentioned I could n-i to you for security review, at least until there is some more formal process.

There is a process: much like the original pi-request mail-based process but to a different address (which I'm leaving out of this bug to minimize getting on spam lists). I've sent mail to get this request into the queue.

Flags: needinfo?(dveditz)

Please hold off on this until I have more clarity on whether we indeed Firebase.

Assignee: nobody → sdaswani
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.