Closed Bug 1524900 Opened 2 years ago Closed 10 months ago

Security testing of Normandy Local actions

Categories

(Firefox Graveyard :: Security: Review Requests, task)

Product:
Firefox Graveyard
Component:
Security: Review Requests
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX
Milestone:
Firefox 66

People

(Reporter: pauljt, Unassigned)

References

Details

Normandy is shifting to a model where recipe actions are baked into Firefox, rather than js code being downloaded remotely (See 1436129, and the bugs which depend on it). With the code being baked into Firefox we are removing the sandboxing code added which was to protect against dangerous JS. The purpose of this bug is to do a detailed review and testing of the local action architecture to understand the security properties of the local action model, and check for security issues in the implementation .

Type: enhancement → task

Picking this up, main task is to review the local actions I think.See https://searchfox.org/mozilla-central/source/toolkit/components/normandy/actions

Assignee: nobody → ptheriault
Assignee: ptheriault → nobody

Closing outdated, unassigned review requests for a non-existent team.

Status: NEW → RESOLVED
Closed: 10 months ago
Resolution: --- → WONTFIX
Product: Firefox → Firefox Graveyard
You need to log in before you can comment on or make changes to this bug.