Security review for Firefox Garden landing page


Security Assurance: Applications
7 years ago
7 years ago


(Reporter: malexis, Unassigned)






7 years ago
1. A quick intro to what this app does.

A one page website showcasing video and photo content from the Firefox Vertical Garden

2. Where is the source code located?

TBD. Currently in design phase. Code will be checked in to SVN repo.

3. Is there a stage server running that we can also test against? If so, please indicate what machine the web server is running on.

This will be staged on servers.

4. Where would you like the bugs filed in bugzilla? Please specify the product, component and if anyone specific should be copied on the bugs.

Product: Websites

mike alexis
tara shahian
stephen donner
craig cook

5. Please describe if this app will be connecting to any internal or external services or if it is able to interact with the OS.

It will not.

6. Does this app support logins or multiple roles? If so, we'll need test accounts created for each available role.

No login.

7. What is the worst case scenario that could happen with this system, data or connected systems? (This is used to help understand the criticality of this server.)

No major risks or injection points specific to the page. Just regular XSS and CSRF stuff. We're not collecting user data. No login.  

8. Does this website contain an administration page? If so, have the admin page blockers all been addressed?

Not sure if this will be a WordPres site and contain an admin page. Most likely it will be regular PHP page and media/content will checked in through SVN.

9. This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?

Targeting to have page code complete and ready for security review on 5/23
Whiteboard: [pending secreview][review start 5/23]
Whiteboard: [pending secreview][review start 5/23] → [pending secreview][review start 5/23][pending code]
Assignee: infrasec → rforbes
is this page coded up and ready for review?

Comment 2

7 years ago
The schedule has been pushed out. I'll update you with exact timeline. Currently the page isn't coded and ready.

Comment 3

7 years ago
We don't have an exact delivery date yet, but we're looking at roughly 3 weeks until the page will be ready for security review. I'll update as I get more info.
QA Contact: chris → mcoates

Comment 4

7 years ago
Sorry for the belated update: Long story short, we're no longer pursuing the "durable" path on this project... which means we're not creating the vertical garden in real life and additional assets that would roll into this landing page.  Instead we're focusing on a great video (which was the original goal).  

Closing as wontfix.  Appreciate your help/input/time on this thus far.
Last Resolved: 7 years ago
Resolution: --- → WONTFIX
Assignee: rforbes → infrasec
Whiteboard: [pending secreview][review start 5/23][pending code]
You need to log in before you can comment on or make changes to this bug.