Closed Bug 723596 Opened 13 years ago Closed 13 years ago

Perform Security Review for Snippets Impressions

Categories

(mozilla.org :: Security Assurance: Review Request, task)

Product:
mozilla.org
Component:
Security Assurance: Review Request
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: bensternthal, Assigned: ygjb)

References

(
URL
)

Details

(Whiteboard: [completed secreview])

Marketing and Metrics are interested in collecting the impressions pertaining to certain about:home snippets. The current plan is to collect 1% of certain campaigns by sending an AJAX request to HTTP server. Right now it looks like we will be ready for security review in late feb or early march.
Please update this bug with the information requested at https://wiki.mozilla.org/WebAppSec/Security_Review_Request#Questions_to_Address_within_Request_Body when the information becomes available.
Keywords: sec-review-needed
Whiteboard: [pending secreview] → [pending secreview][secr:yvan]
QA Contact: mcoates → jstevensen
Component: Security Assurance: Applications → Security Assurance: Review Needed
Assignee: security-assurance → yboily
Status: NEW → ASSIGNED
Who is/are the point of contact(s) for this review? Ben Sternthal - TPM Michael Kelly - Primary Developer Winston Bowden - Project Stakeholder Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.): Marketing and Metrics are interested in collecting the impressions pertaining to certain about:home snippets. The current plan is to collect 1% of certain campaigns by sending an AJAX request to HTTP server. Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description: https://wiki.mozilla.org/Websites/Snippets/Impressions https://github.com/mozilla/snippets Does this request block another bug? If so, please indicate the bug number https://bugzilla.mozilla.org/show_bug.cgi?id=719090 This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review? We are hoping to get this reviewed April 16 - April 18. It is a very small amount of code. Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.) Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users? This feature is added to the snippets that are displayed in firefox about:home Are there any portions of the project that interact with 3rd party services? The log files that are generated are processed by pentaho. Will your application/service collect user data? If so, please describe This service collects non-identifying data in the form of log files. Please see for more info https://bugzilla.mozilla.org/show_bug.cgi?id=690881 Also you can look at the tracking bug 719090 for the bugs associated with this. If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size): Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite.
Yvan just wanted to check on status if this is complete.
Yvan, can you let me know if this is complete. Our launch is now delayed by privacy for an unknown period, so if you need additional time please let me know. I would like to get this one complete so the only thing we are waiting for / blocked by is privacy. As always... many thanks.
Is there a privacy review open on this item? I don't see one here https://wiki.mozilla.org/Privacy/Reviews
Here is the bug for privacy review: https://bugzilla.mozilla.org/show_bug.cgi?id=723589 We are in touch with Alina & David on this. I do not know how that privacy tracking wiki is populated or if this should/should not be on there.
Whiteboard: [pending secreview][secr:yvan] → [pending secreview]
Pinging on this, double checking this is complete and I can resolve bug.
Per our discussions in previous meetings, given that the service doesn't return any content to the browser or process data about the client, there are no significant security considerations.
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Keywords: sec-review-neededsec-review-complete
Whiteboard: [pending secreview] → [completed secreview]
Yvan, many thanks. I wanted to be sure on this one.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.