Closed
Bug 723596
Opened 13 years ago
Closed 12 years ago
Perform Security Review for Snippets Impressions
Categories
(mozilla.org :: Security Assurance: Review Request, task)
mozilla.org
Security Assurance: Review Request
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: bensternthal, Assigned: ygjb)
References
()
Details
(Whiteboard: [completed secreview])
Marketing and Metrics are interested in collecting the impressions pertaining to certain about:home snippets. The current plan is to collect 1% of certain campaigns by sending an AJAX request to HTTP server. Right now it looks like we will be ready for security review in late feb or early march.
|
Assignee | |
Comment 1•13 years ago
|
||
Please update this bug with the information requested at https://wiki.mozilla.org/WebAppSec/Security_Review_Request#Questions_to_Address_within_Request_Body when the information becomes available.
|
|
Assignee | |
Updated•13 years ago
|
Keywords: sec-review-needed
Whiteboard: [pending secreview] → [pending secreview][secr:yvan]
|
||
Updated•13 years ago
|
QA Contact: mcoates → jstevensen
|
|
||
Updated•12 years ago
|
Component: Security Assurance: Applications → Security Assurance: Review Needed
|
|
||
Updated•12 years ago
|
Assignee: security-assurance → yboily
Status: NEW → ASSIGNED
|
Reporter | |
Comment 2•12 years ago
|
||
Who is/are the point of contact(s) for this review? Ben Sternthal - TPM Michael Kelly - Primary Developer Winston Bowden - Project Stakeholder Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.): Marketing and Metrics are interested in collecting the impressions pertaining to certain about:home snippets. The current plan is to collect 1% of certain campaigns by sending an AJAX request to HTTP server. Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description: https://wiki.mozilla.org/Websites/Snippets/Impressions https://github.com/mozilla/snippets Does this request block another bug? If so, please indicate the bug number https://bugzilla.mozilla.org/show_bug.cgi?id=719090 This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review? We are hoping to get this reviewed April 16 - April 18. It is a very small amount of code. Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.) Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users? This feature is added to the snippets that are displayed in firefox about:home Are there any portions of the project that interact with 3rd party services? The log files that are generated are processed by pentaho. Will your application/service collect user data? If so, please describe This service collects non-identifying data in the form of log files. Please see for more info https://bugzilla.mozilla.org/show_bug.cgi?id=690881 Also you can look at the tracking bug 719090 for the bugs associated with this. If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size): Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite.
|
|
Reporter | |
Comment 3•12 years ago
|
||
Yvan just wanted to check on status if this is complete.
|
|
Reporter | |
Comment 4•12 years ago
|
||
Yvan, can you let me know if this is complete. Our launch is now delayed by privacy for an unknown period, so if you need additional time please let me know. I would like to get this one complete so the only thing we are waiting for / blocked by is privacy. As always... many thanks.
Is there a privacy review open on this item? I don't see one here https://wiki.mozilla.org/Privacy/Reviews
|
|
Reporter | |
Comment 6•12 years ago
|
||
Here is the bug for privacy review: https://bugzilla.mozilla.org/show_bug.cgi?id=723589 We are in touch with Alina & David on this. I do not know how that privacy tracking wiki is populated or if this should/should not be on there.
|
|
||
Updated•12 years ago
|
Whiteboard: [pending secreview][secr:yvan] → [pending secreview]
|
|
Reporter | |
Comment 7•12 years ago
|
||
Pinging on this, double checking this is complete and I can resolve bug.
|
|
Assignee | |
Comment 8•12 years ago
|
||
Per our discussions in previous meetings, given that the service doesn't return any content to the browser or process data about the client, there are no significant security considerations.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Updated•12 years ago
|
Keywords: sec-review-needed → sec-review-complete
Whiteboard: [pending secreview] → [completed secreview]
|
|
Reporter | |
Comment 9•12 years ago
|
||
Yvan, many thanks. I wanted to be sure on this one.
|
||
Updated•12 years ago
|
Keywords: sec-review-complete
|
|
||
Updated•12 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•