Security review of chrome registration interface

RESOLVED INVALID

Status

P3
normal
RESOLVED INVALID
20 years ago
9 years ago

People

(Reporter: norrisboyd, Assigned: hjtoi-bugzilla)

Tracking

Trunk
All
Windows NT
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:investigation])

(Reporter)

Description

20 years ago
Entering all security bugs and tasks for SeaMonkey into Buzilla for schedule
tracking.
(Reporter)

Updated

20 years ago
Depends on: 7256
Summary: Security review of chrome registration interface → Security review of chrome registration interface
(Reporter)

Updated

20 years ago
Blocks: 7252
(Reporter)

Updated

20 years ago
Target Milestone: M8
(Reporter)

Updated

20 years ago
Status: NEW → ASSIGNED

Updated

19 years ago
Target Milestone: M8 → M9

Comment 1

19 years ago
has the review been completed during m8?  rolling this tracking bug over to m9
(Reporter)

Updated

19 years ago
Depends on: 9682
(Reporter)

Updated

19 years ago
Target Milestone: M9 → M11
(Reporter)

Comment 2

19 years ago
Depends on 9682, which is M11.
(Reporter)

Updated

19 years ago
Target Milestone: M11 → M12
(Reporter)

Updated

19 years ago
Target Milestone: M12 → M14
(Reporter)

Updated

19 years ago
Summary: Security review of chrome registration interface → [Feature] Security review of chrome registration interface
Target Milestone: M14 → M15
(Reporter)

Comment 3

19 years ago
Push security review tasks off until M16.
Target Milestone: M15 → M16

Comment 4

19 years ago
Bulk moving all Browser Security bugs to new Security: General component.  The 
previous Security component for Browser will be deleted.
Component: Security → Security: General

Comment 5

19 years ago
Adding 'skins' keyword to selected chrome bugs.  Please add any omissions.  
Sorry for any mistakes...
Keywords: skins

Updated

19 years ago
Blocks: 29160

Comment 6

19 years ago
Mass-adding beta2 keyword to all skins bugs.
Keywords: beta2
(Reporter)

Updated

19 years ago
Summary: [Feature] Security review of chrome registration interface → Security review of chrome registration interface
Target Milestone: M16 → M17

Comment 7

19 years ago
Changing Qa contact to myself.
QA Contact: dshea → junruh

Updated

19 years ago
Keywords: nsbeta2
(Reporter)

Updated

19 years ago
Keywords: beta2
Whiteboard: No review planned until feature is complete (post-nsbeta2)
Bulk reassigning most of norris's bugs to mstoltz.
Assignee: norris → mstoltz
Status: ASSIGNED → NEW
David,
   Norris suggested I assign this one to you...could you take a look, or else
pass it on?
Assignee: mstoltz → hyatt
cc'ing myself.

Comment 11

19 years ago
Changing (post-nsbeta2) in Summary to read (post-PR2) so my "nsbeta2 in keyword 
with no nsbeta2 in Summary" query will pick this bug up for PDT review.
Whiteboard: No review planned until feature is complete (post-nsbeta2) → No review planned until feature is complete (post-PR2)

Comment 12

19 years ago
[nsbeta2-]
Whiteboard: No review planned until feature is complete (post-PR2) → [nsbeta2-] No review planned until feature is complete (post-PR2)

Comment 13

19 years ago
Changed QA contact to Cathy.
QA Contact: junruh → czhang

Comment 14

19 years ago
Mass-moving all nsbeta2- bugs to M20
Target Milestone: M17 → M20

Comment 15

19 years ago
This was never Hyatt's bug.  My understanding is that the chrome registry
already exists.  What is missing that needs security review?

Putting back on nsbeta2 radar, this review seems essential for skins to be safe.
Assignee: hyatt → mstoltz
Whiteboard: [nsbeta2-] No review planned until feature is complete (post-PR2) → No review planned until feature is complete
Target Milestone: M20 → ---

Comment 16

19 years ago
Putting on [nsbeta2-] radar.  
Whiteboard: No review planned until feature is complete → [nsbeta2-] No review planned until feature is complete
Assignee: mstoltz → ben
Component: Security: General → Skinability
QA Contact: czhang → szhu
Whiteboard: [nsbeta2-] No review planned until feature is complete
Target Milestone: --- → M17
I'm reassigning this to Skinability so that it will catch the eye of someone who 
knows this code. I'm happy to help with a security review but I need help from 
someone who knows/owns this code. Can we set up a meeting time to do this review?
Removed NSBeta2- to trigger re-evaluation. I assume skins are nearing completion, 
and we should have a security review before beta2 is released.

Comment 19

18 years ago
This is a bug for a review mtg.  Not a blocker.  Putting on [nsbeta2-] radar.
Whiteboard: [nsbeta2-]

Comment 20

18 years ago
*spam* changing QA to me for all skinability bugs (all 4 of them!)
QA Contact: szhu → BlakeR1234

Updated

18 years ago
Whiteboard: [nsbeta2-] → [nsbeta2-] [b3nav+]

Comment 21

18 years ago
Yes, we need to review this for beta 3.  Ben, make sure we're following German's 
spec here.
Priority: P3 → P1
Whiteboard: [nsbeta2-] [b3nav+] → [nsbeta2-][b3nav+]
Target Milestone: M17 → M20

Comment 22

18 years ago
nav triage team: changing [b3nav+] bugs to [nsbeta3+].
Whiteboard: [nsbeta2-][b3nav+] → [nsbeta2-][nsbeta3+]
what is required here? I'm only responsible for XUL/CSS stuff. this doesn't 
sound like my bug. 
I want to hold a brainstorming session on chrome/xul/css security this week. Ben, 
this includes you.
ok, let me know when, preferably a day in advance as I don't often get in early 
;) 
Status: NEW → ASSIGNED
Adding nsbeta3 keyword to bugs which already have nsbeta3 status markings so 
the queries don't get all screwed up.
Keywords: nsbeta3
mitch, I don't want this on my radar if I don't know what's going on. Tell me 
what you want me to do or I'll close it :P 
Priority: P1 → P4
I'll take this back. I've spoken to Hyatt a bit and he's calmed my fears a bit, 
although a meeting might still be a good idea, when I have the time. Clearing the 
+ for now.
Assignee: ben → mstoltz
Status: ASSIGNED → NEW
Keywords: nsbeta2
Whiteboard: [nsbeta2-][nsbeta3+]

Comment 29

18 years ago
jar suggested that mstoltz take this and if you run into any security fears, 
create a new bug and nominate nsbeta3.
Removing nsbeta3 as this is a 'tracking" bug
Status: NEW → ASSIGNED
Keywords: nsbeta3
nsbeta3. It would be nice to bring this up at an architecture meeting, maybe.
Keywords: nsbeta3
Priority: P4 → P3

Comment 32

18 years ago
Unless you guys want me to dial in and listen to your meeting (I'll also accept 
it if you pay to fly me to CA), I'm not sure how I'll verify that you guys had 
a meeting about this.  So, setting QA to mstoltz.
QA Contact: blakeross → mstoltz
Marking security reviews as rtm.
Keywords: rtm
Removing nsbeta3 to make queries clearer.
Keywords: nsbeta3

Comment 35

18 years ago
Mitch, on 8/16 you said your fears were calmed a bit by talking to Hyatt.  Is
there anything left to really do for this bug?  Do you still need a skins person
to help do a review?
Whiteboard: [need info]
Yes. Mybe not for rtm, but soon.

Comment 37

18 years ago
PDT marking [rtm-] for this to-do item. If any serious bugs crop up as a result
of this review, please nominate them separately.
Whiteboard: [need info] → [rtm-]

Updated

18 years ago
Keywords: skins
Mass adding mozilla0.9 keyword (mass changing milestone doesn't seem to work).
Keywords: mozilla0.9
Mass changing milestone to Moz1.0 - stuff targeted for late spring/early summer.
Target Milestone: --- → mozilla1.0

Comment 40

17 years ago
Bugs targeted at mozilla1.0 without the mozilla1.0 keyword moved to mozilla1.0.1 
(you can query for this string to delete spam or retrieve the list of bugs I've 
moved)
Target Milestone: mozilla1.0 → mozilla1.0.1

Comment 41

17 years ago
don't move bugs that are in the 1.0 dependency tree. sorry.
Target Milestone: mozilla1.0.1 → mozilla1.0

Comment 42

17 years ago
Moving Netscape owned 0.9.9 and 1.0 bugs that don't have an nsbeta1, nsbeta1+,
topembed, topembed+, Mozilla0.9.9+ or Mozilla1.0+ keyword.  Please send any
questions or feedback about this to adt@netscape.com.  You can search for
"Moving bugs not scheduled for a project" to quickly delete this bugmail.
Target Milestone: mozilla1.0 → mozilla1.2
Target Milestone: mozilla1.2alpha → mozilla1.2beta
Clearing milestone for now.
Target Milestone: mozilla1.2beta → ---
Might still be something to look for here; if we do any more security reviews.
Assignee: mstoltz → heikki
Status: ASSIGNED → NEW
Whiteboard: [rtm-] → [sg:investigation]
Product: Core → Core Graveyard

Updated

9 years ago
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.