The social sharing library is now code complete and we would like to proceed with the security review. The demo and code can be found here: https://bugzilla.mozilla.org/show_bug.cgi?id=723761#c50 Who is/are the point of contact(s) for this review? Chris More Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.): Be able to use Facebook, Twitter, and Google+ social sharing widgets without exposing user data until a user action (click). Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description: More info: https://bugzilla.mozilla.org/show_bug.cgi?id=701759 Does this request block another bug? If so, please indicate the bug number No This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review? No extremely urgent as we will release it on some websites when it is ready. Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.) Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users? No Are there any portions of the project that interact with 3rd party services? Yes Will your application/service collect user data? If so, please describe Yes, data will move between the end user and one of the social websites if they are logged in. If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size): All good. Desired Date of review (if known from https://email@example.com/Security%20Review.html) and whom to invite.
Please proceed with the security review of the social sharing widget. Demo: http://people.mozilla.org/~pmclanahan/collusion/
Code here: https://github.com/mozilla/SocialShare/
I will continue some additional testing around this, but based on a review of the code and the demo page, it seems pretty good! Very happy to see this completed!
this appears to be resolved-fixed but not marked as so