Closed Bug 739474 Opened 10 years ago Closed 9 years ago

Security Review for Geolocation WebAPI Changes

Categories

(mozilla.org :: Security Assurance: Review Request, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: Arreth, Assigned: curtisk)

References

()

Details

(Whiteboard: [secreview complete][action items pending])

>Who is/are the point of contact(s) for this review?
Josh Dhaliwal (jdhaliwal@mozilla.com) and Doug Turner (dougt@mozilla.com)

>Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.):
Changes to the geolocation API specification, and implementation of these changes in the geolocation WebAPI.

>Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description:

1) http://arreth.wordpress.com/2012/03/14/ch-ch-ch-ch-changes-to-geolocation-api-specifcations-2-2/

2) http://arreth.wordpress.com/2012/03/13/proposed-changes-to-geolocation-api-specification/

>Does this request block another bug? If so, please indicate the bug number
The bug associated with this feature is bug 735863

>This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?
A security review would be necessary before the code can be pushed to moz-central. As for a specific date, :dougt would have a more concrete timeline for the project. Preferably this week I'm guessing.

>Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users?
The end users are somewhat affected by these changes, in that they must give permission to utilize geolocational features, but the the changes will mostly affect developers who plan to use Mozilla's geolocation WebAPI.

>Are there any portions of the project that interact with 3rd party services?
The changes would involve various 3rd party reverse geocoding services. These 3rd party services would differ depending on the platform that the code is running on (e.g. Google reverse geocoding services for Android).

>Will your application/service collect user data? If so, please describe
The code changes will involve collection (but not storage) of user data, so that we can collect the user's position from a geolocation provider in order to run a reverse geocoding service on that data.

>If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size):
:dougt can feel free to fill in any missing points from what I've said. If any other comments/information is needed, feel free to comment.

>Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite.
Desired Date: March 28th, 2012 (same time as :dougt's device proximity sec-review)

If this is not possible, please let us know and we can arrange another date.
Assignee: nobody → curtisk
Whiteboard: [pending secreview]
review sched for 28-Mar-2012
Blocks: 735863
Whiteboard: [review sched]
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Whiteboard: [review sched] → [secr:curtisk:action items]
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Status: REOPENED → ASSIGNED
Whiteboard: [secr:curtisk:action items] → [sec-assigned:curtisk:action items]
Whiteboard: [sec-assigned:curtisk:action items] → [in-progress secreview][action items]
Whiteboard: [in-progress secreview][action items] → [secreview complete][action items]
secreivew is done but has action items, as such this is resolved-fixed, when dependant bugs are cleared this can be resolved
Status: ASSIGNED → RESOLVED
Closed: 10 years ago9 years ago
Resolution: --- → FIXED
Whiteboard: [secreview complete][action items] → [secreview complete][action items pending]
You need to log in before you can comment on or make changes to this bug.