Closed Bug 741958 Opened 10 years ago Closed 9 years ago

[Security Review][Action Item]IM in Thunderbird - witter oauth / apiapi use

Categories

(mozilla.org :: Security Assurance, task)

x86
macOS
task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: curtisk, Assigned: pauljt)

References

()

Details

(Whiteboard: [start 04/18/2012][target 06/30/2012])

No description provided.
Whiteboard: [start 04/18/2012][target 04/25/2012]
:pauljt - where are we on this review, we had a target set back in Apr?
I was waiting on a response from the developer, which I received the end of april. Since Adam took over the thunderbird stuff I send him an email to see if he could take over this review, but not sure if he got that, and I forgot to chase it up.

I either do it, or hand over to adam by the end of the month.
Whiteboard: [start 04/18/2012][target 04/25/2012] → [start 04/18/2012][target 06/30/2012]
Note that this feature is planned to be preffed on in thunderbird 15. (which is aurora now, and beta July 17) 

Other relevant parts of the email:

Twitter is part of the IM-in-Thunderbird feature.
The relevant OAuth code is in this file
http://mxr.mozilla.org/comm-central/source/chat/protocols/twitter/twitter.js
starting around the line 370.
If you have done the security review of the BigFiles/FileLink feature,
you may already have reviewed some very similar OAuth code, as it's
actually a fork of the Twitter OAuth code.
Reviewed the linked code and I don't see any issues.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.