All users were logged out of Bugzilla on October 13th, 2018

[Security Review][Action Item]IM in Thunderbird - witter oauth / apiapi use

RESOLVED FIXED

Status

RESOLVED FIXED
7 years ago
6 years ago

People

(Reporter: curtisk, Assigned: pauljt)

Tracking

Details

(Whiteboard: [start 04/18/2012][target 06/30/2012], URL)

Comment hidden (empty)
(Assignee)

Updated

7 years ago
Whiteboard: [start 04/18/2012][target 04/25/2012]
:pauljt - where are we on this review, we had a target set back in Apr?
(Assignee)

Comment 2

6 years ago
I was waiting on a response from the developer, which I received the end of april. Since Adam took over the thunderbird stuff I send him an email to see if he could take over this review, but not sure if he got that, and I forgot to chase it up.

I either do it, or hand over to adam by the end of the month.
Whiteboard: [start 04/18/2012][target 04/25/2012] → [start 04/18/2012][target 06/30/2012]
(Assignee)

Comment 3

6 years ago
Note that this feature is planned to be preffed on in thunderbird 15. (which is aurora now, and beta July 17) 

Other relevant parts of the email:

Twitter is part of the IM-in-Thunderbird feature.
The relevant OAuth code is in this file
http://mxr.mozilla.org/comm-central/source/chat/protocols/twitter/twitter.js
starting around the line 370.
If you have done the security review of the BigFiles/FileLink feature,
you may already have reviewed some very similar OAuth code, as it's
actually a fork of the Twitter OAuth code.
(Assignee)

Comment 4

6 years ago
Reviewed the linked code and I don't see any issues.
(Assignee)

Updated

6 years ago
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.