Closed
Bug 748187
Opened 11 years ago
Closed 10 years ago
[Security Review]Browser API
Categories
(mozilla.org :: Security Assurance, task, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: pauljt, Assigned: pauljt)
References
()
Details
(Whiteboard: [pending secreview][start mm/dd/yyyy][target mm/dd/yyyy])
B2G contains a browser API so that a browser app can be developed (ie a browser written in HTML/JS/CSS). An API is needed to support this, and this bug is for tracking the security review of this API. See link for background
|
Assignee | |
Updated•11 years ago
|
Assignee: nobody → ptheriault
|
||
Updated•11 years ago
|
Status: NEW → ASSIGNED
Keywords: sec-review-needed
Whiteboard: [secr:ptheriault] → [pending secreview][start mm/dd/yyyy][target mm/dd/yyyy]
|
|
Assignee | |
Updated•11 years ago
|
Blocks: b2g-telephony
|
|
Assignee | |
Updated•11 years ago
|
Summary: Security Review for Browser API → Security Review for B2G Web Telephony
|
|
Assignee | |
Updated•11 years ago
|
Summary: Security Review for B2G Web Telephony → [Security Review]Browser API
|
||
Updated•11 years ago
|
No longer blocks: b2g-telephony
|
|
Assignee | |
Updated•11 years ago
|
Blocks: browser-api
|
|
Assignee | |
Comment 3•11 years ago
|
||
Background information for security review https://wiki.mozilla.org/Gaia/Browser https://wiki.mozilla.org/WebAPI/BrowserAPI
|
|
Assignee | |
Updated•11 years ago
|
Blocks: B2G-secreview
|
|
Assignee | |
Updated•11 years ago
|
Priority: -- → P1
|
|
Assignee | |
Comment 4•11 years ago
|
||
We need to revisit this review now that Browser API is more complete now, and that multi-process has landed (?).
|
||
Comment 5•11 years ago
|
||
(In reply to Paul Theriault [:pauljt] from comment #4) > We need to revisit this review now that Browser API is more complete now, > and that multi-process has landed (?). Please file a new bug. But honestly, I don't think a review is a particularly good use of time at this point. This API lets the embedder totally own the generated content, so it's going to be trusted- and certified-only. Given that this API will not be exposed to unreviewed content and no actionable items came out of the first review, and given the incredibly tight timeframe we're under, I think Dale, Ben, and my time would be better spent elsewhere. If you disagree, let's discuss this in the new security review bug.
|
|
Assignee | |
Comment 6•11 years ago
|
||
This was more a note to self (and david chan) - just trying to keep status of secreview bugs up to date. I don't imagine a formal review, just completing the one we already started now that browser API is closer to being finished (although I know there is a still a lot of work to do).
|
|
Assignee | |
Comment 7•10 years ago
|
||
(In reply to Justin Lebar [:jlebar] from comment #5) > (In reply to Paul Theriault [:pauljt] from comment #4) > > We need to revisit this review now that Browser API is more complete now, > > and that multi-process has landed (?). > > Please file a new bug. > > But honestly, I don't think a review is a particularly good use of time at > this point. This API lets the embedder totally own the generated content, > so it's going to be trusted- and certified-only. Given that this API will > not be exposed to unreviewed content and no actionable items came out of the > first review, and given the incredibly tight timeframe we're under, I think > Dale, Ben, and my time would be better spent elsewhere. > > If you disagree, let's discuss this in the new security review bug. Created a new security bug (bug 830225) to discuss risks of exposing this API to Privileged Apps, and closing thus closing this bug out.
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•