Closed
Bug 751026
Opened 13 years ago
Closed 12 years ago
[Security Review] Review Mozapp iframe
Categories
(mozilla.org :: Security Assurance, task, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: pauljt, Assigned: dchanm+bugzilla)
References
()
Details
(Whiteboard: [completed secreview][start 06/27/2013][target 06/27/2013][score:100])
This may be a dupe of 750996 but basically this is B2G's implementation of the Open Web Apps api.
|
||
Updated•13 years ago
|
Assignee: nobody → ptheriault
Status: NEW → ASSIGNED
|
Reporter | |
Updated•13 years ago
|
Blocks: B2G-secreview
|
|
Reporter | |
Updated•13 years ago
|
Priority: -- → P1
|
|
Reporter | |
Comment 1•13 years ago
|
||
Repurposing this bug to specifically review mozapp.
Summary: [Security Review] B2G In-Gecko MozApps support → [Security Review] Review Mozapp iframe
|
|
Reporter | |
Updated•12 years ago
|
Priority: P1 → P2
|
Assignee | |
Updated•12 years ago
|
Assignee: ptheriault → dchan+bugzilla
|
|
Assignee | |
Comment 2•12 years ago
|
||
I finished the write up here
https://wiki.mozilla.org/Security/Reviews/B2G/mozapp
Closing off this review. So this should be really high since changes how Firefox deals with principals. However this review is more of a documentation of how things work from speaking with Paul. Perhaps there is another bug that should have the high score vs this one. There are tests for principals already at
http://mxr.mozilla.org/mozilla-central/source/caps/tests/mochitest/
The code landed a long time ago. The primary test is whether origins are properly segregated which is partially validated in permissions tests.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Whiteboard: [pending secreview][start mm/dd/yyyy][target mm/dd/yyyy] → [completed secreview][start 06/27/2013][target 06/27/2013][score:100]
You need to log in
before you can comment on or make changes to this bug.
Description
•