Closed Bug 751026 Opened 10 years ago Closed 8 years ago

[Security Review] Review Mozapp iframe

Categories

(mozilla.org :: Security Assurance, task, P2)

x86
macOS

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: pauljt, Assigned: dchanm+bugzilla)

References

()

Details

(Whiteboard: [completed secreview][start 06/27/2013][target 06/27/2013][score:100])

This may be a dupe of 750996 but basically this is B2G's implementation of the Open Web Apps api.
Assignee: nobody → ptheriault
Status: NEW → ASSIGNED
Priority: -- → P1
Repurposing this bug to specifically review mozapp.
Summary: [Security Review] B2G In-Gecko MozApps support → [Security Review] Review Mozapp iframe
Priority: P1 → P2
Assignee: ptheriault → dchan+bugzilla
I finished the write up here
https://wiki.mozilla.org/Security/Reviews/B2G/mozapp

Closing off this review. So this should be really high since changes how Firefox deals with principals. However this review is more of a documentation of how things work from speaking with Paul. Perhaps there is another bug that should have the high score vs this one. There are tests for principals already at
http://mxr.mozilla.org/mozilla-central/source/caps/tests/mochitest/

The code landed a long time ago. The primary test is whether origins are properly segregated which is partially validated in permissions tests.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Whiteboard: [pending secreview][start mm/dd/yyyy][target mm/dd/yyyy] → [completed secreview][start 06/27/2013][target 06/27/2013][score:100]
You need to log in before you can comment on or make changes to this bug.