SecReview: navigator.mozPay



6 years ago
6 years ago


(Reporter: curtisk, Assigned: rforbes)



(Whiteboard: [pending secreview][start mm/dd/yyyy][target mm/dd/yyyy])

SecReview tracking bug
A new feature is being added to the client for B2G.  This feature will facilitate payments of applications and in-app purchases for the B2G device in Brazil. 

This will require several steps so a sectracker page for activities has been setup:

We should also gather the standard info:
1) Who is/are the point of contact(s) for this review?
2) Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.):
3) Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description:
4) Does this request block another bug? If so, please indicate the bug number
5) This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?
6) To help prioritize this work request, does this project support a goal specifically listed on this quarter's goal list?  If so, which goal?
7) Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.)
7a) Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users?
7b) Are there any portions of the project that interact with 3rd party services?
7c) Will your application/service collect user data? If so, please describe
8) If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size):
9) Desired Date of review (if known from and whom to invite.
I sent email on this but I am going to document it here as well.

We need to get moving on this as it appears timelines are short. Who can help me get these questions answer and the right people in a meeting with the security team for an hour next week to go over this?

Available times/Dates:
Thu 10AM PDT
Fri 10AM PDT
Curtis, thurs 10am is my least favorite, but this review is very high priority, so pick the best time and I'll make it work.

Comment 3

6 years ago
Free Monday. Free Wed. Blocked Thu. Blocked Friday. Please send invite.
(In reply to Curtis Koenig [:curtisk] from comment #1)
> Available times/Dates:
> Mon 1PM PDT
> Wed 1PM PDT
> Thu 10AM PDT
> Fri 10AM PDT
Any of the times/dates work for me.

[+CC Antonio Amaya, from TEF security team]
Depends on: 776417
Depends on: 776419
Depends on: 776420
Summary: SecReview: → SecReview: navigator.mozPay

Comment 7

6 years ago
David Chan and I did this while I was in Mountain View.  This is complete.
Last Resolved: 6 years ago
Resolution: --- → FIXED
@Raymond: can you link to the results of the Security Review?
(In reply to Caitlin Galimidi from comment #8)
> @Raymond: can you link to the results of the Security Review? <--- Is that what you are looking for?

Comment 10

6 years ago
dchan and i did a security code review on the code, but didn't find any issues so we didn't really have anything written up.
You need to log in before you can comment on or make changes to this bug.