Closed
Bug 862204
Opened 11 years ago
Closed 10 years ago
Security Review: In-product about:support API
Categories
(mozilla.org :: Security Assurance: Review Request, task)
mozilla.org
Security Assurance: Review Request
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: Matt_G, Assigned: dchanm+bugzilla)
References
(Blocks 1 open bug)
Details
(Whiteboard: [pending secreview][start YYYY-MM-DD][target YYYY-MM-DD][Fx])
Initial Questions: Project/Feature Name: In-product about:support API Tracking ID:https://bugzilla.mozilla.org/show_bug.cgi?id=732527 Description: Looking to get the ball rolling on a privacy review for getting the about:support API baked into the browser. We've been experimenting with this on the SUMO forums using an addon and the results have been amazing. This allows us (with the user's permission of course) to automagically pull the about:support information so they don't have to provide it manually. This helps us to better understand the user's issue and ultimately to help resolve the issue faster. It also provides us with more data for investigating issues. We can make correlations between types of issues and information provided in about:support. The next phase of this plan is to implement this feature permanently in the product. We would then use a whitelist to restrict access to the data. That way we can use this data on the SUMO forums, Input, and any other sites that may benefit from this info. Additional Information: Urgency: 2-4 weeks Key Initiative: Firefox Desktop Release Date: Project Status: development Mozilla Data: Yes New or Change: New Mozilla Project: General Mozilla Related: Separate Party: Security Review Questions: Affects Products: Yes Review Due Date: Review Invitees: Extra Information: We would like to use a whitelist to prevent other sites from trying to access this data.
Reporter | ||
Updated•11 years ago
|
Flags: sec-review?
unhiding & marking for triage
Group: mozilla-corporation-confidential
Whiteboard: [triage needed]
this mostly needs an implementation review just to check for security issues that may arise
Assignee: nobody → dchan+bugzilla
Flags: sec-review?
Updated•11 years ago
|
Whiteboard: [triage needed] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd]
Updated•11 years ago
|
Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][Fx]
Assignee | ||
Comment 3•11 years ago
|
||
Matt: I'm guessing that this bug is for a review of the code for bug 554174? If so I can finish this up by end of week.
Flags: needinfo?(mgrimes)
Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][Fx] → [pending secreview][start 2013-06-04][target 2013-06-07][Fx]
Reporter | ||
Comment 4•11 years ago
|
||
This is actually for the next logical evolution of about:support as described in 862203. We want to be able to pull the information automatically for a couple of whitelisted websites so that we don't have to rely on the user's ability to find and provide that information.
Flags: needinfo?(mgrimes)
Assignee | ||
Comment 5•11 years ago
|
||
Thanks Matt, Is there an ETA when the new API / whitelist will be implemented?
Assignee | ||
Comment 6•11 years ago
|
||
Resetting the target dates until more is known
Whiteboard: [pending secreview][start 2013-06-04][target 2013-06-07][Fx] → [pending secreview][start YYYY-MM-DD][target YYYY-MM-DD][Fx]
Assignee | ||
Comment 7•11 years ago
|
||
Resetting triage for this flag until bug 862203 is further along. It appears to be at wireframe stages
Assignee: dchan+bugzilla → nobody
Whiteboard: [pending secreview][start YYYY-MM-DD][target YYYY-MM-DD][Fx] → [pending secreview][start YYYY-MM-DD][target YYYY-MM-DD][Fx][triage needed]
please do light weight risk review and we will slot this for sprint 2
Assignee: nobody → dchan+bugzilla
Updated•11 years ago
|
Whiteboard: [pending secreview][start YYYY-MM-DD][target YYYY-MM-DD][Fx][triage needed] → [pending secreview][start YYYY-MM-DD][target YYYY-MM-DD][Fx]
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
Comment 9•10 years ago
|
||
We're going to do this in bug 1079563.
You need to log in
before you can comment on or make changes to this bug.
Description
•