Closed Bug 862204 Opened 11 years ago Closed 10 years ago

Security Review: In-product about:support API

Categories

(mozilla.org :: Security Assurance: Review Request, task)

Product:
mozilla.org
Component:
Security Assurance: Review Request
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: Matt_G, Assigned: dchanm+bugzilla)

References

(Blocks 1 open bug)

Details

(Whiteboard: [pending secreview][start YYYY-MM-DD][target YYYY-MM-DD][Fx]) 

Initial Questions:

Project/Feature Name: In-product about:support API 
Tracking  ID:https://bugzilla.mozilla.org/show_bug.cgi?id=732527
Description:
Looking to get the ball rolling on a privacy review for getting the about:support API baked into the browser. We've been experimenting with this on the SUMO forums using an addon and the results have been amazing. This allows us (with the user's permission of course) to automagically pull the about:support information so they don't have to provide it manually. This helps us to better understand the user's issue and ultimately to help resolve the issue faster. It also provides us with more data for investigating issues. We can make correlations between types of issues and information provided in about:support.

The next phase of this plan is to implement this feature permanently in the product. We would then use a whitelist to restrict access to the data. That way we can use this data on the SUMO forums, Input, and any other sites that may benefit from this info.
Additional Information:

Urgency: 2-4 weeks
Key Initiative: Firefox Desktop
Release Date: 
Project Status: development
Mozilla Data: Yes
New or Change: New
Mozilla Project: General
Mozilla Related: 
Separate Party:

Security Review Questions:

Affects Products: Yes
Review Due Date: 
Review Invitees: 
Extra Information:
We would like to use a whitelist to prevent other sites from trying to access this data.
Flags: sec-review?
unhiding & marking for triage
Group: mozilla-corporation-confidential
Whiteboard: [triage needed]
this mostly needs an implementation review just to check for security issues that may arise
Assignee: nobody → dchan+bugzilla
Flags: sec-review?
Whiteboard: [triage needed] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd]
Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][Fx]
Matt:
I'm guessing that this bug is for a review of the code for bug 554174? If so I can finish this up by end of week.
Flags: needinfo?(mgrimes)
Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][Fx] → [pending secreview][start 2013-06-04][target 2013-06-07][Fx]
This is actually for the next logical evolution of about:support as described in 862203. We want to be able to pull the information automatically for a couple of whitelisted websites so that we don't have to rely on the user's ability to find and provide that information.
Flags: needinfo?(mgrimes)
Thanks Matt,

Is there an ETA when the new API / whitelist will be implemented?
Resetting the target dates until more is known
Whiteboard: [pending secreview][start 2013-06-04][target 2013-06-07][Fx] → [pending secreview][start YYYY-MM-DD][target YYYY-MM-DD][Fx]
Resetting triage for this flag until bug 862203 is further along. It appears to be at wireframe stages
Assignee: dchan+bugzilla → nobody
Whiteboard: [pending secreview][start YYYY-MM-DD][target YYYY-MM-DD][Fx] → [pending secreview][start YYYY-MM-DD][target YYYY-MM-DD][Fx][triage needed]
please do light weight risk review and we will slot this for sprint 2
Assignee: nobody → dchan+bugzilla
Whiteboard: [pending secreview][start YYYY-MM-DD][target YYYY-MM-DD][Fx][triage needed] → [pending secreview][start YYYY-MM-DD][target YYYY-MM-DD][Fx]
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
We're going to do this in bug 1079563.
You need to log in before you can comment on or make changes to this bug.