If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Privacy-Technical Review: Shumway SWF Runtime

RESOLVED INCOMPLETE

Status

mozilla.org
Security Assurance: Review Request
RESOLVED INCOMPLETE
4 years ago
2 years ago

People

(Reporter: elan, Assigned: cpeterson)

Tracking

({privacy-review-needed})

Details

(Whiteboard: [Fx] u= c= p=1 s=sprint 6 [score:low] [shumway:fb2?])

(Reporter)

Description

4 years ago
Initial Questions:

Project/Feature Name: Shumway SWF Runtime
Tracking  ID:
Description:
(taken from sec bug verbiage) 

Shumway is an experimental web-native runtime implementation of the SWF file format. It is developed as a free and open source project sponsored by Mozilla Research. The project was started with two goals:

1. Advance the open web platform to process rich media formats, like SWF, that were previously only available in closed and proprietary implementations.
2. Offer a runtime processor for SWF and other rich media formats on platforms for which runtime implementations are not available.
Additional Information:
- https://github.com/mozilla/shumway/wiki/Intro
- https://github.com/mozilla/shumway/wiki
- https://wiki.mozilla.org/Shumway/Roadmap

Key Initiative: Firefox Platform
Release Date: 2013-12-10
Project Status: development
Mozilla Data: Yes
Mozilla Related: Firefox Desktop, Firefox for Android
Separate Party: No
We had a user create a ticket on github about this:
https://github.com/mozilla/shumway/issues/399

My thoughts on the issues they brought up:

Both pieces of information (version number and font list) are available by other means, already. Since we plan on bundling Shumway, a specific version of Firefox will correspond to a specific version of Shumway. The font list is available for inspection via js, and we aren't using any privileged APIs within Shumway to get at it.

One concern is, however, that we might still effectively cause users to be identified more easily. The fonts case could be an example for that: we're using readily available APIs that can already be used for thumbprinting, but we're exposing them in a way that existing tracking mechanisms consume right now, making them pick up on the information where they might not have, before.
Assignee: nobody → curtisk
Whiteboard: [Fx]
Are we any closer to having something we might run some tests on to see what we can get out of this?
Blocks: 886680
Flags: needinfo?(elancaster)
needs at least a score
Whiteboard: [Fx] → [Fx] u= c= p=1 s=ready
Group: mozilla-corporation-confidential
Due Date: 2013-11-22
Whiteboard: [Fx] u= c= p=1 s=ready → [Fx] u= c= p=1 s=ready [score:low]
I believe a great deal of this is still in flux so it's not ready for a formal review yet, but the bug at least has a risk rating for completion of this sprint
Due Date: 2013-11-22
Whiteboard: [Fx] u= c= p=1 s=ready [score:low] → [Fx] u= c= p=1 s=sprint 2 [score:low]
Whiteboard: [Fx] u= c= p=1 s=sprint 2 [score:low] → [Fx] u= c= p=1 s=sprint 4 [score:low]
Whiteboard: [Fx] u= c= p=1 s=sprint 4 [score:low] → [Fx] u= c= p=1 s=sprint 5 [score:low]
Whiteboard: [Fx] u= c= p=1 s=sprint 5 [score:low] → [Fx] u= c= p=1 s=sprint 6 [score:low]
wiki page posted for input of information
https://wiki.mozilla.org/Privacy/Reviews/Shumway
Status: NEW → ASSIGNED
(Assignee)

Updated

4 years ago
Blocks: 886675
(Assignee)

Updated

3 years ago
Blocks: 1037580
Flags: needinfo?(elancaster)
Assignee: curtisk → nobody
(Assignee)

Updated

3 years ago
Whiteboard: [Fx] u= c= p=1 s=sprint 6 [score:low] → [Fx] u= c= p=1 s=sprint 6 [score:low] [shumway:fb2?]
(Assignee)

Comment 6

3 years ago
Make bugs with "[shumway-fb2]" whiteboard tag block shumway-fb2 meta bug 1110300.
Blocks: 1110300
(Assignee)

Updated

3 years ago
Blocks: 1120590
(Assignee)

Updated

3 years ago
No longer blocks: 1110300
(Assignee)

Updated

2 years ago
No longer blocks: 1120590
(Assignee)

Updated

2 years ago
Blocks: 1120590
(Assignee)

Updated

2 years ago
Assignee: nobody → cpeterson
(Assignee)

Comment 7

2 years ago
This Shumway bug is no longer relevant.
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.