Closed Bug 7257 Opened 26 years ago Closed 15 years ago

Security review of chrome registration interface

Categories

(Core Graveyard :: Skinability, defect, P3)

All
Windows NT
defect

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: norrisboyd, Assigned: hjtoi-bugzilla)

References

Details

(Whiteboard: [sg:investigation])

Entering all security bugs and tasks for SeaMonkey into Buzilla for schedule tracking.
Depends on: 7256
Summary: Security review of chrome registration interface → Security review of chrome registration interface
Blocks: 7252
Target Milestone: M8
Status: NEW → ASSIGNED
Target Milestone: M8 → M9
has the review been completed during m8? rolling this tracking bug over to m9
Depends on: 9682
Target Milestone: M9 → M11
Depends on 9682, which is M11.
Target Milestone: M11 → M12
Target Milestone: M12 → M14
Summary: Security review of chrome registration interface → [Feature] Security review of chrome registration interface
Target Milestone: M14 → M15
Push security review tasks off until M16.
Target Milestone: M15 → M16
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
Adding 'skins' keyword to selected chrome bugs. Please add any omissions. Sorry for any mistakes...
Keywords: skins
Blocks: 29160
Mass-adding beta2 keyword to all skins bugs.
Keywords: beta2
Summary: [Feature] Security review of chrome registration interface → Security review of chrome registration interface
Target Milestone: M16 → M17
Changing Qa contact to myself.
QA Contact: dshea → junruh
Keywords: nsbeta2
Keywords: beta2
Whiteboard: No review planned until feature is complete (post-nsbeta2)
Bulk reassigning most of norris's bugs to mstoltz.
Assignee: norris → mstoltz
Status: ASSIGNED → NEW
David, Norris suggested I assign this one to you...could you take a look, or else pass it on?
Assignee: mstoltz → hyatt
cc'ing myself.
Changing (post-nsbeta2) in Summary to read (post-PR2) so my "nsbeta2 in keyword with no nsbeta2 in Summary" query will pick this bug up for PDT review.
Whiteboard: No review planned until feature is complete (post-nsbeta2) → No review planned until feature is complete (post-PR2)
[nsbeta2-]
Whiteboard: No review planned until feature is complete (post-PR2) → [nsbeta2-] No review planned until feature is complete (post-PR2)
Changed QA contact to Cathy.
QA Contact: junruh → czhang
Mass-moving all nsbeta2- bugs to M20
Target Milestone: M17 → M20
This was never Hyatt's bug. My understanding is that the chrome registry already exists. What is missing that needs security review? Putting back on nsbeta2 radar, this review seems essential for skins to be safe.
Assignee: hyatt → mstoltz
Whiteboard: [nsbeta2-] No review planned until feature is complete (post-PR2) → No review planned until feature is complete
Target Milestone: M20 → ---
Putting on [nsbeta2-] radar.
Whiteboard: No review planned until feature is complete → [nsbeta2-] No review planned until feature is complete
Assignee: mstoltz → ben
Component: Security: General → Skinability
QA Contact: czhang → szhu
Whiteboard: [nsbeta2-] No review planned until feature is complete
Target Milestone: --- → M17
I'm reassigning this to Skinability so that it will catch the eye of someone who knows this code. I'm happy to help with a security review but I need help from someone who knows/owns this code. Can we set up a meeting time to do this review?
Removed NSBeta2- to trigger re-evaluation. I assume skins are nearing completion, and we should have a security review before beta2 is released.
This is a bug for a review mtg. Not a blocker. Putting on [nsbeta2-] radar.
Whiteboard: [nsbeta2-]
*spam* changing QA to me for all skinability bugs (all 4 of them!)
QA Contact: szhu → BlakeR1234
Whiteboard: [nsbeta2-] → [nsbeta2-] [b3nav+]
Yes, we need to review this for beta 3. Ben, make sure we're following German's spec here.
Priority: P3 → P1
Whiteboard: [nsbeta2-] [b3nav+] → [nsbeta2-][b3nav+]
Target Milestone: M17 → M20
nav triage team: changing [b3nav+] bugs to [nsbeta3+].
Whiteboard: [nsbeta2-][b3nav+] → [nsbeta2-][nsbeta3+]
what is required here? I'm only responsible for XUL/CSS stuff. this doesn't sound like my bug.
I want to hold a brainstorming session on chrome/xul/css security this week. Ben, this includes you.
ok, let me know when, preferably a day in advance as I don't often get in early ;)
Status: NEW → ASSIGNED
Adding nsbeta3 keyword to bugs which already have nsbeta3 status markings so the queries don't get all screwed up.
Keywords: nsbeta3
mitch, I don't want this on my radar if I don't know what's going on. Tell me what you want me to do or I'll close it :P
Priority: P1 → P4
I'll take this back. I've spoken to Hyatt a bit and he's calmed my fears a bit, although a meeting might still be a good idea, when I have the time. Clearing the + for now.
Assignee: ben → mstoltz
Status: ASSIGNED → NEW
Keywords: nsbeta2
Whiteboard: [nsbeta2-][nsbeta3+]
jar suggested that mstoltz take this and if you run into any security fears, create a new bug and nominate nsbeta3.
Removing nsbeta3 as this is a 'tracking" bug
Status: NEW → ASSIGNED
Keywords: nsbeta3
nsbeta3. It would be nice to bring this up at an architecture meeting, maybe.
Keywords: nsbeta3
Priority: P4 → P3
Unless you guys want me to dial in and listen to your meeting (I'll also accept it if you pay to fly me to CA), I'm not sure how I'll verify that you guys had a meeting about this. So, setting QA to mstoltz.
QA Contact: blakeross → mstoltz
Marking security reviews as rtm.
Keywords: rtm
Removing nsbeta3 to make queries clearer.
Keywords: nsbeta3
Mitch, on 8/16 you said your fears were calmed a bit by talking to Hyatt. Is there anything left to really do for this bug? Do you still need a skins person to help do a review?
Whiteboard: [need info]
Yes. Mybe not for rtm, but soon.
PDT marking [rtm-] for this to-do item. If any serious bugs crop up as a result of this review, please nominate them separately.
Whiteboard: [need info] → [rtm-]
Keywords: skins
Mass adding mozilla0.9 keyword (mass changing milestone doesn't seem to work).
Keywords: mozilla0.9
Mass changing milestone to Moz1.0 - stuff targeted for late spring/early summer.
Target Milestone: --- → mozilla1.0
Bugs targeted at mozilla1.0 without the mozilla1.0 keyword moved to mozilla1.0.1 (you can query for this string to delete spam or retrieve the list of bugs I've moved)
Target Milestone: mozilla1.0 → mozilla1.0.1
don't move bugs that are in the 1.0 dependency tree. sorry.
Target Milestone: mozilla1.0.1 → mozilla1.0
Moving Netscape owned 0.9.9 and 1.0 bugs that don't have an nsbeta1, nsbeta1+, topembed, topembed+, Mozilla0.9.9+ or Mozilla1.0+ keyword. Please send any questions or feedback about this to adt@netscape.com. You can search for "Moving bugs not scheduled for a project" to quickly delete this bugmail.
Target Milestone: mozilla1.0 → mozilla1.2
Target Milestone: mozilla1.2alpha → mozilla1.2beta
Clearing milestone for now.
Target Milestone: mozilla1.2beta → ---
Might still be something to look for here; if we do any more security reviews.
Assignee: mstoltz → heikki
Status: ASSIGNED → NEW
Whiteboard: [rtm-] → [sg:investigation]
Product: Core → Core Graveyard
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.