Closed Bug 7255 Opened 25 years ago Closed 21 years ago

Review new DOM APIs

Categories

(Core :: Security, defect, P3)

defect

Tracking

()

RESOLVED FIXED

People

(Reporter: norrisboyd, Assigned: security-bugs)

References

Details

(Whiteboard: [DONTTEST][rtm-])

Entering all security bugs and tasks for SeaMonkey into Buzilla for schedule tracking.
Blocks: 7252
Target Milestone: M8
Status: NEW → ASSIGNED
Target Milestone: M8 → M10
Definitely won't get to this for M8. Probably really an M10 thing, actually.
Target Milestone: M10 → M12
We should probably do at least a cursory look at this before beta
Moving to m13 because Joki seems to be distracted.
Whiteboard: [DONTTEST]
Marking [DONTTEST].
Target Milestone: M13 → M14
Mass-moving excess bugs to M14
Bulk moving old [donttest] code to new donttest keyword. Sorry for the spam!
Keywords: donttest
I don't think I'll be spending time on this this week so this won't be done for M14.
Target Milestone: M14 → M15
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
Mass-moving bugs out of M15 that I won't get to. Will refit individual milestones after moving them.
Target Milestone: M15 → M16
QA Contact: dshea → junruh
Changing Qa contact to myself.
Moving to M17
Target Milestone: M16 → M17
This is really just a placeholder for sitting down and looking at the DOM Level 1 and 2 api's from a security standpoint to make sure we're covering any obvious exploits. Since I'm not as involved in security anymore I'm going to reassign this over to mstoltz. If Mitch thinks this task has been accomplished already then this can be closed. If not then it still needs to be done. I'll probably be less involved in it so I'll let Mitch make the call.
Assignee: joki → mstoltz
Status: ASSIGNED → NEW
Still worth taking a look, I think. Should we meet and talk these over?
Status: NEW → ASSIGNED
Assigning QA to czhang.
QA Contact: junruh → czhang
I'd like to have a meeting or else launch an informal effort on this, as Vidur, Guninski, and I continue to discover exploits in the DOM. Any suggestions on how to attack this? Is a systematic security review feasible for PR3, or am I dreaming?
Marking nsbeta3 because it would be nice to do this soon. May not happen though, it looks kind of involved.
Keywords: nsbeta3
Blocks: 26603
Adding rtm keyword for security reviews.
Keywords: donttest, nsbeta3rtm
mstoltz, is there any way that anyone could help with this?
Whiteboard: [DONTTEST] → [DONTTEST][need info]
This is ongoing and can be minus'd.
Updated QA Contact
QA Contact: czhang → junruh
PDT marking [rtm-] for this to-do list. If any serious bugs crop up as a result of this testing, please nominate them.
Whiteboard: [DONTTEST][need info] → [DONTTEST][rtm-]
Mass changing QA to ckritzer.
QA Contact: junruh → ckritzer
Milestone 0.8 has been released. We should either resolve this bug or update its milestone.
Target Milestone: M17 → ---
Mass adding mozilla0.9 keyword (mass changing milestone doesn't seem to work).
Keywords: mozilla0.9
Mass changing milestone to Moz1.0 - stuff targeted for late spring/early summer.
Target Milestone: --- → mozilla1.0
OS: Windows NT → All
Bugs targeted at mozilla1.0 without the mozilla1.0 keyword moved to mozilla1.0.1 (you can query for this string to delete spam or retrieve the list of bugs I've moved)
Target Milestone: mozilla1.0 → mozilla1.0.1
Resetting Milestone (due to mass-change) and adding mozilla 1.0 keyword.
Keywords: mozilla1.0
Target Milestone: mozilla1.0.1 → ---
Target Milestone: --- → mozilla1.0
Moving Netscape owned 0.9.9 and 1.0 bugs that don't have an nsbeta1, nsbeta1+, topembed, topembed+, Mozilla0.9.9+ or Mozilla1.0+ keyword. Please send any questions or feedback about this to adt@netscape.com. You can search for "Moving bugs not scheduled for a project" to quickly delete this bugmail.
Target Milestone: mozilla1.0 → mozilla1.2
Target Milestone: mozilla1.2alpha → mozilla1.2beta
Clearing milestone for now.
Target Milestone: mozilla1.2beta → ---
This has been covered exhaustively, marking Fixed.
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.