Closed
Bug 7262
Opened 26 years ago
Closed 16 years ago
Review all JS interfaces accessible from untrusted web code
Categories
(Core :: Security, defect, P3)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: norrisboyd, Unassigned)
References
Details
Entering all security bugs and tasks for SeaMonkey into Buzilla for schedule
tracking.
Reporter | ||
Updated•26 years ago
|
Status: NEW → ASSIGNED
Reporter | ||
Updated•26 years ago
|
Target Milestone: M13
Reporter | ||
Updated•25 years ago
|
Target Milestone: M13 → M14
Reporter | ||
Updated•25 years ago
|
Summary: Review all JS interfaces accessible from untrusted web code → [Feature] Review all JS interfaces accessible from untrusted web code
Target Milestone: M14 → M15
Reporter | ||
Comment 1•25 years ago
|
||
New window properties that need review: sidebar, content, and controllers.
Reporter | ||
Comment 2•25 years ago
|
||
Push security review tasks off until M16.
Target Milestone: M15 → M16
Bulk moving all Browser Security bugs to new Security: General component. The
previous Security component for Browser will be deleted.
Component: Security → Security: General
Reporter | ||
Updated•25 years ago
|
Summary: [Feature] Review all JS interfaces accessible from untrusted web code → Review all JS interfaces accessible from untrusted web code
Target Milestone: M16 → M18
Comment 5•25 years ago
|
||
Bulk reassigning most of norris's bugs to mstoltz.
Assignee: norris → mstoltz
Status: ASSIGNED → NEW
Comment 6•25 years ago
|
||
Security reviews and denial-of-service attacks. These will be addressed in the
post-beta2 timeframe (unless someone's interested in tackling them earlier?)
Status: NEW → ASSIGNED
Comment 8•25 years ago
|
||
Reassigning to jtaylor. Cathy's already reviewing the DOM for security; maybe
you can look at other APIs exposed to Javascript. I'll show you how to find what
these are.
Assignee: mstoltz → jtaylor
Status: ASSIGNED → NEW
Updated•25 years ago
|
Status: NEW → ASSIGNED
Comment 10•24 years ago
|
||
Accepting. Hopefully part of post-PR3 security reviews we've got planned.
Status: NEW → ASSIGNED
Comment 13•24 years ago
|
||
Ongoing. This can probably be minus'd
Updated•24 years ago
|
QA Contact: czhang → junruh
Comment 16•24 years ago
|
||
Milestone 0.8 has been released. We should either resolve this bug or update its
milestone.
Updated•24 years ago
|
Target Milestone: M18 → ---
Comment 17•24 years ago
|
||
Mass adding mozilla0.9 keyword (mass changing milestone doesn't seem to work).
Keywords: mozilla0.9
Comment 18•24 years ago
|
||
Mass changing milestone to Moz1.0 - stuff targeted for late spring/early summer.
Target Milestone: --- → mozilla1.0
Comment 19•23 years ago
|
||
Bugs targeted at mozilla1.0 without the mozilla1.0 keyword moved to mozilla1.0.1
(you can query for this string to delete spam or retrieve the list of bugs I've
moved)
Target Milestone: mozilla1.0 → mozilla1.0.1
Updated•23 years ago
|
Target Milestone: mozilla1.0.1 → mozilla1.2alpha
Updated•23 years ago
|
Target Milestone: mozilla1.2alpha → mozilla1.2beta
Comment 21•22 years ago
|
||
Reassigning to heikki. Heikki, if you think this has been adequately covered
elsewhere, then feel free to close it; this is obviously a very old bug. The
idea here is to review all interfaces exposed to JS. There may be some legacy
interfaces that do not use XPConnect but are exposed to web JS by other
mechanisms; we should look for those.
Assignee: mstoltz → heikki
Status: ASSIGNED → NEW
Whiteboard: [rtm-]
Comment 22•22 years ago
|
||
*** Bug 16307 has been marked as a duplicate of this bug. ***
Comment 23•22 years ago
|
||
Search on AddExternalNameSet for one such legacy mechanism.
Updated•16 years ago
|
Assignee: hjtoi-bugzilla → nobody
QA Contact: ckritzer → toolkit
Whiteboard: [expired?]
Updated•16 years ago
|
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → INCOMPLETE
Updated•16 years ago
|
Whiteboard: [expired?]
You need to log in
before you can comment on or make changes to this bug.
Description
•