Closed Bug 7262 Opened 26 years ago Closed 16 years ago

Review all JS interfaces accessible from untrusted web code

Categories

(Core :: Security, defect, P3)

All
Windows NT
defect

Tracking

()

RESOLVED INCOMPLETE

People

(Reporter: norrisboyd, Unassigned)

References

Details

Entering all security bugs and tasks for SeaMonkey into Buzilla for schedule tracking.
Blocks: 7252
Status: NEW → ASSIGNED
Target Milestone: M13
Target Milestone: M13 → M14
Summary: Review all JS interfaces accessible from untrusted web code → [Feature] Review all JS interfaces accessible from untrusted web code
Target Milestone: M14 → M15
New window properties that need review: sidebar, content, and controllers.
Push security review tasks off until M16.
Target Milestone: M15 → M16
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
Summary: [Feature] Review all JS interfaces accessible from untrusted web code → Review all JS interfaces accessible from untrusted web code
Target Milestone: M16 → M18
Changing Qa contact to myself.
QA Contact: dshea → junruh
Bulk reassigning most of norris's bugs to mstoltz.
Assignee: norris → mstoltz
Status: ASSIGNED → NEW
Security reviews and denial-of-service attacks. These will be addressed in the post-beta2 timeframe (unless someone's interested in tackling them earlier?)
Status: NEW → ASSIGNED
Assigning QA to czhang
QA Contact: junruh → czhang
Reassigning to jtaylor. Cathy's already reviewing the DOM for security; maybe you can look at other APIs exposed to Javascript. I'll show you how to find what these are.
Assignee: mstoltz → jtaylor
Status: ASSIGNED → NEW
Status: NEW → ASSIGNED
-> mstoltz
Assignee: jtaylor → mstoltz
Status: ASSIGNED → NEW
Accepting. Hopefully part of post-PR3 security reviews we've got planned.
Status: NEW → ASSIGNED
rtm for security review meeting.
Keywords: rtm
Mitch, who could help with this?
Whiteboard: [need info]
Ongoing. This can probably be minus'd
QA Contact: czhang → junruh
Marking [rtm-] then
Whiteboard: [need info] → [rtm-]
Mass changing QA to ckritzer.
QA Contact: junruh → ckritzer
Milestone 0.8 has been released. We should either resolve this bug or update its milestone.
Target Milestone: M18 → ---
Mass adding mozilla0.9 keyword (mass changing milestone doesn't seem to work).
Keywords: mozilla0.9
Mass changing milestone to Moz1.0 - stuff targeted for late spring/early summer.
Target Milestone: --- → mozilla1.0
Bugs targeted at mozilla1.0 without the mozilla1.0 keyword moved to mozilla1.0.1 (you can query for this string to delete spam or retrieve the list of bugs I've moved)
Target Milestone: mozilla1.0 → mozilla1.0.1
Target Milestone: mozilla1.0.1 → mozilla1.2alpha
Target Milestone: mozilla1.2alpha → mozilla1.2beta
Clearing milestone for now.
Target Milestone: mozilla1.2beta → ---
Reassigning to heikki. Heikki, if you think this has been adequately covered elsewhere, then feel free to close it; this is obviously a very old bug. The idea here is to review all interfaces exposed to JS. There may be some legacy interfaces that do not use XPConnect but are exposed to web JS by other mechanisms; we should look for those.
Assignee: mstoltz → heikki
Status: ASSIGNED → NEW
Whiteboard: [rtm-]
*** Bug 16307 has been marked as a duplicate of this bug. ***
Search on AddExternalNameSet for one such legacy mechanism.
Assignee: hjtoi-bugzilla → nobody
QA Contact: ckritzer → toolkit
Whiteboard: [expired?]
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → INCOMPLETE
Whiteboard: [expired?]
You need to log in before you can comment on or make changes to this bug.