+++ This bug was initially created as a clone of Bug #779359 +++ Security review Q&As: > 1. Who is/are the point of contact(s) for this review? Jet Villegas Yury Delendik Tobias Schneider Shu-yu Guo Michael Bebenita Ian Melven > 2. Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.): Shumway is an experimental web-native runtime implementation of the SWF file format. It is developed as a free and open source project sponsored by Mozilla Research. The project was started with two goals: 1. Advance the open web platform to process rich media formats, like SWF, that were previously only available in closed and proprietary implementations. 2. Offer a runtime processor for SWF and other rich media formats on platforms for which runtime implementations are not available. > 3. Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description: http://mozilla.github.com/shumway > 4. Does this request block another bug? If so, please indicate the bug number > 5. This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review? Initial review: Mid-to-Late August 2012 with expected follow-up reviews thereafter. > 6. To help prioritize this work request, does this project support a goal specifically listed on this quarter's goal list? If so, which goal? The goal is to advance the overall Web Platform and offer a web-native SWF runtime initially for Mobile platforms. > 7. Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.) > * Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users? Adds SWF runtime feature to the Firefox for Android and Desktop: without external native plugin code. > * Are there any portions of the project that interact with 3rd party services? Eventually, access to external http:// and https:// resources as SWF or other media types. > * Will your application/service collect user data? If so, please describe No > 8. If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size): This is a large effort to render an untrusted scriptable file format. Please design/review with appropriate care. > 9. Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite. Mid August 2012

SecReview Scheduled: https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html?view=month&action=view&invId=110473-110472&pstat=AC&exInvId=110473-223118&useInstance=1&instStartTime=1348689600000&instDuration=3600000

Is there a reason this review request is hidden? It's not a private feature, for example we announced today's review in the public platform meeting yesterday and in the wikimo notes.

unhiding, this was originally hidden as the blocked bug was hidden

Risk/Priority Ranking Exercise https://wiki.mozilla.org/Security/RiskRatings Priority: 3 (P3) - Overall Mozilla Quarterly Goal Operational: 0 - N/A User: 4 - Critical Privacy: 4 - Critical Engineering: 4 - Critical Reputational: 3 - Major Priority Score: 45

Jet: What is the status of Shumway? I should have free time after Firefox OS v1 to look at this.

We're now in the release planning stage for our 0.9 release. This release will focus on the click-to-play Flash preview use-case. It will integrate with a modifications to our existing click-to-play plugin system. We'll schedule sec-review when we have more of the infrastructure in place.

Given activity at the summit we should likely restart this work as this is now landed in nightly but pref-ed off

This review will take us multiple sprints to finish. I'm talking with mwobensmith on testing. We may also need to create the architectural diagram. Ideally the security model would be the exact same as Adobe's Flashplayer minus the NPAPI bridge and the chrome/content communication we do for Shumway.

If it makes sense to split this up into review components, I might be interested in testing cross domain policy support and ExternalInterface (communication with the DOM via Flash).

Curtis: what do you need to drive the Shumway security review forward?

(In reply to Chris Peterson (:cpeterson) from comment #11) > Curtis: what do you need to drive the Shumway security review forward? actually it's dchan who is on point for this one

This Shumway bug is no longer relevant.