Security/Archived/Radar: Difference between revisions

Tracking of features / patches needing security review

Bugzilla Sec Queries

sec-review-needed

• Bugzilla Keyword sec-review-needed

sec-review-complete

• Bugzilla Keyword sec-review-complete

Review Active

• Security reviews are on-going

{{#ask: Feature security status::sec-review-active | ?# | ?Feature name# | ?Feature list# | ?Feature version# | ?Feature product manager# | ?Feature security lead# | ?Feature security status# | ?Feature security notes# | ?Modification date# | ?Feature security health# | mainlabel=- | sort=Feature priority,Feature stage | format=template | template=SecurityRadarListTable }}

Feature

Feature List

Target Rel

Prod Mgr

Security lead

Security status

Security notes

Last Modified

Active Bug Reviews

Feature	Status	Owner	Release Tracking
560112 (dataset) Implement HTML5 dataset attribute	Review completed 06.28, work ongoing --> Notes	Assigned to: wchen Review?:mrbkap\jonas	FX6
Toolbar-less app tabs	review meeting held 06.08, work on going --> Notes	Alex Limi
Ensure GCLI commands are executed securely 651081	reviewed 06.15 --> Notes	jwalker
SVG patterns, gradients and filters don't work when SVG is loaded from a data: URL bug 308590	[dveditz]impl rev	dholbert r+:bzbarsky sr+:cbiesinger/dholbert	FX6
bug 50660[FILE]Drag and drop for file upload form control	[dchan] review and report	Michael Ventnor r+:jst enndeakin	FX7
matchMedia support 542058	fuzzer modifications to scan by Jesse	David Baron	FX6
Firefox-native Verified Email Client	Discussion on-going	Dan Mills	FX7
Accelerated composition of layers on mobile using OpenGL ES	needs fuzzing, mobile fuzzing research needed : Jesse	Stuart Parmenter	FX7
WebSockets bug 640003	Reviewed 05.27 *Next item: Threat Model dchan & bsmith 06.10	blizzard	FX6 ??

Review Needed

• triaged to need review, review unscheduled

{{#ask: Feature security status::sec-review-needed | ?# | ?Feature name# | ?Feature list# | ?Feature version# | ?Feature product manager# | ?Feature security lead# | ?Feature security status# | ?Feature security notes# | ?Modification date# | ?Feature security health# | mainlabel=- | sort=Feature priority,Feature stage | format=template | template=SecurityRadarListTable }}

Feature

Feature List

Target Rel

Prod Mgr

Security lead

Security status

Security notes

Last Modified

Review Scheduled

• A review is scheduled

{{#ask: Feature security status::sec-review-sched | ?# | ?Feature name# | ?Feature list# | ?Feature version# | ?Feature product manager# | ?Feature security lead# | ?Feature security status# | ?Feature security notes# | ?Modification date# | ?Feature security health# | mainlabel=- | sort=Feature priority,Feature stage | format=template | template=SecurityRadarListTable }}

Feature

Feature List

Target Rel

Prod Mgr

Security lead

Security status

Security notes

Last Modified

Bug reviews Scheduled

Feature	Status	Owner	Release Tracking
Allow Cross-Origin URLs in EventSource (Server-Sent Events) bug 664179	review sched 07.12	jonas	FX7?
File Saver 648998 bug 648998	review sched 07.13	khuey	FX7
Web Apps in Fennec bug 585958	review sched 07.27	Fabrice Desre / mfinkle
HTTP Pipelineing bug 264354	review sched 08.10	Patrick McManus

Untriaged

• These items need to be triaged
• sorted by hidden items Feature priority & Feature stage asc

On Some Release

{{#ask: Feature version::!`Feature security status::` | ?# | ?Feature name# | ?Feature list# | ?Feature version# | ?Feature product manager# | ?Feature security lead# | ?Feature security status# | ?Feature security notes# | ?Modification date# | ?Feature security health# | mainlabel=- | sort=Feature version | format=template | template=SecurityRadarListTable | limit =100000 }}

Feature

Feature List

Target Rel

Prod Mgr

Security lead

Security status

Security notes

Last Modified

Not on a Release

{{#ask: Feature version::`Feature security status::` | ?# | ?Feature name# | ?Feature list# | ?Feature version# | ?Feature product manager# | ?Feature security lead# | ?Feature security status# | ?Feature security notes# | ?Modification date# | ?Feature security health# | mainlabel=- | sort=Feature version | format=template | template=SecurityRadarListTable | limit =100000 }}

Feature

Feature List

Target Rel

Prod Mgr

Security lead

Security status

Security notes

Last Modified

Other Stuff to be Scheduled

Feature	Status	Owner	Release Tracking
libcubeb sound library replacing libsydneyaudio on mozilla-central	Unscheduled	roc/cpearce/doublec
No more XPConnect between JS and C++ code in DOM workers.	Unscheduled
Make all implemented HTML5 inputs accessible. Bonus: implement canvas inner DOM exposure.	Unscheduled
Azure: graphics system rewrite	Contact email sent	jdrew
Accessability	Contact initiated	dbolter
(e10s)	Meetings on going	smooney
JetPack	Review / meetings ongoing	myk/dmason
Sign-in/Sign-out]]	Contact initiated	thunder(Dan Mills)
OPUS http://tools.ietf.org/html/draft-ietf-codec-opus-05	ETA Need to find owner

Completed Work

• complete
• pass

Legend

	Healthy: things are on track
	At Risk: completion of tasks on time is at risk.
	Blocked: security concern is blocking
	Assignd: being worked by someone else.
ETA	Estimated date for completion of the current feature task. Overall ETA for the feature is the product release date.

Old Radar Pages

• Active
• Triage
• Off Scope