Security/Reviews/Firefox9/AddOnPerf

From MozillaWiki
Jump to: navigation, search

Items to be reviewed:

Introduce Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

  • to allow users to see add-ons that may be using resources at levels beyond their usefullness
    • this is not in product active monitoring, this is all data from AMO
    • the data from AMO is not even pulled in separately but rather together with existing AMO data (since Firefox 4)
  • data is being transfered using HTTPS

What solutions/approaches were considered other than the proposed solution?

  • building live in product resource monitoring

Why was this solution chosen?

  • need to expose data to users about add-on preformance

Any security threats already considered in the design and why?

  • data being tampered
    • data is transfered in HTTPs to prevent tampering

Threat Brainstorming

Conclusions / Action Items