Securtiy/Reviews/IMinThunderBird

From MozillaWiki
Jump to: navigation, search
Please use "Edit with form" above to edit this page.

Item Reviewed

IM in ThunderBird
Target https://wiki.mozilla.org/Features/Thunderbird/Instant_messaging_in_Thunderbird Full Query
ID Summary Priority Status
714733 Instant messaging in Thunderbird -- RESOLVED

1 Total; 0 Open (0%); 1 Resolved (100%); 0 Verified (0%);

The given value "https://wiki.mozilla.org/Features/Thunderbird/Instant_messaging_in_Thunderbird Full Query
ID Summary Priority Status
714733 Instant messaging in Thunderbird -- RESOLVED

1 Total; 0 Open (0%); 1 Resolved (100%); 0 Verified (0%);

" contains strip markers and therefore it cannot be parsed sufficiently.

Introduce the Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

  • enrich the email experience with instant messaging functionality
  • People frequently communicate with the same contacts through different messaging technologies (email, instant messaging, twitter...). It's frustrating to have to use completly separate systems for these different forms of communication.
  • use case:
  • target users: people who use Thunderbird for their emails and may IM the same set of contacts.

What solutions/approaches were considered other than the proposed solution?

  • The proposed solution adds support for a few IM protocols (currently XMPP and Twitter) directly inside Thunderbird. It uses the JavaScript parts of Instantbird's backend for that.
  • Another approach was to detect IM clients already installed on the user's system, and attempt to interact with them. That would however be very limiting...

Why was this solution chosen?

  • By supporting IM protocols directly in Thunderbird, we have full control on how the IM messages are presented and integrated into the Thunderbird UX.
  • We can index conversations, so that they can appear in gloda search results.
  • It will also be possible to integrate instant messaging contact lists with the Thunderbird addressbook (not done yet).
  • I (Florian) already have a good knowledge of the Instantbird code base as I wrote most of it, and reviewed the rest.

Any security threats already considered in the design and why?

  • We would like to let add-on authors add support for more protocols with add-ons, so we obviously can't trust the received messages to be clean HTML.

Threat Brainstorming

  • What is indexed in glota?
    • plaintext version of conversation
  • if HTML or JS is sent what happens
    • attempt to sanitize the content
  • interaction between browser contexts
    • xul browser for ea conversation in seperate tabs
  • Property "SecReview feature goal" (as page type) with input value "* enrich the email experience with instant messaging functionality
    • People frequently communicate with the same contacts through different messaging technologies (email, instant messaging, twitter...). It's frustrating to have to use completly separate systems for these different forms of communication.
    • use case:
    • target users: people who use Thunderbird for their emails and may IM the same set of contacts." contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
    • Property "SecReview alt solutions" (as page type) with input value "* The proposed solution adds support for a few IM protocols (currently XMPP and Twitter) directly inside Thunderbird. It uses the JavaScript parts of Instantbird's backend for that.
    • Another approach was to detect IM clients already installed on the user's system, and attempt to interact with them. That would however be very limiting..." contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
    • Property "SecReview solution chosen" (as page type) with input value "* By supporting IM protocols directly in Thunderbird, we have full control on how the IM messages are presented and integrated into the Thunderbird UX.
    • We can index conversations, so that they can appear in gloda search results.
    • It will also be possible to integrate instant messaging contact lists with the Thunderbird addressbook (not done yet).
    • I (Florian) already have a good knowledge of the Instantbird code base as I wrote most of it, and reviewed the rest." contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
    • Property "SecReview threats considered" (as page type) with input value "* We would like to let add-on authors add support for more protocols with add-ons, so we obviously can't trust the received messages to be clean HTML.
      • conversations are only displayed in browsers with the type="content-" attribute
      • the received HTML is sanitized before display, using a white list of acceptable HTML tags and acceptable CSS attributes. (the sanitizing code is in http://lxr.instantbird.org/instantbird/source/chat/modules/imContentSink.jsm )" contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
      • Property "SecReview threat brainstorming" (as page type) with input value "*What is indexed in glota?
      • plaintext version of conversation
    • if HTML or JS is sent what happens
      • attempt to sanitize the content
    • interaction between browser contexts
      • xul browser for ea conversation in seperate tabs" contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.

Action Items

Action Item Status In Progress
Release Target Thunderbird 13
Action Items
WhoActionBy WhenCompleted date
ptheriaultsanitzation code reviewbefore code migrates to aurora[DONE] Done
ptheriault bug 741958twitter oauth / apiapi usebefore code migrates to aurora[NEW] in progress
ptheriaultcontact name sanitizationbefore code migrates to aurora[DONE] Done
Full Query
ID Summary Priority Status
741958 [Security Review][Action Item]IM in Thunderbird - witter oauth / apiapi use -- RESOLVED

1 Total; 0 Open (0%); 1 Resolved (100%); 0 Verified (0%);

The given value "

WhoActionBy WhenCompleted date

ptheriaultsanitzation code reviewbefore code migrates to aurora[DONE] Done

ptheriault bug 741958twitter oauth / apiapi usebefore code migrates to aurora[NEW] in progress

ptheriaultcontact name sanitizationbefore code migrates to aurora[DONE] Done


Full Query
ID Summary Priority Status
741958 [Security Review][Action Item]IM in Thunderbird - witter oauth / apiapi use -- RESOLVED

1 Total; 0 Open (0%); 1 Resolved (100%); 0 Verified (0%);

" contains strip markers and therefore it cannot be parsed sufficiently.