MozillaWiki

Security/ReviewTemplate: Difference between revisions

Page Discussion

Security/ReviewTemplate (view source)

Revision as of 17:40, 19 January 2011

463 bytes removed ,  19 January 2011
Undo revision 278403 by Zpao (talk)
No edit summary
(Undo revision 278403 by Zpao (talk))
Line 3: Line 3:


== Overview ==
== Overview ==
The goal here was to make the browser more responsive while performing a session restore. We did this by only allowing a few tabs to be loading at a time (after some quick experimentation to determine this would in fact work)
''Describe the goals and objectives of the feature here. What needs or problems does it address?''


;Background links
;Background links
* {{bug|586068}}
* feature-tracking bug links
* public specifications (RFC's, W3C specs, IETF Drafts, etc)
* design docs or internal specifications
* data flow or entity relation diagrams
* links to other implementations of the feature


== Threats ==
== Threats ==
''Please list the top 3 security threats you have considered during the design and implementation of this feature.'' Consider attack points as well as code that feels fragile.
''Please list the top 3 security threats you have considered during the design and implementation of this feature.'' Consider attack points as well as code that feels fragile.


Nothing I can think of. We're hanging information we need from each <xul:browser> but not exposing any more information than is otherwise available.
* Threat 1
* Threat 2
* Threat 3


What mitigations have you implemented?
What mitigations have you implemented?
None needed.


= Topics To Discuss During The Review =
= Topics To Discuss During The Review =
== Privacy ==
''Please be prepared to discuss the topics listed at [[Security/ReviewTopics|ReviewTopics]] as they relate to your feature / project. Optionally, you may copy the most relevant questions here and answer them before the review, which could speed up the review meeting.''
* Does the feature cache or store data that could strengthen super-cookies?
 
No more than session restore does otherwise. Nothing particular to this feature.
 
* How are transitions in/out of Private Browsing mode handled?
 
Transitions also cascade. However transitioning into PB mode doesn't need to cascade (only 1 tab) so we don't need to hang any data on the tab. Since we didn't hang any data on the tab while in PB mode, there's nothing special that needs to be done transitioning out.
 
* How is "Clear Recent History" handled?
 
For tabs that hadn't been properly restored yet, we delete the data we were hanging off each tab and remove the listeners we added.


= Review comments =
= Review comments =
''Notes and bug numbers will be recorded here.  Let's try not to spend too much time on any one topic during the meeting.''
''Notes and bug numbers will be recorded here.  Let's try not to spend too much time on any one topic during the meeting.''
Zpao
86

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/278406"