Security/Archived/Reviews/
Security Review Template
Security Review Calendar (.ics)
Security Review Calendar (HTML)
IRC Channel
Unless otherwise noted on the adgenda for a review the IRC channel for reviews shall be #security.
Scheduling a Review
To schedule either a Design or Implementation review please email secteam at mozilla dot com.
Design Review
All features regardless of size should have a design review. These should occur before any code is landed to Mozilla Central (MC), the goal is to find architectural flaws that may result in serious security issues. When a feature page is created a security contact should be specified for the feature to ensue the smoothest integration for security input and reviews. If you find you are missing such a contact please email secteam at mozilla dot com to have one assigned. The level of work required for design reviews will vary depending on such factors as complexity of the feature, changes to known fragile code, and/or features that alter the security posture of the product or of Mozilla as a whole. Design reviews may be followed up with implementation reviews, fuzz testing, outside code review or other security tasks as deemed necessary to ensure the safety and security of our users.
Implementation Review
Just as it sounds this is a review of a patch and its corresponding implementation prior to that patch landing in a widely use branches (MC, Aurora, Beta, etc). Not all patches will require a security review, however, if a patch is deemed to need a security review and one is not completed that patch may be backed out until such a review is completed. Patch owners will most often be contacted by the security team for such a review, however, we encourage patch authors to be proactive and contact secteam when they are in doubt or feel a security review would be beneficial.
Firefox
- Firefox 5
- Firefox4.next
- Firefox 4.0 Security Reviews
- Firefox 3.6 Security Reviews
- Firefox 3.5 Security Reviews