This one https://bugzilla.mozilla.org/show_bug.cgi?id=794407
isn't on any on the lists (or if it is I didn't see it), and it really should be. As it stands now, any web page can use the 'dial' web activity from a script and the dialer just places the call. That can be done even if the user is not using the phone. Either that or https://github.com/mozilla-b2g/gaia/issues/5412 (or both, actually) should land in basecamp. Best regards, Antonio On 29/09/2012, at 03:39, "Lucas Adamski" <[email protected]> wrote: > Ok, so strike-outs got removed when I hit send. Perfect. > > Remaining major open bugs in bold below. Other open bugs remain but they > are not as time-sensitive IMHO (current sec bug list blocking-basecamp: > http://preview.tinyurl.com/8oxhory). > > On Sep 14, 2012, at 6:45 AM, Lucas Adamski wrote: > >> I've put together a list of the most high-risk security bugs remaining for >> basecamp (there may be omissions so if you disagree please let me know). >> These are bugs that could really hurt us if they don't make 9/28. >> >> They are: >> - blocking appcache and cookie jars from landing: >> https://bugzilla.mozilla.org/show_bug.cgi?id=786835 (:MattN) >> - Permissions population and UI events: >> https://bugzilla.mozilla.org/show_bug.cgi?id=758269, >> https://bugzilla.mozilla.org/show_bug.cgi?id=773114 (:ddahl) >> - CSP policy for priv & cert apps: >> https://bugzilla.mozilla.org/show_bug.cgi?id=768029 (Sid :geekboy) >> - Get & set existing permissions: >> https://bugzilla.mozilla.org/show_bug.cgi?id=770731 (:gwagner) >> - Delete data at app uninstall: >> https://bugzilla.mozilla.org/show_bug.cgi?id=783408, >> https://bugzilla.mozilla.org/show_bug.cgi?id=786299 (:jduell) >> https://bugzilla.mozilla.org/show_bug.cgi?id=786295 (:bent) >> https://bugzilla.mozilla.org/show_bug.cgi?id=786301 (:janv) >> - Signing for packaged apps: >> https://bugzilla.mozilla.org/show_bug.cgi?id=772365 (:bsmith) >> - Installing packaged apps using mini-manifest: >> https://bugzilla.mozilla.org/show_bug.cgi?id=789527 (:fabrice) >> - Updating packaged apps: >> https://bugzilla.mozilla.org/show_bug.cgi?id=772364 (:mounir) >> - Install/update of hosted apps: >> https://bugzilla.mozilla.org/show_bug.cgi?id=790872 (nobody?) >> https://bugzilla.mozilla.org/show_bug.cgi?id=790872 (:mounir) >> - Integrate camera with permission manager: >> https://bugzilla.mozilla.org/show_bug.cgi?id=776934 (:mikeh) >> >> If you own a bug here, please prioritize it accordingly. If you feel that's >> your bug is unlikely to make the 9/28 feature freeze, please reach out to me >> AND your manager! If you are a manager and see one of your team members on >> the list above, please check in with them to make sure they feel comfortably >> on-track. >> >> Related meta bugs: >> Basecamp security: https://bugzilla.mozilla.org/show_bug.cgi?id=764189 >> Privileged apps: https://bugzilla.mozilla.org/show_bug.cgi?id=756729 >> Basecamp updates: >> https://bugzilla.mozilla.org/show_bug.cgi?id=basecamp-updates >> Meta bug for install/update API: >> https://bugzilla.mozilla.org/show_bug.cgi?id=790558 >> >> Thanks! >> Lucas. > > _______________________________________________ > dev-b2g mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-b2g ________________________________ Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at: http://www.tid.es/ES/PAGINAS/disclaimer.aspx _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
