In the interest of raising visibility of security review within the project, I'm going to start sending weekly updates. Details of recently completed and in progress secreviews are below.
Any questions/comments/suggestions, please get in touch with me, and/or review lead. ==Completed this week== Target: Web NFC API Documentation: https://wiki.mozilla.org/Security/Reviews/B2G/WebNFC Recommendations: * Ensure data from content is validated (wrappers can help with this) (bug 913336) * Use webIDL (as per https://bugzilla.mozilla.org/show_bug.cgi?id=674741#c199) * Ignore messages from apps which aren't currently chosen for using NFC API (bug 913340) * Further analysis required in future. Especially final gecko code, and also of web activities that will be used by final production NFC app Target: Voicemail Support Documentation: https://wiki.mozilla.org/Security/Reviews/Gaia/Voicemail Recommendations: * no issues identified Target: SMS App re-review (MMS focus) Documentation: https://wiki.mozilla.org/Security/Reviews/Gaia/sms Recommendations: * Bug 912885 == Currently In Progress== Audio Recording (Microphone API)- 861130 3rd party keyboard support - 751009 MMS API - 864859 Browser App Re-review - bug TBD - Paul
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
