Security/B2G/2013 12 17
From MozillaWiki
Contents
FirefoxOS Security Team Meeting
1pm PST, B2G Vidyo room Prior notes are here: https://wiki.mozilla.org/Security/B2G/2013_11_26
Agenda Items
- [cr] FxOS Crypto Concept evolving: https://docs.google.com/a/mozilla.com/document/d/13dnmH4OsJc0ItMa0Z21VJcYJBK6kIb1om4B-DJk7N2E
- feel free to add responsibilities and folks who work on things as you are aware of
- https://github.com/Netflix/NfWebCrypto
- tie to desireable features that require crypto functionality to motivate development efforts
- [cr] FxOS Malware Incident Response evolving at https://docs.google.com/a/mozilla.com/document/d/13V4si7tlAI5KMfYEzum1of9UizRgyqItDYdiVhXhvsM
- feel free to add comments and responsibilities you're aware of
- please add concrete incidents that you can think of
- web crypto
[kang] https://wiki.mozilla.org/Security/Sandbox [kang] https://docs.google.com/a/mozilla.com/document/d/1PFzcs4JH61vqR0lHv0PMQOIGn3NyhQSUAMSlAJm3T9Y/edit [arroway]
- sec-review process: make the information more visible for the developers on the wiki
- follow up on fixing reported security bugs: block the following bug to raise attention on a specific security bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=876396
- Goals
Add your goals here: https://docs.google.com/a/mozilla.com/document/d/149yh9-_TPaKJosMKQXY8tKBkswlzNIc4bV3yAQix7GY/edit
Previous Action Items
- [PT] to talk to mvines to check on status of sandbox flags
- [PT] talk to QA on getting patch from QA to OEMs
- [GD] Testing sandboxing guide, updating wiki etc.
New Action Items
- [cr] prepare for 3-week vacation, returning on Jan, 13th
- [cr] polish crypto concept draft and send RFC to b2g-internal
- [pt] update wiki sec review
Goal Status Updates
Other stuff
- xss bookmarklet, http://mozfreddyb.github.io/escape-artist/xss_blookmarklet.html