Security/B2G/2013 12 17

FirefoxOS Security Team Meeting

1pm PST, B2G Vidyo room Prior notes are here: https://wiki.mozilla.org/Security/B2G/2013_11_26

Agenda Items

• [cr] FxOS Crypto Concept evolving: https://docs.google.com/a/mozilla.com/document/d/13dnmH4OsJc0ItMa0Z21VJcYJBK6kIb1om4B-DJk7N2E
  • feel free to add responsibilities and folks who work on things as you are aware of
  • https://github.com/Netflix/NfWebCrypto
  • tie to desireable features that require crypto functionality to motivate development efforts
• [cr] FxOS Malware Incident Response evolving at https://docs.google.com/a/mozilla.com/document/d/13V4si7tlAI5KMfYEzum1of9UizRgyqItDYdiVhXhvsM
  • feel free to add comments and responsibilities you're aware of
  • please add concrete incidents that you can think of
• web crypto
  • https://bugzilla.mozilla.org/show_bug.cgi?id=865789

[kang] https://wiki.mozilla.org/Security/Sandbox [kang] https://docs.google.com/a/mozilla.com/document/d/1PFzcs4JH61vqR0lHv0PMQOIGn3NyhQSUAMSlAJm3T9Y/edit [arroway]

• sec-review process: make the information more visible for the developers on the wiki
• follow up on fixing reported security bugs: block the following bug to raise attention on a specific security bug:

https://bugzilla.mozilla.org/show_bug.cgi?id=876396

• Goals

Add your goals here: https://docs.google.com/a/mozilla.com/document/d/149yh9-_TPaKJosMKQXY8tKBkswlzNIc4bV3yAQix7GY/edit

Previous Action Items

• [PT] to talk to mvines to check on status of sandbox flags
• [PT] talk to QA on getting patch from QA to OEMs
• [GD] Testing sandboxing guide, updating wiki etc.

New Action Items

• [cr] prepare for 3-week vacation, returning on Jan, 13th
• [cr] polish crypto concept draft and send RFC to b2g-internal
• [pt] update wiki sec review

Goal Status Updates

Other stuff

• xss bookmarklet, http://mozfreddyb.github.io/escape-artist/xss_blookmarklet.html