Security/B2G/2013 13 5

FirefoxOS Security Team Meeting

1pm PST, B2G Vidyo room Prior notes are here: https://wiki.mozilla.org/Security/B2G/2013_6_5

News

   v1.1hd 

   Target device: WVGA (480x800 device px) device with

   device-pixel-ratio=1.5 (320x533 CSS px).

   Timeframe: ~6 weeks from now

   [cr] Checkmarx talks ongoing, might be valuable addition to Firefox Marketplace, but none other

   [cr] TrustZone interesting opportunities with T-Labs (Prof. Seifert) - discussions ongoing with DT around trust zone possibility

   [pt] apps on sdcard - see b2g thread & https://wiki.mozilla.org/Security/Reviews/AppsOnSDcard

Weekly goals

Last Week: Current: [dc] - mozapp iframe 751026 [dc] - tethinerg 776502

Goal Status Updates

FirefoxOS related security reviews (pauljt)

• Q2 Review target: https://wiki.mozilla.org/Security/B2G/Reviews

Develop and land tests for security features (dchan)

n/a

Bug Bounty defined and ready to launch (freddyb)

[fb] feedback recvd and there was a chat between dveditz and brendan (nothing critical, mostly wording suggestions)

Compile Firefox OS issue register (pauljt)

adding bnug

Continue to document Firefox OS Security (pauljt)

no update

Document Update schedule & incident response procedure (pauljt)

no update

Firefox OS Sandboxing (kang)

   attempting to land still :p

   reviews for patch are supposed to come this week

   also waiting for l3 access to commit it myself

   webgl/dt

Malware Defense (cr)

   Involved dbialer in the meta-market approach to multimarket: he likes the idea.

   We might be able to get phone-specific and cryptographically relevant key data from the SIM cards. Seifert wants to deliver info. (anthony jones has mentioned this already on b2g-dev)