Security/B2G/2013 2 6

From MozillaWiki
< Security‎ | B2G
Jump to: navigation, search

FirefoxOS Security Team Meeting

1pm PST, B2G Vidyo room Prior notes are here: https://wiki.mozilla.org/Security/B2G/Jan_29_2013

News

Upcoming features:

Current/upcoming Reviews

High Priority:

  • Browser API - Pauljt, WIP
  • Tethering - anyone have time to look at this? dchan
  • Gaia: Document a combined review/close these out somehow?
  • Web Activities (including system activities) - document and close out. pauljt

Goal Status Updates

1. FirefoxOS related security reviews (owner: pauljt)

  • Gecko: 18 bugs remaining:

https://bugzilla.mozilla.org/showdependencytree.cgi?id=754730&maxdepth=1&hide_resolved=1

  • Gaia: 14 bug remaining:

https://bugzilla.mozilla.org/showdependencytree.cgi?id=748190&maxdepth=1&hide_resolved=1

2. Document Firefox OS Security (owner: dchan)

Draft Plan: https://security.etherpad.mozilla.org/MDN-Firefox-OS

3. Develop and land tests for security features (owner: dchan)

No updates

4.Engage communities & third-parties for Firefox OS security review and testing (owner: pauljt)

Draft Plan: https://etherpad.mozilla.org/foxhunt

5. Drive OS-layer security improvement (owner: kang)

No updates. Opsec marketplace taking prio til completed.

6. Secure app developer/reviewer guidelines/tools (owner: rforbes)

Other Items

  • Automate XSS fuzzing - mgoodwin to investigate

freddy jumping in to static analysis stuff to rewrite potentially insecure calls (e.g. innerHTML)