Security/B2G/2013 2 6
From MozillaWiki
Contents
- 1 FirefoxOS Security Team Meeting
- 1.1 News
- 1.2 Current/upcoming Reviews
- 1.3 Goal Status Updates
- 1.3.1 1. FirefoxOS related security reviews (owner: pauljt)
- 1.3.2 2. Document Firefox OS Security (owner: dchan)
- 1.3.3 3. Develop and land tests for security features (owner: dchan)
- 1.3.4 4.Engage communities & third-parties for Firefox OS security review and testing (owner: pauljt)
- 1.3.5 5. Drive OS-layer security improvement (owner: kang)
- 1.3.6 6. Secure app developer/reviewer guidelines/tools (owner: rforbes)
- 1.4 Other Items
FirefoxOS Security Team Meeting
1pm PST, B2G Vidyo room Prior notes are here: https://wiki.mozilla.org/Security/B2G/Jan_29_2013
News
- Captive Portal is being deveoped: https://bugzilla.mozilla.org/show_bug.cgi?id=834122 This will need a secreview.
- adb & console have been disabled by default (some fallout continues, but at least it seems more secure now)
- https://bugzilla.mozilla.org/show_bug.cgi?id=838308 < mozkeyboard
Upcoming features:
Current/upcoming Reviews
- Simple Push Notifications 13th, 1pm PST
- App Review Process (tomorrow's secreview slot, 1pm?)
- https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0Ap-jgPe0UrMhdE9SMm5xNzBwTk13UHBCcUdQazNUQ1E#gid=0
High Priority:
- Browser API - Pauljt, WIP
- Tethering - anyone have time to look at this? dchan
- Gaia: Document a combined review/close these out somehow?
- Web Activities (including system activities) - document and close out. pauljt
Goal Status Updates
- Gecko: 18 bugs remaining:
https://bugzilla.mozilla.org/showdependencytree.cgi?id=754730&maxdepth=1&hide_resolved=1
- Gaia: 14 bug remaining:
https://bugzilla.mozilla.org/showdependencytree.cgi?id=748190&maxdepth=1&hide_resolved=1
2. Document Firefox OS Security (owner: dchan)
Draft Plan: https://security.etherpad.mozilla.org/MDN-Firefox-OS
3. Develop and land tests for security features (owner: dchan)
No updates
4.Engage communities & third-parties for Firefox OS security review and testing (owner: pauljt)
Draft Plan: https://etherpad.mozilla.org/foxhunt
5. Drive OS-layer security improvement (owner: kang)
No updates. Opsec marketplace taking prio til completed.
6. Secure app developer/reviewer guidelines/tools (owner: rforbes)
Other Items
- Automate XSS fuzzing - mgoodwin to investigate
freddy jumping in to static analysis stuff to rewrite potentially insecure calls (e.g. innerHTML)