Security/Sandbox/2015-03-26

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »

Standup/Status

Windows

  • bug 1147446 - memory leak in windows chromium sandbox IPC code - landed, will ask for uplift to Fx38

Linux/B2G

  • Content Sandboxing
    • It's been a whole week without any new “whitelist this syscall for Lollipop” bugs, and the existing ones have landed, so maybe that's done?
    • bug 1146416
  • Other work
    • assorted <input type="file"> issues.

Mac

Chromium

Round Table

  • In bug 1146298, Gabor and bholley suggest someone create a guide of security gotchas for add-on developers and reviewers. Who should own this: the sandboxing team or e10s team?
    • bholley also recommends we invest time hardening the IPC and Message Manager code.
      • There has been some work on IPC fuzzing; the usual problems with people not knowing what other people are working on apply.
  • bug 1147911 - file:// URLs in a separate content process.

Actions

  • cpeterson to follow up with Jorge about add-on review for security issues.