Security/Sandbox/2015-06-04

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »

Windows

  • Content Sandboxing
    • bug 1166669 - content process-level mitigations - landed, email sent to dev-platform
    • Investigate whether any of the new process-level mitigations are relevant for the chrome process.
  • NPAPI Sandboxing
    • bug 1123759 - low integrity NPAPI sandbox (level 2+) - landed
    • bug 1165903 - low integrity NPAPI causes 0,0 positioning bug - up for review
    • bug 1165895 - low integrity NPAPI sandbox causes some crash reporting tests to fail - up for review
    • Uplift to Aurora 40 because Firefox Win64 will ship with 40.
    • Ask Adobe to run their test Aurora 40.
  • Other Windows Work
    • GameGuard said they are working on a fix for the sandbox start-up conflict

Linux/B2G

  • The seccomp-bpf PolicyCompiler patches (bug 1055310) can probably land…
    • …but I found bug 1168555 and bug 1169726 while checking out my Try run.
      • (B2G intermittents from bug 1151607 possibly combined with some regression not yet found, plus the usual thing where the parent process is insufficiently robust about error cases)

Cross Platform

  • WebRTC/OpenH264 Sandboxing
    • Rewrote IPC to be async
    • Moved all IO to dedicated threads, all device enumeration to dedicated threads
    • Looking for a shutdown hang
  • e10s ship plan:
    • Aurora 40 = opt-in
    • Aurora 41 = opt-out
    • Beta 41 = opt-in
    • Beta 42 = opt-out and go/no decision