Security/Sandbox/2015-12-03

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

Windows

  • Content Sandboxing
    • bug 1156742 - print to xps with low integrity sandbox - three patches left needing review, two with changes that I've discussed with Bas already and one that I'm not sure if he has looked at yet.
    • bug 1173371 - Web page is not shown when launching Firefox from network drive on Windows - because of issues with a full update (bug 1228604) of the chromium code, it looks like I'll have to take the fix I need for this in isolation. Then I can look into the other changes it will require.
    • bug 1189846 - Print Edit 15.10 add-on no longer works with e10s and sandboxing enabled - need to look into adding some way of initiating the print from the parent with settings that we can add a RemotePrintJob into.
    • bug 1217185 - e10s video performance is very bad - looks like this is being caused by USER_INTERACTIVE of JOB_INTERACTIVE, investigating further.
    • bug 1229829 - Use an alternate desktop for the Windows content sandbox by default - ready to land waiting until I've found out more about bug 1217185.
  • GMP Sandboxing
    • bug 1229516 - CDM host is unable to load Adobe CDM on Windows XP - couldn't get clearkey to load even without sandbox. openh264 GMP works fine ... needinfoed cpearce to get testing details.
  • NPAPI Sandboxing
    • bug 1228880 - Firefox started via runas on Windows will not run Adobe Flash - haven't looked at this yet.
    • bug 1198368 - [e10s] [ADBE 4044716] Playing Amazon Instant Video using Flash in NPAPI sandbox hangs the chrome process - cpeterson only saw this on Amazon and they have stopped using flash, so he closed it.
  • Other Windows Work
    • bug 1229804 - Incorrect string length specified in Windows sandbox logging - cpearce was hitting a crash caused by this. Fix has landed.
    • bug 1229402 - Investigate if we can block loading random DLLs into our address space like Edge is doing now - someone from Microsoft indicated that this was using something that is available using a mitigation in the sandbox. Very brief initial testing seems to be OK with this turned on for all three child process types.


Cross Platform

  • WebRTC/OpenH264 Sandboxing
    • Juggling various WebRTC shutdown patch stacks
    • Bug 1227407 - Obscure shutdown race
    • Bug 1228788 - Bugs in Mac QT shutdown
    • Will uplift everything to 44 (43 might be kinda dicey)
  • Chromium Sandbox Code
    • bug 1228604 - New update to Chromium - problems on B2G sorted, but there is an issue on our Windows build servers with an internal compiler error. This requires and update to VC2013 and I'm not sure how long that is going to take. Need to investigate how difficult it will be to work around this.