Security/Sandbox/2016-12-22

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

2016-12-22

haik

  • bug 1309394 - Introduce automated tests to validate content process sandboxing works as intended
    • Got review feedback from Bob to work on
  • bug 1322370 - Disable camera access in the Mac content sandbox
    • Got a test semi-working to validate camera access no longer works
    • Out for review
  • bug 1322716 - GMP Security bug
    • Out for review

bobowen

  • bug 1273372 - [EME] Crash in mozilla::gmp::GMPChild::ProcessingError - (Applocker)
    • on inbound
  • bug 1321020 - When you open a new file content tab from the file content process the wrong remote type gets set.
    • patches r+ - just need to addresses test review comments before landing
  • bug 1324908 - [e10s] OS X printing related crashes in CoreGraphics@0x regressing in Firefox 51
    • looked like it might be down to bug 1308259, but it's not so clear now
    • I can reproduce a similar crash on beta, but not when built locally or on try
  • bug 1321522 - Crash in mozilla::gfx::RecordedScaledFontCreation::PlayEvent
    • uplifted to beta
  • bug 1321256 - Run firefox 50 from a network drive (not working anymore)
    • uplifted to beta

handyman

  • bug 1323750 - Flash Stage3D fails on youngjump.jp in 64-bit Firefox
    • wmode=direct doesn't work with async painting
    • 64-bit blocker
  • bug 1185472 - Only allow NPAPI HWNDs to be adopted by an HWND in the chrome process
    • Ready to land
  • bug 1284897 - 64 bit Flash Player has storage permissions issues
    • addressing reviews
  • bug 1321493 - NPAPI sandbox is blocking Flash SecureSocket from using Windows certificate APIs on Win64
    • Scope of API usage in Flash is not fully known. cpeterson proposes we just break it.
    • 64-bit blocker
    • Jimm to ask adobe for information on how they broker these calls in 32-bit
  • bug 1306239 - Add pref to toggle OS X sandbox violation debugging, default off
    • Just started
  • bug 1312788 - Add console warning and telemetry if service workers are used in the file content process
    • Ready for review

jld

  • bug 1322506 - the WebRTC network thing; investigated and commented; now we have needinfo
  • bug 1325242 - the nsProtocolProxyService bug; investigated and filed
    • Should we try to work around the gconf/utime crashes somehow?

tedd

round table

  • Move meeting forward an hour, so it's not at 8 AM in US/Pacific?
    • No, that would move it from 5 PM to 6 PM in Central Europe.
  • Linux and existing connections to local services (dbus, etc.) besides X11 — do we have a bug for auditing this?
    • Some of this might vary by distribution (gconf vs. dconf, ???)
    • Resolved: don't have a bug; jld will file
  • fonts in printing
Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Sandbox/2016-12-22&oldid=1159232"