Security/Sandbox/2017-01-19

« previous week | index | next week »

haik

• bug 1329294 - Windows content temp dir not in LocalLow when run on treeherder
  • Problem is just occurring on win64 tests, the LocalLow\Mozilla directory is present when problem occurs, still debugging
• Researching web extensions (AI from Hawaii meeting)
• bug 1332190 - [Mac] Remove file system read access from content sandbox when separate file process in use

bobowen

• bug 1321724 - [e10s] Local HTML cannot be opened in Firefox 50
  • Reporter has tested the fix, waiting for feedback on fix.
• bug 1317293 - Add remote type match check to nsFrameLoader::SwapWithOtherRemoteLoader
  • This check appears to work now, so should be able to land soon.
• bug 1317921 - Handle nested file URIs with the file content process
  • I think we just need to use the innermost URI for this check.
• bug 1327942 - Browser can't load the page (urlbar and title twitch between 2 values) if it tries to access renamed local file
  • Down to us not allowing the error page in the file content process.
  • Patch ready, need to write a test.
• bug 1328829 - Can not open a local HTML file in a view-source tab
  • We were keeping the related browser when switching remote type, which means the switch doesn't work.
  • Patch ready, need to write a test.
• bug 1152353 - FX 37.0.1 Printer Properties Freeze
  • potential fix for this didn't work, need to look into what Windows messages are getting lost.
• bug 1242463 - Create some basic printing tests.
  • Some progress on this, need to add more C++ helpers than I thought as JS can't deal with DataSourceSurface.

gcp

• bug 1330326 Make sandboxing policy more configurable via preferences
• bug 1329216 crash on "print" in print dialog
• X protocol proxy - I have a name but feel free to suggest something witty/clever

tedd

• bug 1329216 - crash on 'print' dialog
  • identified the issue, working on patch

jld

• bug 1286865 - seccomp reporting
  • Have core, XPCOM glue, and about:support UI
  • Could use some comments / cleanup, but basically f?-ready at least. (Unit tests would be nice….)
  • Open questions: how to set up Telemetry, whether I can get info into crash reports
  • Feature suggestion from jimm: add timestamps.
• Need to do reviews for bug 1330326 (sandbox whitelist prefs) and bug 1331297 (IPC libevent upgrade)

handyman

• bug 1284897 - 64 bit Flash Player has storage permissions issues
  • wip
• bug 1329328 - 64-bit Firefox on Win10 - Flash Downloads result in OS Permission errors
  • related to 1284897. We asked Adobe to be explicit about how they name tmp files so we can white-list

their creation/read/write/deletion on Windows.

• bug 1312788 - Add console warning and telemetry if service workers are used in the file content process
  • landed
• bug 1306239 - Add pref to toggle OS X sandbox violation debugging, default on
  • landed

round table

• Firefox 52 will be in pwn2own this year
  • Windows and OSX are the targets
  • 64-bit apps and operating system
  • http://blog.trendmicro.com/pwn2own-returns-for-2017-to-celebrate-10-years-of-exploits/
  • http://zerodayinitiative.com/Pwn2Own2017Rules.html