SecurityEngineering/2015/Q2Goals

From MozillaWiki
Jump to: navigation, search


Content Security

  • [NEW] Prototype for insecure password warnings on Firefox Dev Edition. (dri=tanvi)
  • [NEW] Finalize and then implement HTTP/HTTPS policy for password manager. (dri=tanvi)
  • [NEW] Set appropriate loadingPrincipal and triggeringPrincipal in docshell. (dri=tanvi)
  • [NEW] REVAMP: Add AsyncOpen2 to nsIChannel and start moving security checks. (dri=ckerschb)
  • [NEW] CSP: Implement CSP directive: upgrade if insecure. (dri=ckerschb)
  • [NEW] Support for "potentially unwanted software" URLs in Safe Browsing (dri=francois)

Privacy/Tracking Protection

  • [NEW] Provide Platform support for tracking protection (dri=francois)
  • [NEW] Referrer: Default referrer and referrer overrides. (dri=sworkman/sid)

Addon Security

  • Mechanism for enforcing signed-by-AMO addons.

Communications Security

  • [NEW] Remove revocation checks for short-lived certificates (dri=jcjones)
  • [NEW] Apply "strict mode + fallback" measurement methodology to EKU, SHA-1 (dri=dkeeler)
  • [NEW] Establish a plan for a consolidated mechanism for pushing security policy state (dri=mgoodwin)
  • [NEW] Establish a plan for Certificate Transparency (dri=dkeeler)
  • [NEW] Support for CA-provided intermediate cert info in SalesForce (including revocation info) (dri=kwilson)
  • [NEW] WebCrypto hardware-backed keys (dri=rbarnes)

Security QE

  • [NEW] Password Manager (dri=kamil)
  • [NEW] meta referrer (dri=kamil)
  • [NEW] Safe browsing (dri=mwobensmith)
    • Run existing tests and update as needed
    • Execute test coverage with multiple blocklists
  • [NEW] Tracking protection (dri=mwobensmith)
    • Test and help ship feature
    • Test plan and relevent test cases/automation
    • Community test involvement
Retrieved from "https://wiki.mozilla.org/index.php?title=SecurityEngineering/2015/Q2Goals&oldid=1068388"