SecurityEngineering/MeetingNotes/06-14-12

From MozillaWiki
Jump to: navigation, search

Standing Agenda

  • Review currently active (P1) features against their established milestones, identify any blockers - Security/Roadmap + Privacy/Roadmap
  • Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
  • Suggest additions or changes to roadmaps
  • Detailed discussion of features or outstanding issues as time permits
  • Upcoming events, OOO/travel, etc.

Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/06-07-12

Security Roadmap

Any blockers, significant developments, questions/input from team?

  • CA Pinning - not using permissions manager and we may need to build something else. Perhaps cert override service or something like that. Target is still FF 17.
  • Click-to-play - blocked on UI design, nsObjectLoadingContent undergoing changes, main click-to-play patch under review
  • iframe sandbox - will do another pass on review feedback etc tomorrow, still trying for FF16 if possible.
  • low rights Firefox - addon compatibility is the biggest issue - need to get a POC up and try to determine amount of breakage - need to sync up with addon folks and see if we can find out how many addons expect arbitrary filesystem/registry access and to be able to launch new processes.
  • Highlight Cleartext passwords - data needs validating; user research surveys need to be done. But working on other bugs instead to alert about security issues in Web Console -

https://bugzilla.mozilla.org/show_bug.cgi?id=737873 - blocks Mixed Content feature https://bugzilla.mozilla.org/show_bug.cgi?id=762593 - blocks this feature

Privacy Roadmap

No news is good news.

Additional Items

there's a consensus that we prefer 1 over 2.

  • script vs display. What do you guys think?
    • Mixed script: TYPE_SCRIPT, TYPE_XMLHTTPREQUEST, TYPE_STYLESHEET, TYPE_OBJECT, TYPE_SUBDOCMENT, TYPE_WEBSOCKET
    • Mixed display: TYPE_IMAGE, TYPE_SUBDOCUMENT, TYPE_PING, TYPE_FONT, TYPE_MEDIA, TYPE_WEBSOCKET
    • Necko already blocks mixed websockets, so that case is probably redundant, but I didn't want people to wonder why it wasn't explicitly handled. websockets belong w/XHR. So does "Event Source"
    • Some load types, like TYPE_XBL and TYPE_REFRESH, didn't appear to make sense in this context, so I ignored them
    • TYPE_SUBDOCUMENT - should be MixedScript because it could contain references to scripts and contains inline scripts.
    • TYPE_WEBSOCKET - should be MixedScript. same as xhr.
    • TYPE_FONT - Fonts may have scripting in them, but they aren't run in page. So okay as mixed display.
    • TYPE_PING - if put ping in <a> tags. Can't talk to the page, etc.

Network error: http://screencast.com/t/GincXyxP5 Certificate error: http://screencast.com/t/Xi4A8Oh2iFOq Phishing attack: http://screencast.com/t/4WzmjcH3 Malware attack: http://screencast.com/t/dB3grMJbw