SecurityEngineering/MeetingNotes/11-29-12

From MozillaWiki
Jump to: navigation, search

Standing Agenda

  • Q4 Goals Recap
  • Review currently active (P1) features against their established milestones, identify any blockers - Security/Roadmap + Privacy/Roadmap
  • Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
  • Suggest additions or changes to roadmaps
  • Detailed discussion of features or outstanding issues as time permits
  • Additional Items
  • Upcoming events, OOO/travel, etc.

Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/11-15-12

Q4 Goals

  • [ON TRACK] Land CSP 1.0
  • [ON TRACK] Deliver integrated Payments and ID for B2G
  • [DONE] Host security community event (public brownbag on 11/13)

Tainting - DOM XSS

  • Paul and Raymond are exploring the idea of using taint in the JS engine to detect DOM XSS
  • DOMinator is an existing addon that does this but only works in Firefox 4 - it's now a commercial tool
  • Performance not an issue because its something a user/developer would turn on while testing.

2013 team strategy