SecurityEngineering/Projects
From MozillaWiki
This is a list of projects that we could use some help with. If you're interested in pitching in and making the web a safer place, these are great ways to start.
For information about the Mozilla Mentorship program, please see Security/Mentorship.
Coding/Gecko projects
Project Name | Contact | Details |
---|---|---|
Wordpress CSP Plugin | Sid Stamm | We need to update it for CSP 1.0 (W3C spec) |
Mixed Content Dev Tools | Tanvi Vyas | ?? |
Security Report devtool | Tanvi Vyas | See also bug 781147 |
Auto-Fix SSL errors | ?? | Identify and implement autocorrection for things like system time errors, server redirects to HTTPS, etc. |
Cookie Tagging | Mark Goodwin | Build plumbing to tag cookies allowing selection and deletion of cookies by tag type (and other things). See also bug 792986 |
CSP 1.1: path support | Sid Stamm | Implement paths for sources in CSP. See bug 808292. |
CSP 1.1: Sandbox support | Sid Stamm | Implement sandbox directive for CSP. See bug 671389. |
CSP 1.1: Prototype script-hash or script-nonce to help the development of the spec | Ian Melven | Prototype the proposed experimental script-hash and/or script-nonce directives for CSP and share insights with WebAppSec WG |
CSP UI Safety : frame-options | Ian Melven | Take the existing frame-ancestors code and adapt it to the proposed CSP UI Safety frame-options directive See bug 846978 |
Certificate Manager for B2G | ?? | Allow adding/removal of certs in B2G |
Client Cert support in Fx Android | ?? | |
Certificate manager for Fx Android | ?? |
Data Gathering projects
Project Name | Contact | Details |
---|---|---|
HSTS preload list crawler | David Keeler | |
HTTPS by default | Brian Smith | For addressbar entries, assume https and fallback to http. Does it work? Need to study its effects. |
Cert error reporting | ?? | See also bug 707275. This would create a mechanism for users to take action that would send cert chains and error info to Mozilla. |
Fast profile switcher | Monica Chew | Prototype for seeing how users interact with it. |
WebApp CSP generator | ?? | Tool for generating CSPs for packaged web apps |
Remove UserPass support from nsIURI | ?? | We need to understand the affect of removing userpass support from our URIs in Firefox. |