Changes

====Build a Library of Inclusion Best Practices and Case Studies====

Your work sample should be a short written case study of a program or project you have done as a volunteer or as a new employee, technical or non, and should describe exactly how this program or project included you and failed to include you. Specific examples, connections to research, and detail are appreciated. It should be a several paragraph document. ==== User Impact of XSS Filters within Web Browsers ====* Mentors: [https://mozillians.org/en-US/u/ckerschbaumer/ Christoph Kerschbaumer] & [https://mozillians.org/en-US/u/freddyb/ Frederik Braun] Cross Site Scripting (XSS) consistently ranks highest in the list of the most prevalent software vulnerabilities.Using XSS, hackers can gain access to confidential user data and conduct transactions on behalf of the user.Many browsers provide a built-in XSS filter to protect the majority of users from XSS issues. Such heuristic based filters also trigger false positives. This may downgrade a user's experience on a benign site. Even worse, such filters might even introduce new vulnerabilities.  To the end of the project we expect you to * implement an XSS filter within Firefox* measure user impact based on false positive rate* measure performance* co-produce a white paper with the mentors that summarizes the outcome of this project.* (Pro Tip: This might qualify as a term paper or even grow into a thesis for your studies).  How you can prepare for the program: * Familiarize yourself with the problem by reading literature on XSS-Filters: Introduction of the Chrome/Webkit filter called XSS Auditor in "Regular expressions considered harmful in client-side XSS filters" Security vulnerabilities introduced though XSS filters in IE8: https://blog.c22.cc/2010/04/15/blackhat-europe-universal-xss-via-ie8s-xss-filters-2/ Bypassing XSS filters: (http://www.thespanner.co.uk/2015/02/10/xss-auditor-bypass/, http://brutelogic.com.br/blog/chrome-xss-bypass/)* Familiarize yourself with the state of the art of implementing an XSS filter: Browse the source code of NoScript, XSSAuditor in WebKit, or also the source of Internet Explorer (which can be inspected by looking into mshtml.dll) Compare approaches of these filters to answer questions like: where do their approaches overlap, which differences exist in their threat models, etc.* Prepare yourself for implementing a filter within Firefox: Outline the advantages and disadvantages of existing approaches Sketch out details for the actual implementation  We would be thrilled if you have a * a deep understanding of Web Security and XSS* a fundamental understanding of browser architecture (c) solid experience in developing C/C++ applications* the ability to work with a geographically distributed development team* experience in learning, building and being effective with a large code base  We at Mozilla Security Engineering give you the opportunity to improve Firefox. We are an equal opportunity employer and value diversity. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.