User:Curtisk
From MozillaWiki
| Feature | Priority | Target Release | Security lead | Security notes | Roadmap |
| B2G App Security and Privacy Model | P1 | B2G 1.0 | Paul Theriault | bug 744915 | Security |
| Mixed Content Blocker | P1 | Firefox 23 | Dan Veditz | ` | Security |
| SSL Error Reporting | P1 | ` | ` | ` | Security |
| Revamp Security Hooks | P1 | ` | Tanvi Vyas | ` | Security |
| OCSP Stapling | P1 | Firefox 25 | Curtis Koenig | ` | Security |
| HTTPS (SSL) Google Search | P1 | Firefox 14 | Curtis Koenig | ` | Security |
| Click-to-Play Part II | P1 | Firefox 17 | David Chan (dchan) | ` | Security |
| Iframe Sandbox | P1 | Firefox 17 | Curtis Koenig | ` | Security |
| Application Reputation | P1 | ` | ` | ` | Security |
| Sandboxing of content processes | P1 | ` | Guillaume Destuynder | ` | Security |
| HSTS Preload List | P1 | Firefox 17 | ` | ` | Security |
| Opt-in activation for plugins | P1 | Firefox 16 | David Chan (dchan) | assigned to dchan | Security |
| CA Pinning | P1 | ` | Curtis Koenig | ` | Security |
| OCSP Must-Staple | P2 | ` | ` | ` | Security |
| Highlight Cleartext Passwords | P2 | ` | ` | ` | Security |
| CA Policy Constraint Checking in Code | P2 | ` | ` | ` | Security |
| CSP 1.0 Support | P2 | Firefox 25 | ` | ` | Security |
| Stub Installer and UI update | P2 | ` | ` | ` | Firefox Desktop |
| TLS 1.2 support | P2 | Firefox 28 | Sid Stamm | ` | Security |
| Disallow Weak RSA Keys | P2 | ` | ` | ` | Security |
| TLS Telemetry | P2 | Firefox 26 | David Chan | ` | Security |
| Browser CRL | P2 | ` | Curtis Koenig | ` | Security |
| Cert Blocklist via Update Ping | P2 | ` | Curtis Koenig | ` | Security |
| Web Cryptography API | P2 | ` | ` | ` | Security |
| Intranet CSRF Blocker | P2 | ` | ` | ` | Security |
| Sign into the browser | P2 | ` | ` | bug 744948 | Mozilla Identity |
| XSS Filter | P3 | ` | Curtis Koenig | Needs a 2nd review meeting | Security |
| Create API for add-ons and components that provides check-point between TLS/SSL handshake and HTTP request | P3 | ` | ` | ` | Security |
| Better Cert Error/Warning Pages | P3 | ` | ` | ` | Security |
| Same Domain Cookies | P3 | Firefox 20 | ` | should be floated as spec | Security |
| Apply CSP to Chrome Pages | P3 | ` | ` | ` | Security |
| CSP Sandbox | P3 | ` | Daniel Veditz | ` | Security |
| Active Distrust of CAs | P3 | ` | Curtis Koenig | ` | Security |
| Add Security Features to Developer Tools | P3 | ` | ` | ` | Security |
| Low-rights Firefox (whole process sandbox) | P3 | ` | ` | ` | Security |
| allow-popups (part of iframe sandbox) | P3 | Firefox 27 | Sid Stamm | ` | Security |
| Subresource Integrity | P3 | ` | ` | ` | Security |
| Security UI / UX Experiments | Unprioritized | ` | Tanvi Yvas | ` | ` |
| Security Improvements to Password Manager | Unprioritized | ` | Tanvi Vyas | ` | Security |
| Certificate Suspicion | Unprioritized | ` | Curtis Koenig | ` | Security |
| DOMCrypt Internal API | Unprioritized | N/A | Brian Smith | we want to have bsmith look at this | Security |
| Help users understand which bits are unencrypted | Unprioritized | ` | ` | ` | Security |
| Improved plugin installation and management experience | Unprioritized | ` | ` | ` | Plugin Interactions |
| DOMCryptAPI (a Crypto API in the DOM) | Unprioritized | ` | Brian Smith | bug 744938 | Security |
| DNSSEC-TLS | Unprioritized | ` | ` | ` | Platform |
| Confidentiality Directive (CSP) | Unprioritized | ` | ` | ` | Security |
