Security/B2G/2013 4 17

FirefoxOS Security Team Meeting

1pm PST, B2G Vidyo room Prior notes are here: https://wiki.mozilla.org/Security/B2G/2013_2_20

News

webrtc - webnfc landing

• cr started https://developer.mozilla.org/en-US/docs/Apps/Security_guidelines

   Based on Paul's Google Doc

   Don't copy&paste from Google Docs to MDN. Use text export and then re-format, else: hell.

• cr started collecting Market architecture information (rforbes, kang, oremj, more...)
• Just a tool: https://github.com/cr/mozbuild

Current/upcoming Reviews

Goal Status Updates

• FirefoxOS related security reviews

- webnfc - webrtc - working on Q2 plan list - kitchensink app - introduce secure pattern

• Develop and land tests for security features

- still working on tests -- freddy updated paul's allperms app in late Q1: https://github.com/freddyb/allperms (audio permissions missing?) - API being updated -- https://bugzilla.mozilla.org/show_bug.cgi?id=859554 - FOR FUTURE REVIEWS: ensure remoting is in place - ensure ipdl - for js APIs use ppmm & cpmm -

• Bug Bounty defined and ready to launch

- No update

• Create Firefox OS Security Feature Tracking & Prioritization

-

• Compile Firefox OS issue register

- no update

• Continue to document Firefox OS Security
• Document Update schedule & incident response procedure
• Firefox OS Sandboxing

   https://docs.google.com/a/mozilla.com/document/d/1U-q5Imm9TjDsoEFzByR_ctFV1Z0MIaQuknfy8rvxeMQ

   https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AhL62r-99fkxdHRRZ1pjUTBKeFhHYU5RM2pRcVZSTXc