Security/Sandbox/2015-08-13

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

Windows

  • Content Sandboxing
    • bug 1156742 - print to xps with low integrity sandbox - been investigating calls to existing gfxWindowsSurface during printing. Also looking at Chromium code in a bit more detail, I now believe that they are using separate EMF per page and the comments about faking this using GDI comments are just legacy. Started work on a new gfxEMFPrintingSurface class.
  • NPAPI Sandboxing
    • bug 1185529 - Flash AS2 Key.isDown recently broken - landed, uplift to Beta requested.
    • bug 1182411 - Flash settings menu doesn't work on windowless plugins with low integrity sandbox - landed, need to request uplift.
    • bug 1185532 - Turn on the NPAPI process sandbox for Windows 64-bit by default - up for review. Decided to stop the level being lowered by a hardcoded check, where the pref is read. This can be turned off using env var MOZ_ALLOW_WEAKER_SANDBOX.
  • Other Windows Work
    • bug 1139497 - GameGuard - Tested their fix, which seemed to work but with some problems that went away after re-installing Firefox.

Linux/B2G

  • Other Linux Work
    • seccomp tsync support (bug 1004011)
      • prereq for pid namespace support
      • combined with flame-kk kernel patches, will make bug 1185118 go away

Cross Platform