Security/Sandbox/2016-01-28

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

Windows

  • Content Sandboxing
    • bug 1238964 - Printing via parent doesn't handle paper sizes correctly - landed.
    • bug 1240437 - PushLayer and PopLayer APIs are not implemented for DrawTargetRecording - landed.
    • bug 1173371 - [e10s] Web page is not shown when launch Firefox from network drive on Windows - reviewed, still want to test samba share.
    • bug 1165818 - Remove temporary Nightly only MozTemp-* clean-up code - landed (a little later than I had intended).
  • GMP Sandboxing
    • bug 1236680 - Result "not reached" crash in mozilla::gmp::GMPChild::ProcessingError() - caused by moved Users folder using Windows junction points - patches nearly there. This problem will affect others sandboxes as well.
  • NPAPI Sandboxing
    • bug 1241250 - Prezi frozen at loading on fresh profile with latest Nightly 64 bits - caused by USER_INTERACTIVE access level token.


OS X

  • Content Sandboxing
    • bug 1237847 - [e10s] Null deref crash when running test_pluginstream_newstream.html - Started implementing the fix where the parent chooses a temp directory and passes that to the child via a preference using Bob's fix for 1162327 as a reference
    • bug 1228022 - Trigger print jobs from the parent instead of the child for OSX


Cross Platform

  • WebRTC/OpenH264 Sandboxing
    • Patches up for [Bug 1177242] Video device access needs to re-verify UX permissions
  • Fuzzing
    • bug 1232119 - Extend Faulty (IPC fuzzer) to fuzz Shmem content - Spent more time going through Shmem code, have been experimenting with code that fuzzes the ShmemCreated message size which appears to be handled by the parent with an intentional crash, also experimenting with changing the actual shared memory segment size and that is also detected by the parent