SecurityEngineering/2015/Q1Goals

From MozillaWiki
Jump to: navigation, search


Content Security

  • [DONE] Warn users about insecure password fields in Dev Edition/Aurora. (dri=tanvi)
    • [done] Figure out if we can display an in-your-face warning for passwords on HTTP pages in Aurora
    • [defer] Figure out if we can turn this preference on for Polaris (if not today, then someday in the future)
    • [done] Get UX help to design the warning. bug 1135766
    • [started] Start implementing
  • [DONE] REVAMP: Finalize LoadInfo patches for JS/C++ gecko channels . (dri=ckerschb)
  • [DONE] REVAMP: Start implementing the LoadInfo shim for addons. (dri=ckerschb)
  • [DONE] CSP: Prototype CSP devtool that provides suggested policy for page. (dri=ckerschb)
  • [DEFER] Land SRI with style support. (dri=francois)
  • [DEFER] Propose an approach for adding reporting to SRI. (dri=francois)

Tracking Protection

  • [DEFER] Get TP UI enabled in Nightly/Aurora to check webcompat, shake out bugs etc. (dri=mmc)
  • [DONE] Review Referrer Policy. (dri=mmc/sid)
  • [DROPPED] Start experimenting with Containers for Contextual Identity. (dri=mmc)
  • [DONE] Tor bugs. (dri=sid)
  • [DONE] Blog post for meta referrer. (dri=Sid)

Addon Security

  • [Fx39 as warning, Fx40 as blocking] Mechanism for enforcing signed-by-AMO addons in 38. Whether enabled or not depends on readiness in other parts.

Communications Security

QE (tracking)

  • [DROPPED] Monitor high risk telemetry security probes via the medusa alerting system in m-c (dri=kamil)
  • [DROPPED] Use the Telemetry prototype to create graphs/monitor high risk security probes via Aurora and BETA. (dri=kamil)
  • [DROPPED] Create a smoke-level Marionette test for SSL compatibility to be run on Mozmill-CI (dri=mwobensmith)
  • [DROPPED] Create and stage a web-based SSL site compat tool (dri=mwobensmith)
Retrieved from "https://wiki.mozilla.org/index.php?title=SecurityEngineering/2015/Q1Goals&oldid=1065647"