AMO/Squeaky/2012-10-30
From MozillaWiki
Meeting Notes for 2012-10-30
Attendees
- Jorge Villalobos
- Kris Maglione
- Jeff Griffiths
- Asa Dotzler
- Blair McBride
- Erik Vold
- Dave Townsend
- Asa
Agenda
- [Jeff] Progress on bug 784189.
- Settings Guard (Firefox Shield?) add-on.
- Filed legal bug 805213 on add-on EULAs. Legal says this is probably not a problem, but are still waiting for a sample EULA from Kev.
- Created a Squeaky project section in the Mozilla GitHub account.
- Go?
- bug 806451 - Malicious Codec add-ons.
- A couple of IDs with very high usage (100K+), and ~13K IDs with modest to high usage *each* (between 10 and 1K+).
- bug 799266 - Mozilla Safe Browsing add-on.
- Block landed on 17+ and ESR 10.
- Talks with Montiera.
- They develop the Babylon Toolbar, FunMoods, Wizebar and probably many other fun things.
- Wizebar is some sort of service advertised from within the Babylon Toolbar and others, not an extension in itself.
- Malware proof of concept by security researcher.
- Reschedule Squeaky meeting because DST sucks.
- Work week? Dec 10th.
Notes
- keyword.url patch - Mossop working on it, targetting FX19
- Fx Shield:
- got legal feedback on EULA issue - shouldn't be a problem
- no feedbakc from Kev
- got access to github acct
- [action item]: upload to github
- bug 806451
- group of add-ons 'Codec'
- generate a number of ids, many are blocked
- many ( 13k ) unblocked IDs
- filed bug for regex match for addon block
- Blair has patch ready
- attempting to push to Beta
- moz safe browsing:
- block in add-ons manager, based on author
- landed in 17+ and ESR
- Montiera
- develops various add-ons, Babylon, wizebar, etc.
- should block funmoods, waiting for feedback form Babylon
- Malware proof-of-conept
- http://www.cio.com/article/719850/Researcher_to_Demonstrate_Feature_rich_Malware_That_Works_As_a_Browser_Extension
- fixed ID already blocked*
- good communication with presenter
- often in the past these have been submitted
- discussion of file registration / whitelist system
- file registration would give us a good balance between dev freedom and white-list control over what can be loaded in Firefox and run.
- https://wiki.mozilla.org/User:Jorge.villalobos/WorkWeek2012Q2/FileRegistration
- Asa: what's our mitigation plan for a flood of Malicious add-ons?
- 3rd party new add-on kill-switch?
- can the update helper process help?
- new meeting time 10AM Thursday Pacific
Action Items
- Jorge make new meeting
- Jorge to upload source to github. Next?
- get SUMO to beta test - Jorge will send email to Grimes and Downer once he's done tweaking
- Jorge & Blair: code review for Shield? Pull request?