Meeting Notes for 2012-10-30

Attendees

• Jorge Villalobos
• Kris Maglione
• Jeff Griffiths
• Asa Dotzler
• Blair McBride
• Erik Vold
• Dave Townsend
• Asa

Agenda

• [Jeff] Progress on bug 784189.
• Settings Guard (Firefox Shield?) add-on.
  • Filed legal bug 805213 on add-on EULAs. Legal says this is probably not a problem, but are still waiting for a sample EULA from Kev.
  • Created a Squeaky project section in the Mozilla GitHub account.
  • Go?
• bug 806451 - Malicious Codec add-ons.
  • A couple of IDs with very high usage (100K+), and ~13K IDs with modest to high usage *each* (between 10 and 1K+).
• bug 799266 - Mozilla Safe Browsing add-on.
  • Block landed on 17+ and ESR 10.
• Talks with Montiera.
  • They develop the Babylon Toolbar, FunMoods, Wizebar and probably many other fun things.
  • Wizebar is some sort of service advertised from within the Babylon Toolbar and others, not an extension in itself.
• Malware proof of concept by security researcher.
• Reschedule Squeaky meeting because DST sucks.
• Work week? Dec 10th.

Notes

• keyword.url patch - Mossop working on it, targetting FX19
• Fx Shield:
  • got legal feedback on EULA issue - shouldn't be a problem
  • no feedbakc from Kev
  • got access to github acct
  • [action item]: upload to github
• bug 806451
  • group of add-ons 'Codec'
  • generate a number of ids, many are blocked
  • many ( 13k ) unblocked IDs
  • filed bug for regex match for addon block
    • Blair has patch ready
    • attempting to push to Beta
• moz safe browsing:
  • block in add-ons manager, based on author
  • landed in 17+ and ESR
• Montiera
  • develops various add-ons, Babylon, wizebar, etc.
  • should block funmoods, waiting for feedback form Babylon
• Malware proof-of-conept
  • http://www.cio.com/article/719850/Researcher_to_Demonstrate_Feature_rich_Malware_That_Works_As_a_Browser_Extension
  • fixed ID already blocked*
  • good communication with presenter
  • often in the past these have been submitted
• discussion of file registration / whitelist system
  • file registration would give us a good balance between dev freedom and white-list control over what can be loaded in Firefox and run.
  • https://wiki.mozilla.org/User:Jorge.villalobos/WorkWeek2012Q2/FileRegistration
  • Asa: what's our mitigation plan for a flood of Malicious add-ons?
    • 3rd party new add-on kill-switch?
    • can the update helper process help?
• new meeting time 10AM Thursday Pacific

Action Items

• Jorge make new meeting
• Jorge to upload source to github. Next?
• get SUMO to beta test - Jorge will send email to Grimes and Downer once he's done tweaking
• Jorge & Blair: code review for Shield? Pull request?