From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

Platform Meeting Details

  • Tuesdays - 11:00 am Pacific
  • Dial-in: Audio-only conference# 95312
    • People with Mozilla phones or softphones please dial x4000 Conf# 95312
    • US/Toll-free: +1 800 707 2533, (pin 4000) Conf# 95312
    • US/California/Mountain View: +1 650 903 0800, x4000 Conf# 95312
    • US/California/San Francisco: +1 415 762 5700, x4000 Conf# 95312
    • US/Oregon/Portland: +1 971 544 8000, x4000 Conf# 95312
    • CA/British Columbia/Vancouver: +1 778 785 1540, x4000 Conf# 95312
    • CA/Ontario/Toronto: +1 416 848 3114, x4000 Conf# 95312
    • UK/London: +44 (0)207 855 3000, x4000 Conf# 95312
    • FR/Paris: +33 1 84 88 37 37, x4000 Conf# 95312
    • Gmail Chat (requires Flash and the Google Talk plugin): paste +1 650 903 0800 into the Gmail Chat box that doesn't look like it accepts phone numbers
    • SkypeOut is free if you use the 800 number
  • Warp Core Vidyo Room
  • join #planning for back channel

Notices / Schedule

  • Please land all approved patches before 2:30PM PT today to make it into FF12 beta 4
  • For bugs that are still tracked for FF12, we should be moving away from speculative fixes and towards mitigating fall out post-release (backouts, etc.)

Firefox Development

Firefox Developer Tools

Add-on SDK

  • Releasing Add-on SDK 1.6 today
    • Fixes memory leaks
    • Fixes problems with moving widgets to the navigation toolbar


  • Telemetry data from prior to Feb. 1 is being processed
  • Telemetry updated proposal to drop Linux kernel version reporting. Comment in bug 733452 this week.
  • Starting to work on Telemetry dashboard UX. Please provide feedback on Telemetry dashboard in bug 736484.
  • This week's Snappy summary
  • Vlad released a new version of about:telemetry that shows full slow SQL data on Nightly builds.
  • The profiler add-on can now toggle the Jank/Stackwalking feature.
  • Vlad integrated Benoit’s SPS extension with the Symbolication Server.
  • Vlad wrote a blog post about setting up a local symbolication server.
  • Peptest results from try, mozilla-inbound, and mozilla-central are now being reported to
  • Mark added Peptest documentation to MDN.
  • mccr8 has continued his attack on the CC graph landing patches for bug 736563 and bug 712735 and is working to land even more patches (bug 737075 and bug 740185).
  • Rafael implemented write poisoning, which detects late disk writes that are occurring when we’re trying to shut down.
  • Felix continued working to make form history use the asynchronous storage API. Patch is getting close to r+.
  • Progress was made on replacing synchronous favicons calls in the codebase with async calls. Not quite ready to land but moving along.


  • Technical Review of Checkboarding on Mobile tomorrow (Wed) at noon PDT
    • Contact jprmc or jrmuizel


  • Jeff Walden's begun landing code implementing a new way to represent objects, specifically their properties. There's a metabug, with work being hung off that in dependencies.
  • Luke Wagner is working on scope chain/variables/arguments/environment code refactoring.
  • Ionmonkey proceeds apace, current goal/plan is to land by mid-June.



  • cpearce landed FileBlockCache, which provides a temporary file you can do blocking reads from on any (non-main) thread, write to on the main thread with buffering so that the main thread doesn't block, and move blocks around on the main thread (with buffering and a helper thread so the main thread doesn't block). We're using this to avoid main-thread I/O from the media cache. May be useful elsewhere.
  • cpearce working on enableFullScreenWithKeys and has a proposal in the bug.
  • cool WebRTC demos performed at IETF Paris (jesup)
  • core MediaStreams infrastructure patches under review (roc)
  • Intern Paul Adenot started yesterday, working on implementing the playbackRate attribute for audio/video elements


  • Finished and landed codegen infrastructure for new DOM bindings (bug 740069) that don't use XPConnect, and give XMLHttpRequest (main thread and workers) new bindings using the new binding mechanism (peterv, bz, khuey, bholley, bent, Ms2ger, jlebar).
  • Landed support for MutationObserver (bug 641821), a replacement for DOM mutation events (smaug, sicking).


  • WebAPI Q2 goals here:
  • Mounir added screen-orientation lock support on Android. Full-screen pages can now choose to be in landscape or portrait mode!
  • Gregor landed support for Settings API on B2G.
  • Doug T started implementing Device Storage API which will give applications access to things like "pictures" and "documents" folders.
  • Doug T did initial implementation of AmbientLight and Proximity sensors.
  • Spec draft for API for setting current time sent to mailing list.
  • Spec draft for Web Activities sent to mailing list. So far this is scoped to the specific needs B2G has.
  • Discussion ongoing regarding security model for OpenWebApps/B2G/WebAPI






Tree Management

  • Possible downtime this week as hg.m.o moves datacentres to scl3. Details to come.
  • Switching OSX build hardware for m-c, try, and project branches (everything except m-a, m-b, m-r, m-esr10, m-1.9.2) sometime early next week
    • Faster OSX builds! Yay!
    • Nightly updates will be diverted to a test channel for a few days. If you don't get an update to your nightly build DON'T PANIC.
    • bug 720027 for the gory details


Security Reviews & Threat Modeling Sessions Scheduled for this week

Date / Time Item
Mon Apr 02 / 13:00 PST WebRT
Wed Apr 04 / 13:00 PST None
Thu APR 05 / 10:00 PST AVAILABLE
Fri Apr 06 / 10:00 AM PST AVAILABLE

Calendar and Meeting details

General Meeting Details 
* IRC Channel: #security 
* Etherpad: 
* Vidyo: (Room 9058)
* Dial-in Info (phone): 
** In office or soft phone: extension 92 
** US/INTL: 650-903-0800 or 650-215-1282 then extension 92 
** Toronto: 416-848-3114 then extension 92 
** Toll-free: 800-707-2533 then password 369 
** Conference num 99058

For updates to meetings please see the Security Review Calendar

Security Review Needed but Unscheduled

Review Needed

  • Feature pages triaged to need review, review unscheduled
Feature Feature List Target Rel Prod Mgr Lead Engr Security lead Security status Security notes Last Modified
Client-side XPI construction Jetpack Add-on Builder 2 Daniel Buchner Piotr Zalewa/Sean McArthur `sec-review-needed `2012-04-12T20:05:12
Add-On Tab API ` Add-on SDK 1.5 David Mason ` Dan Veditzsec-review-needed bug 7449132012-04-12T20:10:51
B2G App Security and Privacy Model ` B2G 1.0 Lucas Adamski Jonas Sicking, Chris Jones Paul Theriaultsec-review-needed bug 7449152013-11-22T18:35:41
Style Editor Desktop Firefox 11 Kevin Dangoor Cedric Vivier `sec-review-needed bug 7449212012-08-30T13:42:53
Migrate Chrome settings and data Desktop Firefox 11 Asa Dotzler Makoto Kato, Marco Bonardo `sec-review-needed bug 7449192012-04-12T20:17:13
Generic Thumbnail Service Platform Firefox 12 ` Tim Taubert `sec-review-needed 2012-05-16T23:15:03
Easy UI Feature Testing and "Success Evaluation" (integrate TestPilot like features) ` Firefox 13 ` ` `sec-review-needed Please schedule with curtisk2012-03-02T23:41:56
Hang Detector and Reporter Desktop Firefox 14 Asa Dotzler Vladan Djeric `sec-review-needed bug 7449262012-04-18T19:50:16
Install and Uninstall Web Apps in Firefox ` Firefox 15 Ragavan Srinivasan ` `sec-review-needed 2012-06-05T21:53:38
Responsive View Desktop Firefox 15 Kevin Dangoor Paul Rouget `sec-review-needed 2012-08-30T13:40:32
In-content preferences Desktop Firefox 15 Asa Dotzler Jon Rietveld `sec-review-needed bug 7449362012-05-07T14:15:25
Camera API Phase 2 - based on getUserMedia Mobile Firefox 15 - Mobile only, still image support only Maire Reavy Anant Narayanan Lucas Adamski (currently) Curtis Koenig (soon)sec-review-needed bug 7492212012-10-16T07:15:46
Media Plugin API (MPAPI) Mobile Firefox 15 or 16 (TBD) - Mobile only, by the end of Q2 Maire Reavy Rob O'Callahan (formerly Andreas Gal) TBDsec-review-needed bug 7492212012-06-06T02:40:33
Feature name here ` Firefox 16 Karen Rudnitski Brad Lassey `sec-review-needed 2012-08-31T17:39:44
Firefox Social Integration Desktop Firefox 17 Asa Dotzler Shane Caraveo Michael Coatessec-review-needed bug 7334142014-04-11T05:29:17
HTML Tree Editor Desktop Firefox 17 Kevin Dangoor Dave Camp `sec-review-needed 2012-09-17T17:04:20
Per-Site Third-Party Cookie Setting Platform Firefox 18 ` ` Curtis Koenigsec-review-needed 2013-02-08T17:31:48
Show PDF inline Platform Firefox 18 Asa Dotzler Bill Walker `sec-review-needed 2012-10-04T13:16:57
Windows Plugin Hang UI Desktop Firefox 19 asa Aaron Klotz `sec-review-needed 2012-10-29T15:51:21
Tools In Windows Desktop Firefox 20 Kevin Dangoor Paul Rouget `sec-review-needed 2013-08-01T20:30:23
JavaScript Profiling Desktop Firefox 20 Kevin Dangoor Anton Kovalyov `sec-review-needed 2013-08-01T20:31:39
Network View Desktop Firefox 23 Kevin Dangoor ` `sec-review-needed assigned to mgoodwin2013-08-14T21:07:34
Downloads API Desktop Firefox 26 ` Paolo Amadini `sec-review-needed assigned to mgoodwin to look at via sec-review? in bug 8255882013-10-25T09:40:01
Panel Menu Desktop Firefox 29 Asa Dotzler Blair McBride `sec-review-needed sec review work to be done by freddyb2014-05-15T03:04:34
FlightDeck as a Client-side App Jetpack FlightDeck 1.0 Daniel Buchner Sean McArthur `sec-review-needed when ready sched w/ curtisk2012-01-25T22:43:38
IndexedDB Support for Multi-Process Firefox Platform Future, distant future. Chris Blizzard ` `sec-review-needed 2011.10.17: sid recommends we wait on this one but likely needs a review. bug 7449402012-04-12T20:52:20
Simplify signing XPIs in Jetpack Jetpack Jetpack Future Dave Mason ` `sec-review-needed 2012-06-05T22:46:09
Purchase PIN Marketplace Marketplace July Justin Scott Unassigned Raymond Forbessec-review-needed 2016-04-01T02:19:58
Notifications Other Q3 None Assigned, One has been requested JR Colin David Chansec-review-needed bug 7498062012-05-09T17:00:36
Sharing textures cross-process for Electrolysis Platform Q4 of 2011. Chris Blizzard Chris Jones `sec-review-needed bug 7449442013-07-22T07:19:02
SDK Support for Firefox for Mobile Addons Jetpack SDK 1.5 David Mason Matteo Ferretti `sec-review-needed bug 7449462012-04-12T21:04:55
Apps Management App ` TBD ` ` `sec-review-needed 2012-08-31T17:38:35
Modern MIME Parser Thunderbird Thunderbird 16 ` Joshua Cranmer `sec-review-needed bug 7449522012-05-31T14:31:02
Thunderbird Metro Thunderbird Thunderbird 17 ` ` `sec-review-needed 2012-07-22T02:29:05
SMS support in Thunderbird Thunderbird Thunderbird 19 ` ` `sec-review-needed
Modern Address Book - V1 Thunderbird Under revision ` Mike Conley `sec-review-needed bug 7449552012-05-16T17:16:47
Speedy Session Restore Desktop ` Asa Dotzler Dietrich Ayala `sec-review-needed bug 7449342012-07-23T20:43:45
Enhancements to help mitigate search hijacking Desktop ` Asa Dotzler Gavin Sharp Al Billingssec-review-needed bug 7449572012-07-18T01:36:50
Blocklist UX enhancements [Plug-ins] Desktop ` Kev Needham ` `sec-review-needed bug 7449622012-04-12T21:40:01
Sign into the browser Other ` Dan Mills Ben Adida `sec-review-needed bug 7449482012-07-26T22:36:15
Add plugincheck functionality to Add-on Manager Desktop ` Kev Needham ` `sec-review-needed bug 7449672012-04-12T21:46:41
DOMCryptAPI (a Crypto API in the DOM) Platform ` Chris Blizzard David Dahl Brian Smithsec-review-needed bug 7449382013-11-22T19:02:09
Native Sign In to Website Desktop ` ` Austin King (ozten) `sec-review-needed `2013-10-18T23:50:02

Bugs marked sec-review-needed that need to be scheduled

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);

Stability Report

  • Stability work week for June 11.


  • Tomorrow's incremental release will feature indicators for startup crashes in topcrash lists.
  • Are We Stable Yet? features an (in-development) overview over stability indicators pulled from Socorro data.
  • Status of uploading symbols for npswf32_11_2_202_228?


Top Issues

  • Tracking a number of crashes we are still trying to get fixed in FF12
    • bug 717175 - High volume combining multiple signatures. Backout difficult so looking at uplifting fix to beta if works in m-c.
    • bug 725503 - Still no good solution
    • bug 673543 - in progress
    • bug 725793 - no fix identified yet
    • bug 733892 - quite a bit of analysis but no ideas on a specific fix
    • bug 737942 - some analysis but not fix identified yet
    • bug 738640 - found STR so working on a fix
    • bug 738661 - reproducible so assigned to dev
  • New bugs in Beta (FF12)
    • bug 741179 Startup crash in nsDiskCacheBlockFile::Write
    • bug 741521 Startup crash in [@ nsDiskCacheMap::FlushHeader() ]
  • Blocklisting - still working this out
  • Reproducible crashes

Regressions on the trunk

  • bug 741715 crash in XPCWrappedNativeProto::TraceJS