Security/B2G/2013 13 5

From MozillaWiki
< Security‎ | B2G
Jump to: navigation, search

FirefoxOS Security Team Meeting

1pm PST, B2G Vidyo room Prior notes are here:


   Target device: WVGA (480x800 device px) device with
   device-pixel-ratio=1.5 (320x533 CSS px).
   Timeframe: ~6 weeks from now
   [cr] Checkmarx talks ongoing, might be valuable addition to Firefox Marketplace, but none other
   [cr] TrustZone interesting opportunities with T-Labs (Prof. Seifert) - discussions ongoing with DT around trust zone possibility
   [pt] apps on sdcard - see b2g thread &

Weekly goals

Last Week: Current: [dc] - mozapp iframe 751026 [dc] - tethinerg 776502

Goal Status Updates

FirefoxOS related security reviews (pauljt)

Develop and land tests for security features (dchan)


Bug Bounty defined and ready to launch (freddyb)

[fb] feedback recvd and there was a chat between dveditz and brendan (nothing critical, mostly wording suggestions)

Compile Firefox OS issue register (pauljt)

adding bnug

Continue to document Firefox OS Security (pauljt)

no update

Document Update schedule & incident response procedure (pauljt)

no update

Firefox OS Sandboxing (kang)

   attempting to land still :p
   reviews for patch are supposed to come this week
   also waiting for l3 access to commit it myself

Malware Defense (cr)

   Involved dbialer in the meta-market approach to multimarket: he likes the idea.
   We might be able to get phone-specific and cryptographically relevant key data from the SIM cards. Seifert wants to deliver info. (anthony jones has mentioned this already on b2g-dev)