Security/B2G/2013 2 13

From MozillaWiki
< Security‎ | B2G
Jump to: navigation, search

FirefoxOS Security Team Meeting

1pm PST, B2G Vidyo room Prior notes are here: https://wiki.mozilla.org/Security/B2G/2013_2_6

News

  • Work being done investigating geolocation data
  • UI - get UI

Upcoming features:

  • Simple Push

Current/upcoming Reviews

High Priority:

  • Browser API - Pauljt, WIP
  • Tethering - anyone have time to look at this? dchan
  • Gaia: Document a combined review/close these out somehow?
  • Web Activities (including system activities) - document and close out. pauljt

Goal Status Updates

1. FirefoxOS related security reviews (owner: pauljt)

  • Gecko: 18 bugs remaining:

https://bugzilla.mozilla.org/showdependencytree.cgi?id=754730&maxdepth=1&hide_resolved=1

  • Gaia: 14 bug remaining:

https://bugzilla.mozilla.org/showdependencytree.cgi?id=748190&maxdepth=1&hide_resolved=1

2. Document Firefox OS Security (owner: dchan)

Draft Plan: https://security.etherpad.mozilla.org/MDN-Firefox-OS

  • mgoodwin has been testing the build documentation instructions
    • Put marionette at top of doc testing list
  • dchan still has to send out the doc list, will do after this meeting

3. Develop and land tests for security features (owner: dchan)

No updates

4.Engage communities & third-parties for Firefox OS security review and testing (owner: pauljt)

Draft Plan: https://etherpad.mozilla.org/foxhunt

5. Drive OS-layer security improvement (owner: kang)

No updates. Opsec marketplace taking prio til completed.

6. Secure app developer/reviewer guidelines/tools (owner: rforbes)

Other Items

  • Automate XSS fuzzing - mgoodwin to investigate

freddy jumping in to static analysis stuff to rewrite potentially insecure calls (e.g. innerHTML)