Security/B2G/2013 2 6

From MozillaWiki
< Security‎ | B2G
Jump to: navigation, search

FirefoxOS Security Team Meeting

1pm PST, B2G Vidyo room Prior notes are here:


Upcoming features:

Current/upcoming Reviews

High Priority:

  • Browser API - Pauljt, WIP
  • Tethering - anyone have time to look at this? dchan
  • Gaia: Document a combined review/close these out somehow?
  • Web Activities (including system activities) - document and close out. pauljt

Goal Status Updates

1. FirefoxOS related security reviews (owner: pauljt)

  • Gecko: 18 bugs remaining:

  • Gaia: 14 bug remaining:

2. Document Firefox OS Security (owner: dchan)

Draft Plan:

3. Develop and land tests for security features (owner: dchan)

No updates

4.Engage communities & third-parties for Firefox OS security review and testing (owner: pauljt)

Draft Plan:

5. Drive OS-layer security improvement (owner: kang)

No updates. Opsec marketplace taking prio til completed.

6. Secure app developer/reviewer guidelines/tools (owner: rforbes)

Other Items

  • Automate XSS fuzzing - mgoodwin to investigate

freddy jumping in to static analysis stuff to rewrite potentially insecure calls (e.g. innerHTML)