Security/Meetings/2011-08-25

From MozillaWiki
Jump to: navigation, search

Apps Review

App Store (rforbes)

  • https://wiki.mozilla.org/Security/Reviews/AppStore
  • Working on the data flow
    • 2 stores, one for add-ons one for web apps
  • possible browserID for app-store and AMO
    • will wiat for BrowserID until it's out of labs
    • browserID also reinvestigating use of Hardware Security Module (HSM)
    • AMO power users not allowed to use browser ID initially

== OWASP @ Moz (mcoates)

  • hosted at MV and broadcast on Air Mozilla tonight @ 18:30 PDT
  • mcoates giving same talk he gave in Greece recently

Pancake / Firefox Home (imelven)

  • brown bag on tuesday in SF / in MV in 10 forward @ 1230 pm (internal only)
  • Sid has been engaged with Privacy conversations
  • mgoodwin has filed many sec bugs against the server
  • dchan and i have looked at the pancake FF addon
  • imelven has done an initial pass through the iOS app and will follow up with st3fan and mgoodwin

XSS Filter

  • support for the same headers as used for IE (de-facto standard as chrome/IE)
    • our behaves in the same way as webkit
  • will we implement reports like CSP for blocked content?
    • maybe: have not reserached this, so not being used right now, could be a future change