Security/Meetings/SecurityAssurance/2013-03-26

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »
  • Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
  • Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
  • Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
  • Phone (Toronto): 416 848 3114 x92 Conf: 95316#
  • Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Agenda

Upcoming Speaking Engagements

(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks )

  • [psiinon] March 28 OWASP LatAm Q&A
  • [psiinon] March 28 pauldotcom interview?++
  • [psiinon] April 3 OWASP LatAm Q&A
  • [mgoodwin] April 10 - Sheffield Hallam University - guest lecture to sec. and software engineering undergrads (The Trouble with Passwords - or, Why you should use Persona0)

Planned Blog Posts

Security Review Status (curtisk)

  • Completed in Q4 2012: 50 << 63 this Quarter (Q1-2013)

https://security-review-statistics.vcap.mozillalabs.com/weekly

Operations Security Update (Joe Stevensen)

Project Updates

Please add your name to the update so we know who to follow up with

Firefox Desktop

Firefox Mobile

Firefox OS

  • packaged app orgins (bug 852720)
    • current postmessage auth flow is insecure due to unknown origins
    • "origins" may not match up with domain manifest / app is served from
    • proposed solutions
      • special app://<uri>
      • sign apps with origin field

Firefox Core

  • [decoder] JS Fuzzing for bug 837312 (requested)
  • [decoder, gkw] Bug 829602 (ParallelArray self-hosting) regressed m-c in several ways, bugs filed
    • Bug 854807 also caused recent instability

MarketPlace

Web Apps

Services

Operation Security