Personal tools

SecurityEngineering/Roadmap

From MozillaWiki

Jump to: navigation, search

< Product Roadmaps

Larry.png Product Security Feature Roadmap
Owner: Sid Stamm Updated: Nov 2013
Security at Mozilla can be thought of a set of principles that are reflected in the products we ship, but also in the impact Mozilla has on the entire web. As such our security roadmap should reflect the real security improvements we need to make to our products to reflect the evolving security landscape, but also the ambitious impact we'd like to have on all web users.
DRAFT
This page is not complete.


Contents

Vision

Security at Mozilla can be thought of a set of principles that are reflected in the products we ship, but also in the impact Mozilla has on the entire web.

Themes and Goals

Web users are under constant attack from a wide variety of opponents, many of whom are merely opportunistic, but also by a minority of very clever and determined attackers.  To protect users, we need to improve our current products to keep pace with these evolving threats, but we are ultimately limited in what we can do unilaterally within our products.  We must also drive innovative solutions that require the participation of other vital players in the web ecosystem, including standards bodies, internet technology vendors, web developers, web admins and web frameworks.

As such, security engineering at Mozilla has two primary themes:

  • Inward Security: Protect our users directly from an ever-increasing volume & sophistication of online attacks, by directly improving the products and services we deliver
  • Outward Security: Drive innovative security solutions to enable the wider web ecosystem of web developers, web admins and users to adapt to evolving web technologies and their corresponding security threats.

In this roadmap we identify outcomes that fall into one of these two themes. The concrete projects and work units work towards one or more outcomes (but are classified into outcome for simplicity). As we make progress on the tasks under an outcome, we get closer to realizing it.

NOTE: these goals and prioritization are tentative and more may be added or some may be changed, re-prioritized or dropped.

Outcomes:

There are some major outcomes that can be realized by completion of multiple features. These features already show up on the master list of all security-related work, but this categorizes them into, big picture, how we want to change things.

Firefox, the Safest Platform

Firefox needs to be the safest browser and OS for our users. To get there, we have to harden the platform and contain exploits. This outcome can be realized when people regularly choose Firefox when they care about safety (but not have to trade performance or compatibility for it).

Pr Feature Stage Release target Product manager Feature manager
P1 Click-to-Play Part II Complete Firefox 17 Lucas Adamski David Keeler
P1 Opt-in activation for plugins Complete Firefox 16 Lucas Adamski David Keeler
P1 Mixed Content Blocker Complete Firefox 23 Sid Stamm Tanvi Vyas
P1 Application Reputation Development ` Sid Stamm Monica Chew
P1 Sandboxing of content processes Development ` Sid Stamm Sid Stamm
P2 Stub Installer and UI update Development ` Asa Dotzler Robert Strong
P2 Disallow Weak RSA Keys Draft ` Sid Stamm `
P2 Browser CRL Draft ` SId Stamm David Keeler
P2 CA Policy Constraint Checking in Code Draft ` Sid Stamm `
P2 Cert Blocklist via Update Ping On hold ` Sid Stamm David Keeler
P2 Intranet CSRF Blocker On hold ` Sid Stamm `
P3 XSS Filter Definition ` Sid Stamm Sid Stamm
P3 Low-rights Firefox (whole process sandbox) Definition ` Sid Stamm `
P3 Better Cert Error/Warning Pages Draft ` Sid Stamm `
P3 Subresource Integrity Draft ` `
P3 Apply CSP to Chrome Pages Draft ` Sid Stamm `
P3 Active Distrust of CAs Draft ` Sid Stamm Sid Stamm
P3 Create API for add-ons and components that provides check-point between TLS/SSL handshake and HTTP request On hold ` Sid Stamm Peter Eckersley
Unprioritized Certificate Suspicion Draft ` Sid Stamm `
Unprioritized Improved plugin installation and management experience Planning ` Sid Stamm `

Web, the Safest Platform

The web needs to be the safest place for developers to deploy their software. We must lead on security in Firefox, but also the web platform, by building tools and safe defaults for developers. This outcome can be realized when developers regularly choose the Web to create innovative and safe applications.

Pr Feature Stage Release target Product manager Feature manager
P1 B2G App Security and Privacy Model Complete B2G 1.0 Lucas Adamski Lucas Adamski
P1 Iframe Sandbox Landed Firefox 17 Lucas Adamski Ian Melven
P2 CSP 1.0 Support Complete Firefox 25 Sid Stamm Ian Melven
P2 Web Cryptography API Design ` Sid Stamm `
P2 Highlight Cleartext Passwords Draft ` Sid Stamm Tanvi Vyas
P3 CSP Sandbox Development ` Sid Stamm Devdatta Akhawe
P3 Same Domain Cookies Draft Firefox 20 ` Mark Goodwin
P3 Add Security Features to Developer Tools Draft ` Tanvi Vyas Mark Goodwin, Tanvi Vyas
P3 allow-popups (part of iframe sandbox) Shipped Firefox 27 Sid Stamm Bob Owen
Unprioritized DNSSEC-TLS Development ` ` `
Unprioritized DOMCrypt Internal API On hold N/A Sid Stamm `
Unprioritized DOMCryptAPI (a Crypto API in the DOM) Shelved ` Chris Blizzard Sid Stamm

HTTPS can be used as default

Right now, when users navigate to a web site without specifying the protocol or scheme, Firefox assumes "http" as the scheme. For optimal protection from eavesdropping and for encryption of cookies and other HTTP request data in transit, we should be able to attempt HTTPS and fall back to HTTP only when absolutely necessary.

This outcome can be realized when Firefox can be changed to default to the HTTPS scheme instead of HTTP.

Pr Feature Stage Release target Product manager Feature manager
P1 SSL Error Reporting Design ` Kathleen Wilson David Keeler
P1 CA Pinning Development ` Sid Stamm Camilo Viecco
P1 OCSP Stapling Landed Firefox 25 Sid Stamm David Keeler
P2 OCSP Must-Staple Design ` Sid Stamm `
P2 TLS Telemetry Landed Firefox 26 Brian Smith David Chan
P2 TLS 1.2 support Landed Firefox 28 Sid Stamm Brian Smith

Ideas Not Yet Awesome Enough

Apparently these ideas are not yet great enough to merit feature pages. If you disagree, you can create a new feature page for it! Just make sure to put "Security" in the primary or secondary roadmap field.

Item Owner
First-run warning for new plugins

Plugin sandboxing

Malloc should be infallible

Eviltraps meta-bug (prevents users from leaving a page)

Notify user of malware in their crash signatures

Expose HSTS and other security browser state to plugins (NPAPI)

Ignore autocomplete="off" for password fields
Clickjacking mitigations
X-Content-Type-Options
toStaticHTML
Block DLLs without ASLR
Force ASLR or similar mitigations (EMET)
Security-related Password Manager Improvements
Security UI/UX experiments


Completed Features

All Features

Related Info

Links to implementation plan and progress:

Inputs into the security roadmap: