« previous week | index | next week »

Standup/Status

Windows

• bug 1147446 - memory leak in windows chromium sandbox IPC code - landed, will ask for uplift to Fx38

Linux/B2G

• Content Sandboxing
  • It's been a whole week without any new “whitelist this syscall for Lollipop” bugs, and the existing ones have landed, so maybe that's done?
  • bug 1146416

• Other work
  • assorted <input type="file"> issues.

Mac

Chromium

• bug 1111065 and bug 1111079 landed (with no attempt at repro/verification). bug 1087565 is harder; Windows knowledge would help.

Round Table

• In bug 1146298, Gabor and bholley suggest someone create a guide of security gotchas for add-on developers and reviewers. Who should own this: the sandboxing team or e10s team?
  • bholley also recommends we invest time hardening the IPC and Message Manager code.
    • There has been some work on IPC fuzzing; the usual problems with people not knowing what other people are working on apply.
• bug 1147911 - file:// URLs in a separate content process.

Actions

• cpeterson to follow up with Jorge about add-on review for security issues.