Security/Sandbox/2015-06-04
From MozillaWiki
« previous week | index | next week »
Windows
- Content Sandboxing
- bug 1166669 - content process-level mitigations - landed, email sent to dev-platform
- Investigate whether any of the new process-level mitigations are relevant for the chrome process.
- NPAPI Sandboxing
- bug 1123759 - low integrity NPAPI sandbox (level 2+) - landed
- bug 1165903 - low integrity NPAPI causes 0,0 positioning bug - up for review
- bug 1165895 - low integrity NPAPI sandbox causes some crash reporting tests to fail - up for review
- Uplift to Aurora 40 because Firefox Win64 will ship with 40.
- Ask Adobe to run their test Aurora 40.
- Other Windows Work
- GameGuard said they are working on a fix for the sandbox start-up conflict
Linux/B2G
- The seccomp-bpf PolicyCompiler patches (bug 1055310) can probably land…
- …but I found bug 1168555 and bug 1169726 while checking out my Try run.
- (B2G intermittents from bug 1151607 possibly combined with some regression not yet found, plus the usual thing where the parent process is insufficiently robust about error cases)
- …but I found bug 1168555 and bug 1169726 while checking out my Try run.
Cross Platform
- WebRTC/OpenH264 Sandboxing
- Rewrote IPC to be async
- Moved all IO to dedicated threads, all device enumeration to dedicated threads
- Looking for a shutdown hang
- e10s ship plan:
- Aurora 40 = opt-in
- Aurora 41 = opt-out
- Beta 41 = opt-in
- Beta 42 = opt-out and go/no decision
