- bug 1147911 - Use a separate content process for file:// URLs
- landed - working on follow-ups
- bug 1279699 - Crash in OOM | large | mozalloc_abort | mozalloc_handle_oom | moz_xmalloc | std::_Allocate | std::basic_stringbuf<T>::overflow
- landed fix to use temporary files instead.
- uplifted to beta, but seems to have caused / uncovered crashes later on - investigating now.
- bug 1273372 - [EME] Crash in mozilla::gmp::GMPChild::ProcessingError - (Applocker)
- have patches for this that seem to work for reporter - need to get them up for review
- bug 1104619 - Audio remoting
- Had to rewrite a lot of code
- Talked to billm, implementing his suggestions, move away from PBackground, implement my own top-level protocol
- bug 1320085 - Fedora 26 prlimit64 issue - reviewed patch
- bug 1319640 - a11y+e10s+sandboxing+plugins = fun. Had to remote a call to AccessibleObjectFromWindow. r+, should land today
- bug 1284912 2.88% ts_paint (linux64) regression on push 23140396a80eb27ff586c41fdc1cad62c875c9b1 (Tue Jul 5 2016)
- Lots of investigation on Talos
- bug 1309205 - "Print to file" fails silently on Ubuntu16.04LTS feedback from font people
- bug 1314056 - Enable Mac content sandbox level 1 in 52
- Uplifted to Aurora (along with all dependencies)
- bug 1309394 - Introduce automated tests to validate content process sandboxing works as intended
- Got review comments from Bob, looking into using ContentTask.spawn instead
- bug 1321053 - my cannon pixma printer will no longer print in grayscale, it will with safari, this is not a printer problem
- Seems to be fixed already by remote printing for Mac, need to root cause
- bug 1315325 - Add telemetry to measure use of NPAPI NPN Get/Post URL apis
- bug 1185472 - Only allow NPAPI HWNDs to be adopted by an HWND in the chrome process.
- bug 1284897 - 64 bit Flash Player has storage permissions issues
- bug 1273091 - Mouse cursor does not disappear in html5 fullscreen video on Windows
- waiting for regressions. If none, uplift to Aurora/Beta
- bug 1320085 - Deal with using prlimit64 to implement getrlimit: landed
- bug 1257361: wrote patch
- bug 1320834 - restrict prctl for desktop: filed and investigated
- (dup of bug 1302714?, should mark 1302714 as dup of this one, you have more information)
- (Oops. —jld)
- sandbox meet up in Hawaii ---> Wednesday @ 1pm
- discussion points / goals
- other people we might want to meet with? (gfx?)
- Friday security meeting / standups
- dinner in Hawaii? We have a stipend to spend and there are a number of restaurants.
- bug 1286865 - non-fatal sandbox violation reporting
- What does Chrome do?
- Network isolation blockers?
- Tests — Linux only, or all platforms?
- What controls net access on Windows?
- haik PTO
<gcp> https://paste.sh/ShvF8IRP#o2CC1uJifewgaLtX1agM8r3w <gcp> annotated shellcode <gcp> LoadLibraryA <gcp> ws2_32_WSAStartup <gcp> ws2_32_WSASocketA <gcp> iphlpapi_SendARP <gcp> ; GET /0a821a80/05dc0212 HTTP/1.1 <gcp> ; Host: User-PC <gcp> ; Cookie: MC=08002703DFB8 <gcp> ; Accept-Encoding: gzip
- Current Windows/Linux sandboxing wouldn't help deanonymization, but might interfere with modifying the exploit to leave a rootkit instead.
- Mac sandbox already disallows network-outbound.
- Threat models:
- Network access bypassing Tor proxy
- Obtaining PII somehow, exfiltrating via normal HTTP(S)
some "analysis" https://blog.gdatasoftware.com/2016/11/29346-firefox-0-day-targeting-tor-users (haven't looked at it yet, friend hinted me to it), not very in depth, but might be worth a read