Security/Sandbox/2017-01-05

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

bobowen

  • bug 1321724 - [e10s] Local HTML cannot be opened in Firefox 50
    • Thought this might be down to Active Directory user, although I can't reproduce at the moment.
  • bug 1324908 - [e10s] OS X printing related crashes in CoreGraphics@0x regressing in Firefox 51
    • looks like this is actually an issue with shared persistent buffer provider - nical is going to disable on Mac and investigate
  • bug 1324064 - [e10s] printing causes content process to crash with Foxit Reader PDF
    • patch ready to land, which removes all access to print devices in child for Windows, might need a bit more work for other platforms.
  • bug 1321566 - landed need to uplift.
  • bug 1321020 - When you open a new file content tab from the file content process the wrong remote type gets set.
    • landed
  • bug 1328829, bug 1327942, bug 1328257 new follow ups for file content process - quite possibly related.

haik

  • bug 1309394 - Introduce automated tests to validate content process sandboxing works as intended
    • Addressed review comments
    • Hitting Windows content temp failure on try, will file new bug to investigate
  • bug 1322370 - Disable camera access in the Mac content sandbox
    • Landed, will uplift to 52
  • bug 1322716 - GMP Security bug
    • Landed, will uplift to 52
  • bug 1324610 - Printing on OS X makes firefox unusable
    • Fix on reviewboard
  • bug 1303051 - Printing Issue: Page Setup (eg scaling) not being respected since upgrade to 48.01 on Mac
    • Uplifting to 51

jld

tedd

  • bug 1325647 - automated bound checking for integers with IPDL
    • finished PoC, started email thread with IPC peers/owner
    • got some feedback, going to implement new approach
  • assurance work

gcp

  • reviews (SB/Android/boxing)
  • bug 1129492 Firefox content process has a live connection to the X11 server
  • Print to file / font serialization was fixed by gfx team, reviewed by bob
  • File write policy + seccomp could roll out, but we want soft-fail + logging
  • Will make configurable - or too risky?
  • Can we even update what Debian/Fedora/Ubuntu ship?

handyman

  • bug 1284897 - 64 bit Flash Player has storage permissions issues
    • still wip
  • bug 1312788 - Add console warning and telemetry if service workers are used in the file content process
    • posting for review

round table

jesup doc (https://docs.google.com/document/d/1cwc153l1Vo6CDuzCf7M7WbfFyHLqOcPq3JMwwYuJMRQ/edit#heading=h.qiysnfqg286u)