Standing Agenda

• Q4 Goals Recap
• Review currently active (P1) features against their established milestones, identify any blockers - Security/Roadmap + Privacy/Roadmap
• Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
• Suggest additions or changes to roadmaps
• Detailed discussion of features or outstanding issues as time permits
• Additional Items
• Upcoming events, OOO/travel, etc.

Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/11-15-12

Q4 Goals

• [ON TRACK] Land CSP 1.0
• [ON TRACK] Deliver integrated Payments and ID for B2G
• [DONE] Host security community event (public brownbag on 11/13)

Tainting - DOM XSS

• Paul and Raymond are exploring the idea of using taint in the JS engine to detect DOM XSS
• DOMinator is an existing addon that does this but only works in Firefox 4 - it's now a commercial tool
• Performance not an issue because its something a user/developer would turn on while testing.

2013 team strategy

• https://wiki.mozilla.org/SecurityEngineering/2013
• feedback to Sid if you've got thoughts on this doc.