SecurityEngineering/Projects

From MozillaWiki
Jump to: navigation, search

This is a list of projects that we could use some help with. If you're interested in pitching in and making the web a safer place, these are great ways to start.

For information about the Mozilla Mentorship program, please see Security/Mentorship.

Coding/Gecko projects

Project Name Contact Details
Wordpress CSP Plugin Sid Stamm We need to update it for CSP 1.0 (W3C spec)
Mixed Content Dev Tools Tanvi Vyas  ??
Security Report devtool Tanvi Vyas See also bug 781147
Auto-Fix SSL errors  ?? Identify and implement autocorrection for things like system time errors, server redirects to HTTPS, etc.
Cookie Tagging Mark Goodwin Build plumbing to tag cookies allowing selection and deletion of cookies by tag type (and other things). See also bug 792986
CSP 1.1: path support Sid Stamm Implement paths for sources in CSP. See bug 808292.
CSP 1.1: Sandbox support Sid Stamm Implement sandbox directive for CSP. See bug 671389.
CSP 1.1: Prototype script-hash or script-nonce to help the development of the spec Ian Melven Prototype the proposed experimental script-hash and/or script-nonce directives for CSP and share insights with WebAppSec WG
CSP UI Safety : frame-options Ian Melven Take the existing frame-ancestors code and adapt it to the proposed CSP UI Safety frame-options directive See bug 846978
Certificate Manager for B2G  ?? Allow adding/removal of certs in B2G
Client Cert support in Fx Android  ??
Certificate manager for Fx Android  ??

Data Gathering projects

Project Name Contact Details
HSTS preload list crawler David Keeler
HTTPS by default Brian Smith For addressbar entries, assume https and fallback to http. Does it work? Need to study its effects.
Cert error reporting  ?? See also bug 707275. This would create a mechanism for users to take action that would send cert chains and error info to Mozilla.
Fast profile switcher Monica Chew Prototype for seeing how users interact with it.
WebApp CSP generator  ?? Tool for generating CSPs for packaged web apps
Remove UserPass support from nsIURI  ?? We need to understand the affect of removing userpass support from our URIs in Firefox.