<p>Welcome to the Mozilla Security wiki. There is not much here yet so feel free to contribute.</p><h3> === Security-related bugs </h3><ul><li> <a _fcknotitle="true" href="=* [[Security Severity Ratings">Security Severity Ratings</a> ]] </li><li> <a href="* [http://www.mozilla.org/security/#For_Developers">How to report a security issue</a> ] </li><li> <a href="* [[Security/FixMe">|Want to fix a security bug? Here is a list of old thorny bugs you can take on.</a>]]</li></ul><h3>===Security reviews for new features/products</h3>===<p><i>''Main Article: <a _fcknotitle="true" href="Security/Reviews">[[Security/Reviews</a></i>]]''</p><ul><li> * Find past reviews by <a href="[https://wiki.mozilla.org/Category:SecReview">Category:SecReview</a>]</li></ul><h4><a href="===[[Security/Radar">|Security Radar</a></h4>]]==== <table {| class="wikitable collapsible collapsed" style="width: 100%"><tr><th> ! Unlinked Reviews</th></tr><tr>|-<td>|<ul><li> <a href="* [[Security/Reviews/Mobile/AndroidSystemStorage"> | Android System Storage</a>]]</li><li> <a href="* [[Security/Firefox/WebAPI/WebBattery"> | WebBattery</a>]]</li><li> <a href="* [[Security/Reviews/BrowserIDCAPI"> | BrowserID C API</a>]]</li><li> <a href="* [[Security/Reviews/crossoriginAttribute">|Add crossorigin attribute</a>]]</li><li> <a href="* [[Security/Reviews/Firefox10/SyncDialogue">|Sync Dialogue</a>]]</li><li> <a href="* [[Security/Reviews/JetPack2011-20/12"> | JetPack 2011-10-12</a>]]</li><li> <a href="* [[Security/Reviews/XHRnonpost"> | XHR non-post rewrite</a>]]</li><li> <a href="* [[Security/Reviews/StubInstaller">|Stub Installer</a>]]</li><li> <a href="* [[Labs/Weave/Sync Client Security Review">|Sync Client</a>]]</li><li> <a href="* [[Firefox Sync/Weave 1.3b5 Client Security Review">|Weave 1.3b5 Client</a>]]</li><li> <a href="* [[Security/Reviews/DNSSEC-TLS">|DNSSEC-TLS</a>]]</li><li> <a href="* [[Security/Reviews/OWA-F1">|Web Activities & F1</a>]]</li><li> <a href="* [[Security/Reviews/ReviewNotes/MouseLock">|MouseLock</a>]]</li><li> <a href="* [[Security/Reviews/ReviewNotes/Joystick">|Joystick</a>]]</li></ul>|}</td></tr></table><table {| class="wikitable collapsible collapsed" style="width: 100%"><tr><th> ! Unlinked Discusions</th></tr><tr>|-<td>|<ul><li> <a href="* [[Security/Discussions/WebRTC">|WebRTC</a>]]</li></ul>|}</td></tr></table><h3>===Security Feature Development</h3>=== <p><i>''Main article: <a _fcknotitle="true" href="[[Security/Roadmap">Security/Roadmap</a></i>]]'' </p><p><i>''Main article: <a _fcknotitle="true" href="Privacy/Roadmap">[[Privacy/Roadmap</a></i>]]''</p><h3> === Security Initiatives </h3><ul><li><a _fcknotitle="true" href="Security/TeamEmbedding">= *[[Security/TeamEmbedding</a>]]</li><li>*Prioritizing and driving non-feature work: <a _fcknotitle="true" href="Security/Driving">[[Security/Driving</a>]]</li></ul><h3> === Security Resources and Blogs </h3>=== <h4> ==== Mozilla Official Sites </h4>====<ul><li> <a href="* [http://www.mozilla.org/security">Mozilla Security Center</a>]</li><li> <a href="* [http://developer.mozilla.org/en/Security">Mozilla security developer docs</a>]</li><li> <a href="* [[CA">|Mozilla CA Root Program</a>]]</li><li> <a href="* [http://blog.mozilla.com/security">Mozilla Security blog</a>]</li><li> <a href="* [http://blog.mozilla.com/webappsec">Mozilla WebApp Sec Blog</a>]</li><li> <a href="* [https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines">Secure Coding Guidelines for Webapps</a>]</li></ul>
<h4> Personal Security Related Blogs of Mozillians </h4>
<ul><li> <a href="http://blog.mozilla.com/ladamski">Lucas Adamski's blog</a>
</li><li> <a href="http://blog.mozilla.com/decoder">Christian Holler's blog (decoder)</a>
</li></ul>
<h4> Twitter Accounts of Security Mozillians </h4>
<ul><li> <a href="https://twitter.com/mozsec">Mozilla Security</a>
</li><li> <a href="https://twitter.com/mozwebsec">Mozilla Security</a>
</li><li> <a href="https://twitter.com/jruderman">Jesse Ruderman</a>
</li><li> <a href="https://twitter.com/curtisko">Curtis Koenig</a> (all kinds of random stuff)
</li><li> <a href="https://twitter.com/_mwc">Michael Coates</a>
</li><li> <a href="https://twitter.com/flamsmark">Tom Lowenthal</a> (privacy)
</li><li> <a href="https://twitter.com/securitae">Lucas Adamski</a>
</li><li> <a href="https://twitter.com/alexanderfowler">Alex Fowler</a>
</li><li> <a href="https://twitter.com/ygjb">Yvan Boily</a>
</li><li> <a href="https://twitter.com/dveditz">Daniel Veditz</a>
</li><li> <a href="https://twitter.com/openbuddha">Al Billings</a> (but mostly Buddhist and Hackerspace tweets)
</li><li> <a href="https://twitter.com/imelven">Ian Melven</a>
</li><li> <a href="https://twitter.com/kangsterizer">Guillaume Destuynder</a>
</li><li> <a href="https://twitter.com/nth10sd">Gary Kwong</a> (all sorts of stuff)
</li><li> <a href="https://twitter.com/mozdeco">Christian Holler (decoder)</a>
</li></ul>
<h4> Non-Mozilla Resources (blogs, news sites, twitter, tools) </h4>
<ul><li> <a href="Security/OtherSecurityResources"> Other Security Resources</a>
</li></ul>
<h3>Stuff that needs to be merged into this page properly</h3>
<h3> Meeting Notes </h3>
<h4>SecTeam Meetings</h4>
<table class="wikitable collapsible collapsed" style="width: 100%">
<tr>
<th> Meetings
</th></tr>
<tr>
<td>
<table class="wikitable collapsible collapsed" style="width: 100%">
<tr>
<th> AppSec Meetings 2012
</th></tr>
<tr>
<td>
<ul><li> <a href="Security/AppSecBiweekly/2012-02-13">2012-02-13</a>
</li></ul>
</td></tr></table>
<table class="wikitable collapsible collapsed" style="width: 100%">
<tr>
<th> SecTeam Meetings 2012
</th></tr>
<tr>
<td>
<ul><li> <a href="Security/Meetings/2012-02-01">2012-02-01</a>
</li><li> <a href="Security/Meetings/2012-01-25">2012-01-25</a>
</li><li> <a href="Security/Meetings/2012-01-18">2012-01-18</a>
</li><li> <a href="Security/Meetings/2012-01-11">2012-01-11</a>
</li><li> <a href="Security/Meetings/2012-01-04">2012-01-04</a>
</li></ul>
</td></tr></table>
<table class="wikitable collapsible collapsed" style="width: 100%">
<tr>
<th> SecTeam Meetings 2011
</th></tr>
<tr>
<td>
<ul><li> <a href="Security/Meetings/2011-12-28">2011-12-28</a>
</li><li> <a href="Security/Meetings/2011-12-21">2011-12-21</a>
</li><li> <a href="Security/Meetings/2011-12-07">2011-12-14</a>
</li><li> <a href="Security/Meetings/2011-12-07">2011-12-07</a>
</li><li> <a href="Security/Meetings/2011-11-30">2011-11-30</a>
</li><li> <a href="Security/Meetings/2011-11-23">2011-11-23</a>
</li><li> <a href="Security/Meetings/2011-11-16">2011-11-16</a>
</li><li> <a href="Security/Meetings/2011-11-09">2011-11-09</a>
</li><li> <a href="Security/Meetings/2011-11-02">2011-11-02</a>
</li><li> <a href="Security/Meetings/2011-10-26">2011-10-26</a>
</li><li> <a href="Security/Meetings/2011-10-19">2011-10-19</a>
</li><li> <a href="Security/Meetings/2011-10-12">2011-10-12</a>
</li><li> <a href="Security/Meetings/2011-10-05">2011-10-05</a>
</li><li> <a href="Security/Meetings/2011-09-28">2011-09-28</a>
</li><li> No meeting on 9/14 (All Hands) or 9/21 (Fuzzing Work Week)
</li><li> <a href="Security/Meetings/2011-09-07">2011-09-07</a>
</li><li> <a href="Security/Meetings/2011-08-31">2011-08-31</a>
</li><li> <a href="Security/Meetings/2011-08-24">2011-08-24</a>
</li><li> <a href="Security/Meetings/lifecycledisc">Life Cycle discussion</a>
</li><li> <a href="Security/Meetings/2011-08-17">2011-08-17</a>
</li><li> <a href="Security/Meetings/2011-08-10">2011-08-10</a>
</li><li> <a href="Security/Meetings/2011-07-27">2011-07-27</a>
</li><li> <a href="Security/Meetings/2011-07-20">2011-07-20</a>
</li><li> <a href="Security/Meetings/2011-07-13">2011-07-13</a>
</li><li> <a href="Security/Meetings/2011-07-06">2011-07-06</a>
</li><li> <a href="Security/Meetings/2011-06-29">2011-06-29</a>
</li><li> <a href="Security/Meetings/2011-06-22">2011-06-22</a>
</li><li> <a href="Security/Meetings/2011-06-15">2011-06-15</a>
</li><li> <a href="Security/Meetings/2011-06-08">2011-06-08</a>
</li><li> <a href="Security/Meetings/2011-06-01">2011-06-01</a>
</li></ul>
</td></tr></table>
<table class="wikitable collapsible collapsed" style="width: 100%">
<tr>
<th> Joint Secteam-Infrasec Meetings 2012
</th></tr>
<tr>
<td>
<ul><li> <a href="Security/Meetings/2012-01-12">2012-01-12</a>
</li></ul>
</td></tr></table>
<table class="wikitable collapsible collapsed" style="width: 100%">
<tr>
<th> Joint Secteam-Infrasec Meetings 2011
</th></tr>
<tr>
<td>
<ul><li> <a href="Security/Meetings/2011-12-15">2011-12-15</a>
</li><li> <a href="Security/Meetings/2011-11-17">2011-11-17</a>
</li><li> <a href="Security/Meetings/2011-10-06">2011-10-06</a>
</li><li> <a href="Security/Meetings/2011-09-08">2011-09-08</a>
</li><li> <a href="Security/Meetings/2011-08-25">2011-08-25</a>
</li><li> <a href="Security/Meetings/2011-08-11">2011-08-11</a>
</li><li> <a href="Security/Meetings/2011-07-28">2011-07-28</a>
</li><li> <a href="Security/Meetings/2011-06-16">2011-06-16</a>
</li></ul>
</td></tr></table>
</td></tr></table>
<p><br />
</p>
<p><br />
</p>
==== Twitter Accounts of Security Mozillians ====
* [https://twitter.com/mozsec Mozilla Security]
* [https://twitter.com/mozwebsec Mozilla Security]
* [https://twitter.com/jruderman Jesse Ruderman]
* [https://twitter.com/curtisko Curtis Koenig] (all kinds of random stuff)
* [https://twitter.com/_mwc Michael Coates]
* [https://twitter.com/flamsmark Tom Lowenthal] (privacy)
* [https://twitter.com/securitae Lucas Adamski]
* [https://twitter.com/alexanderfowler Alex Fowler]
* [https://twitter.com/ygjb Yvan Boily]
* [https://twitter.com/dveditz Daniel Veditz]
* [https://twitter.com/openbuddha Al Billings] (but mostly Buddhist and Hackerspace tweets)
* [https://twitter.com/imelven Ian Melven]
* [https://twitter.com/kangsterizer Guillaume Destuynder]
* [https://twitter.com/nth10sd Gary Kwong] (all sorts of stuff)
* [https://twitter.com/mozdeco Christian Holler (decoder)]
==== Non-Mozilla Resources (blogs, news sites, twitter, tools) ====
* [[Security/OtherSecurityResources| Other Security Resources]]
===Stuff that needs to be merged into this page properly===
=== Meeting Notes ===
====SecTeam Meetings====
{| class="wikitable collapsible collapsed" style="width: 100%"
! Meetings
|-
|
{| class="wikitable collapsible collapsed" style="width: 100%"
! AppSec Meetings 2012
|-
|
* [[Security/AppSecBiweekly/2012-02-13|2012-02-13]]
|}
{| class="wikitable collapsible collapsed" style="width: 100%"
! SecTeam Meetings 2012
|-
|
* [[Security/Meetings/2012-02-01|2012-02-01]]
* [[Security/Meetings/2012-01-25|2012-01-25]]
* [[Security/Meetings/2012-01-18|2012-01-18]]
* [[Security/Meetings/2012-01-11|2012-01-11]]
* [[Security/Meetings/2012-01-04|2012-01-04]]
|}
{| class="wikitable collapsible collapsed" style="width: 100%"
! SecTeam Meetings 2011
|-
|
* [[Security/Meetings/2011-12-28|2011-12-28]]
* [[Security/Meetings/2011-12-21|2011-12-21]]
* [[Security/Meetings/2011-12-07|2011-12-14]]
* [[Security/Meetings/2011-12-07|2011-12-07]]
* [[Security/Meetings/2011-11-30|2011-11-30]]
* [[Security/Meetings/2011-11-23|2011-11-23]]
* [[Security/Meetings/2011-11-16|2011-11-16]]
* [[Security/Meetings/2011-11-09|2011-11-09]]
* [[Security/Meetings/2011-11-02|2011-11-02]]
* [[Security/Meetings/2011-10-26|2011-10-26]]
* [[Security/Meetings/2011-10-19|2011-10-19]]
* [[Security/Meetings/2011-10-12|2011-10-12]]
* [[Security/Meetings/2011-10-05|2011-10-05]]
* [[Security/Meetings/2011-09-28|2011-09-28]]
* No meeting on 9/14 (All Hands) or 9/21 (Fuzzing Work Week)
* [[Security/Meetings/2011-09-07|2011-09-07]]
* [[Security/Meetings/2011-08-31|2011-08-31]]
* [[Security/Meetings/2011-08-24|2011-08-24]]
* [[Security/Meetings/lifecycledisc|Life Cycle discussion]]
* [[Security/Meetings/2011-08-17|2011-08-17]]
* [[Security/Meetings/2011-08-10|2011-08-10]]
* [[Security/Meetings/2011-07-27|2011-07-27]]
* [[Security/Meetings/2011-07-20|2011-07-20]]
* [[Security/Meetings/2011-07-13|2011-07-13]]
* [[Security/Meetings/2011-07-06|2011-07-06]]
* [[Security/Meetings/2011-06-29|2011-06-29]]
* [[Security/Meetings/2011-06-22|2011-06-22]]
* [[Security/Meetings/2011-06-15|2011-06-15]]
* [[Security/Meetings/2011-06-08|2011-06-08]]
* [[Security/Meetings/2011-06-01|2011-06-01]]
|}
{| class="wikitable collapsible collapsed" style="width: 100%"
! Joint Secteam-Infrasec Meetings 2012
|-
|
* [[Security/Meetings/2012-01-12|2012-01-12]]
|}
{| class="wikitable collapsible collapsed" style="width: 100%"
! Joint Secteam-Infrasec Meetings 2011
|-
|
* [[Security/Meetings/2011-12-15|2011-12-15]]
* [[Security/Meetings/2011-11-17|2011-11-17]]
* [[Security/Meetings/2011-10-06|2011-10-06]]
* [[Security/Meetings/2011-09-08|2011-09-08]]
* [[Security/Meetings/2011-08-25|2011-08-25]]
* [[Security/Meetings/2011-08-11|2011-08-11]]
* [[Security/Meetings/2011-07-28|2011-07-28]]
* [[Security/Meetings/2011-06-16|2011-06-16]]
|}
|}