Various content-related changes have happened since Thunderbird 2. We should have a meeting with security folks to do a high-level audit of the changes to see if there are implications we have missed when making these decisions.

• Cookie policy changes: bug 492279, bug 501925, particularly tracking across email and RSS/add-on content (Standard8)
  • Cookies Review

• Is our current http(s) link expose strategy for tabs good enough for Tb3? If not, we need to propose a different one and discuss it here. (Standard8)
  • Link Expose Review

• Remote content checks are now based on where the load was initiated from bug 374578 (Standard8)
  • Content Policy Review

• Review current state of plugin behavior: bug 433794 (dmose)
  • Plugin Behavior Review

• Now that JS is on by default in docshells when they run non-mailnews content URIs, how important/difficult is it to force existing extensions to explicitly opt-in to this new behavior? (dmose)

Meeting logistics

2:30 Pacific time http://www.timeanddate.com/worldclock/meetingdetails.html?year=2009&month=9&day=30&hour=21&min=30&sec=0&p1=224

We'll be using the dialin info at <https://wiki.mozilla.org/Thunderbird/StatusMeeting/DialInInfo> for the meeting. Note that it DEFAULTS to MUTE, so you must use *1 to unmute yourself before speaking.