|
|
| (87 intermediate revisions by 11 users not shown) |
| Line 1: |
Line 1: |
| === Protect our Users ===
| | #REDIRECT [[Security/Roadmap]] |
| | |
| {|class=wikitable
| |
| |-
| |
| ! Priority
| |
| ! Item
| |
| ! Status
| |
| ! ETA
| |
| ! Owner
| |
| |-
| |
| | P1 {{#lst:Security/Features/Sandboxing of content processes|status}}
| |
| |-
| |
| | P2
| |
| | [https://wiki.mozilla.org/Plugins:Roadmap#In-Product_Compatibility.2C_Installation.2C_and_Updates Plugin background updating]<br>
| |
| | not started
| |
| | ?
| |
| | Kev Needham<br>
| |
| |-
| |
| | P2
| |
| | [https://wiki.mozilla.org/NPAPI:Pepper2 Plugin sandboxing]<br>
| |
| | not started
| |
| | ?
| |
| | ?
| |
| |-
| |
| | P2
| |
| | [https://groups.google.com/group/mozilla.dev.security/browse_thread/thread/f8afac1eef7cb4cd/b570280627c3dca8 Effective certificate revocation and management]<br>
| |
| | not started
| |
| | ?
| |
| | ?
| |
| |-
| |
| | P2
| |
| | [https://wiki.mozilla.org/Opt-in_activation_for_plugins Plugin runtime mitigations such as whitelist and/or click to ]<br>
| |
| | not started
| |
| | ?
| |
| | Justin Dolske
| |
| |-
| |
| | P2
| |
| | javascript: and data: handling in URL bar and chrome
| |
| | <br>
| |
| | <br>
| |
| | <br>
| |
| |-
| |
| | P2 {{#lst:Security/Features/XSS_Filter|status}}
| |
| |-
| |
| | P3<br>
| |
| | DLL whitelisting by name or signature<br>
| |
| | not started<br>
| |
| | ?<br>
| |
| | ?<br>
| |
| |-
| |
| | P3<br>
| |
| | Stub installer for SSL Firefox downloads<br>
| |
| | <br>
| |
| | <br>
| |
| | <br>
| |
| |-
| |
| | P3<br>
| |
| | Prune dead and dying code<br>
| |
| | <br>
| |
| | <br>
| |
| | <br>
| |
| |-
| |
| | P3<br>
| |
| | Malloc should be infallible<br>
| |
| | <br>
| |
| | <br>
| |
| | <br>
| |
| |-
| |
| | P3<br>
| |
| | TLS 1.2 support<br>
| |
| | <br>
| |
| | <br>
| |
| | <br>
| |
| |-
| |
| | P3 {{#lst:Firefox/Features/Locationbar_Domain_Highlight|status}}
| |
| |-
| |
| | P3<br>
| |
| | Eviltraps meta-bug (prevents users from leaving a page)<br>
| |
| | <br>
| |
| | <br>
| |
| | <br>
| |
| |-
| |
| | P4<br>
| |
| | RFC 1918 local IP blocking<br>
| |
| | <br>
| |
| | <br>
| |
| | <br>
| |
| |-
| |
| | P4<br>
| |
| | Notify user of malware in their crash signatures<br>
| |
| | <br>
| |
| | <br>
| |
| | <br>
| |
| |-
| |
| | P4<br>
| |
| | Expose HSTS and other security browser state to plugins (NPAPI)<br>
| |
| | <br>
| |
| | <br>
| |
| | <br>
| |
| |-
| |
| | P4<br>
| |
| | Prevent network requests to insecure sites {{bug|62178}}
| |
| |
| |
| |
| |
| | Honza Bambas
| |
| |}
| |