MozillaWiki

SecurityEngineering/Roadmap: Difference between revisions

Page Discussion

SecurityEngineering/Roadmap (view source)

Revision as of 03:38, 3 February 2012

167 bytes removed ,  3 February 2012
m
→‎Ideas Not Yet Awesome Enough
mNo edit summary
Line 62: Line 62:
{|class=wikitable
{|class=wikitable
|-
|-
! Priority
! Item  
! Item  
! Status  
! Status  
Line 68: Line 67:
! Owner
! Owner
|-
|-
| P2
| [https://wiki.mozilla.org/NPAPI:Pepper2 Plugin sandboxing]<br>  
| [https://wiki.mozilla.org/NPAPI:Pepper2 Plugin sandboxing]<br>  
| not started  
| not started  
Line 74: Line 72:
| &nbsp;?
| &nbsp;?
|-
|-
| P2
| [https://groups.google.com/group/mozilla.dev.security/browse_thread/thread/f8afac1eef7cb4cd/b570280627c3dca8 Effective certificate revocation and management]<br>  
| [https://groups.google.com/group/mozilla.dev.security/browse_thread/thread/f8afac1eef7cb4cd/b570280627c3dca8 Effective certificate revocation and management]<br>  
| not started  
| not started  
Line 80: Line 77:
| &nbsp;?
| &nbsp;?
|-
|-
| P2
| [https://wiki.mozilla.org/Opt-in_activation_for_plugins Plugin runtime mitigations such as whitelist and/or click to ]<br>  
| [https://wiki.mozilla.org/Opt-in_activation_for_plugins Plugin runtime mitigations such as whitelist and/or click to ]<br>  
| not started  
| not started  
Line 86: Line 82:
| &nbsp; Justin Dolske
| &nbsp; Justin Dolske
|-
|-
| P2
| javascript: and data: handling in URL bar and chrome  
| javascript: and data: handling in URL bar and chrome  
| <br>  
| <br>  
Line 92: Line 87:
| <br>
| <br>
|-
|-
| P3<br>
| DLL&nbsp;whitelisting by name or signature<br>  
| DLL&nbsp;whitelisting by name or signature<br>  
| not started<br>  
| not started<br>  
Line 98: Line 92:
| &nbsp;?<br>
| &nbsp;?<br>
|-
|-
| P3<br>
| Track "Application Reputation"<br>  
| Track "Application Reputation"<br>  
| <br>  
| <br>  
Line 104: Line 97:
| <br>
| <br>
|-
|-
| P3<br>
| Prune dead and dying code<br>  
| Prune dead and dying code<br>  
| <br>  
| <br>  
Line 110: Line 102:
| <br>
| <br>
|-
|-
| P3<br>
| Malloc should be infallible<br>  
| Malloc should be infallible<br>  
| <br>  
| <br>  
Line 116: Line 107:
| <br>
| <br>
|-
|-
| P3<br>
| TLS&nbsp;1.2 support<br>  
| TLS&nbsp;1.2 support<br>  
| <br>  
| <br>  
Line 122: Line 112:
| <br>
| <br>
|-
|-
| P3<br>
| Eviltraps meta-bug (prevents users from leaving a page)<br>  
| Eviltraps meta-bug (prevents users from leaving a page)<br>  
| <br>  
| <br>  
Line 128: Line 117:
| <br>
| <br>
|-
|-
| P4<br>
| Notify user of malware in their crash signatures<br>  
| Notify user of malware in their crash signatures<br>  
| <br>  
| <br>  
Line 134: Line 122:
| <br>
| <br>
|-
|-
| P4<br>
| Expose HSTS&nbsp;and other security browser state to plugins (NPAPI)<br>  
| Expose HSTS&nbsp;and other security browser state to plugins (NPAPI)<br>  
| <br>  
| <br>  
Line 140: Line 127:
| <br>
| <br>
|-
|-
| <br>
| Ignore autocomplete="off" for password fields
| Ignore autocomplete="off" for password fields
| <br>  
| <br>  
Line 146: Line 132:
| <br>
| <br>
|-
|-
| P1<br>
| UX security experiment  
| UX security experiment  
| not started  
| not started  
Line 152: Line 137:
| &nbsp;?
| &nbsp;?
|-
|-
| P2
| [https://bugzilla.mozilla.org/show_bug.cgi?id=663566 Content Security Policy revisions]
| [https://bugzilla.mozilla.org/show_bug.cgi?id=663566 Content Security Policy revisions]
| In progress
| In progress
Line 158: Line 142:
| Brandon Sterne
| Brandon Sterne
|-
|-
| P2<br>
| CSRF&nbsp;mitigations  
| CSRF&nbsp;mitigations  
| <br>  
| <br>  
Line 164: Line 147:
| <br>
| <br>
|-
|-
| P3
| Clickjacking mitigations  
| Clickjacking mitigations  
|  
|  
Line 170: Line 152:
|  
|  
|-
|-
| P3
| X-Content-Type-Options  
| X-Content-Type-Options  
|  
|  
Line 176: Line 157:
|  
|  
|-
|-
| P3
| toStaticHTML  
| toStaticHTML  
|  
|  
Ladamski
Confirmed users
717

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/393801"