SecurityEngineering/Projects
This is a list of projects that we could use some help with. If you're interested in pitching in and making the web a safer place, these are great ways to start.
For information about the Mozilla Mentorship program, please see Security/Mentorship.
Coding/Gecko projects
| Project Name | Contact | Details |
|---|---|---|
| Wordpress CSP Plugin | Sid Stamm | We need to update it for CSP 1.0 (W3C spec) |
| Mixed Content Dev Tools | Tanvi Vyas | ?? |
| Security Report devtool | Tanvi Vyas | See also bug 781147 |
| Auto-Fix SSL errors | ?? | Identify and implement autocorrection for things like system time errors, server redirects to HTTPS, etc. |
| Cookie Tagging | Mark Goodwin | Build plumbing to tag cookies allowing selection and deletion of cookies by tag type (and other things). See also bug 792986 |
| CSP 1.1: path support | Sid Stamm | Implement paths for sources in CSP. See bug 808292. |
| CSP 1.1: Sandbox support | Sid Stamm | Implement sandbox directive for CSP. See bug 671389. |
| CSP 1.1: Prototype script-hash or script-nonce to help the development of the spec | Ian Melven | Prototype the proposed experimental script-hash and/or script-nonce directives for CSP and share insights with WebAppSec WG |
| CSP UI Safety : frame-options | Ian Melven | Take the existing frame-ancestors code and adapt it to the proposed CSP UI Safety frame-options directive See bug 846978 |
| Certificate Manager for B2G | ?? | Allow adding/removal of certs in B2G |
| Client Cert support in Fx Android | ?? | |
| Certificate manager for Fx Android | ?? |
Data Gathering projects
| Project Name | Contact | Details |
|---|---|---|
| HSTS preload list crawler | David Keeler | |
| HTTPS by default | Brian Smith | For addressbar entries, assume https and fallback to http. Does it work? Need to study its effects. |
| Cert error reporting | ?? | See also bug 707275. This would create a mechanism for users to take action that would send cert chains and error info to Mozilla. |
| Fast profile switcher | Monica Chew | Prototype for seeing how users interact with it. |
| WebApp CSP generator | ?? | Tool for generating CSPs for packaged web apps |
| Remove UserPass support from nsIURI | ?? | We need to understand the affect of removing userpass support from our URIs in Firefox. |