Security/B2G/2013 3 20
Jump to navigation
Jump to search
FirefoxOS Security Team Meeting
1pm PST, B2G Vidyo room Prior notes are here: https://wiki.mozilla.org/Security/B2G/2013_2_20 http://cansecwest.com/slides/2013/Adobe%20Sandbox.pdf
News
Upcoming features:
Current/upcoming Reviews
Goal Status Updates
Not here
2. Document Firefox OS Security (owner: dchan)
freddy did some appsec-testing docs
Part 1: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Debugging_and_Security_Testing_with_Firefox_OS
Part2: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Intercept_Firefox_OS_Traffic_Using_a_Proxy
Part 3: I'm not really happy with it, so it's in mana (scroll down): https://mana.mozilla.org/wiki/display/SECURITY/2013+Q1+-+Frederik+Braun+-+Learn+B2G
https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/System_security (some parts of this are still in Security_Model)
talk to sheppy for help irc://#mdn
#mdn can rename, make editorial reviews
3. Develop and land tests for security features (owner: dchan)
Working on finishing up suite 2 https://bugzilla.mozilla.org/show_bug.cgi?id=815105 Fixed up code to work again
4.Engage communities & third-parties for Firefox OS security review and testing (owner: pauljt)
https://docs.google.com/a/mozilla.com/document/d/1_KbifvJMxddhFsNbiHE5AwyNpFnIQNcVcmMkJ_QtvUw/edit#
5. Drive OS-layer security improvement (owner: kang)
- ASLR being reviewed, still needs some work for a cleaner implementation in gecko - Still trying to acquire qualcom sources for unagi
6. Secure app developer/reviewer guidelines/tools (owner: rforbes)
https://docs.google.com/a/mozilla.com/document/d/1DLs1jhTMxN5fh2PSb_O7FDaSadjjAW-MlK1xCBRWGmM/edit#