
From MozillaWiki
Jump to navigation Jump to search

« previous week | index | next week »
  • Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
  • Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
  • Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
  • Phone (Toronto): 416 848 3114 x92 Conf: 95316#
  • Phone (US): 800 707 2533 (pin 369) Conf: 95316#


  • Next team meetup - in planning - Week Sept 16 - Paris
  • Goals - Please keep status up to date -
  • Metrics
  • Two Factor Auth Google Drive
    • Your second factor can be a phone (SMS)
    • can we get one of those token key things? (where do we get one) (YubiKey?)
  • [mcoates] Map of bug filers to category (employment status, whether they focus on security)
    • Only Google Drive users who have enabled TFA will be allowed to access this spreadsheet
      • [gkw] Do we access this via the shared folder?
      • [mcoates] no - it will be a new folder
  • [Jesse] Do we need (or have we done) a security reviews for productivity software popular among Mozilla employees, especially when they have cloud sync features? (Things, Wunderlist, Evernote, Google Keep, Astrid (which just got bought by Yahoo))
    • Things stores data in Google App Engine (reversed it a while ago :)
    • [mcoates] These tools aren't on the list of approved cloud stores for Mozilla data
    • [mcoates] So it's best if you don't use Things sync with confidential info
    • [joes] Most of these tools don't have individual-user-level encryption
  • [gkw] Networking (in SCL3?) broke when I updated my Linux machine.
  • [st3fan] Quick Minion Update
    • dogfooding beginning with two internal websites (support, - staging sites)
  • [pt] XSS & innerHTML (answered below, doesnt need vocalising) v1.0.1 has 142 instances of "innerHTML" (though most assign from literals) Most apps use basic sanitisation routines like regexp:

  • [gkw] Anyone else going to Black Hat in Las Vegas?
    • incl. Codenomicon, Defcon....
    • Early bird registration for BH ends on 31 May 2013
    • Tell Abillings this week if you're going!

Upcoming Speaking Engagements

(List it at these two locations too: & )

Planned Blog Posts

Security Review Status (curtisk)

  • Completed in Q1 2013: 66

Operations Security Update (Joe Stevensen)

Project Updates

Please add your name to the update so we know who to follow up with

Firefox Desktop

Firefox Mobile

Firefox OS

Firefox Core

  • Eyes on Jetpack / protocol handling bugs: bug 779197 and 820213, please


  • [cr] trying to solve the multi marketplace threat with reputation, will suggest a Meta Marketplace ("marketplace for marketplaces") concept.

Web Apps


Operation Security