SecurityEngineering/2015/Q2Goals: Difference between revisions
Jump to navigation
Jump to search
(Adding Items for Content Sec, Privacy and QA) |
(→Content Security: Removing items from last Q.) |
||
Line 3: | Line 3: | ||
== Content Security == | == Content Security == | ||
* {{new|Implement insecure password warnings for Firefox DevTools.}} (dri=tanvi) | * {{new|Implement insecure password warnings for Firefox DevTools.}} (dri=tanvi) | ||
* {{new|Finalize and then implement HTTP/HTTPS policy for password manager.}} (dri=tanvi) | |||
* {{new|Set appropriate loadingPrincipal and triggeringPrincipal in docshell.}} (dri=tanvi) | * {{new|Set appropriate loadingPrincipal and triggeringPrincipal in docshell.}} (dri=tanvi) | ||
* {{new|REVAMP: Add AsyncOpen2 to nsIChannel and start moving security checks.}} (dri=ckerschb) | * {{new|REVAMP: Add AsyncOpen2 to nsIChannel and start moving security checks.}} (dri=ckerschb) | ||
* {{new| | * {{new|CSP: Implement CSP directive: upgrade if insecure.}} (dri=ckerschb) | ||
* {{new|Support for "potentially unwanted software" URLs in Safe Browsing}} (dri=francois) | * {{new|Support for "potentially unwanted software" URLs in Safe Browsing}} (dri=francois) | ||
** Land https://bugzilla.mozilla.org/show_bug.cgi?id=1147212 | ** Land https://bugzilla.mozilla.org/show_bug.cgi?id=1147212 |
Revision as of 16:33, 3 April 2015
Content Security
- [NEW] Implement insecure password warnings for Firefox DevTools. (dri=tanvi)
- [NEW] Finalize and then implement HTTP/HTTPS policy for password manager. (dri=tanvi)
- [NEW] Set appropriate loadingPrincipal and triggeringPrincipal in docshell. (dri=tanvi)
- [NEW] REVAMP: Add AsyncOpen2 to nsIChannel and start moving security checks. (dri=ckerschb)
- [NEW] CSP: Implement CSP directive: upgrade if insecure. (dri=ckerschb)
- [NEW] Support for "potentially unwanted software" URLs in Safe Browsing (dri=francois)
Privacy/Tracking Protection
- [NEW] Provide Platform support for tracking protection (dri=francois)
- [DONE] Review Referrer Policy. (dri=mmc/sid)
Addon Security
- Mechanism for enforcing signed-by-AMO addons.
Communications Security
- [ON TRACK] OneCRL based on (subject, public key) (dri=mgoodwin)
Security QE
- [NEW] Password Manager (dri=kamil)
- [NEW] meta referrer (dri=kamil)
- [NEW] Safe browsing (dri=mwobensmith)
- Run existing tests and update as needed
- Execute test coverage with multiple blocklists
- [NEW] Tracking protection (dri=mwobensmith)
- Test and help ship feature
- Test plan and relevent test cases/automation
- Community test involvement