SecurityEngineering/2015/Q2Goals: Difference between revisions

Content Security

• [NEW] Implement insecure password warnings for Firefox DevTools. (dri=tanvi)
• [NEW] Finalize and then implement HTTP/HTTPS policy for password manager. (dri=tanvi)
• [NEW] Set appropriate loadingPrincipal and triggeringPrincipal in docshell. (dri=tanvi)
• [NEW] REVAMP: Add AsyncOpen2 to nsIChannel and start moving security checks. (dri=ckerschb)
• [NEW] CSP: Implement CSP directive: upgrade if insecure. (dri=ckerschb)
• [NEW] Support for "potentially unwanted software" URLs in Safe Browsing (dri=francois)
  • Land https://bugzilla.mozilla.org/show_bug.cg​i?id=1147212​

Privacy/Tracking Protection

• [NEW] Provide Platform support for tracking protection (dri=francois)
• [NEW] Referrer: Default referrer and referrer overrides. (dri=sworkman/sid)

Addon Security

• Mechanism for enforcing signed-by-AMO addons.

Communications Security

• [NEW] Remove revocation checks for short-lived certificates (dri=jcjones)
• [NEW] Apply "strict mode + fallback" measurement methodology to EKU, SHA-1 (dri=dkeeler)
• [NEW] Establish a plan for a consolidated mechanism for pushing security policy state (dri=mgoodwin)
• [NEW] Establish a plan for Certificate Transparency (dri=dkeeler)
• [NEW] Support for CA-provided intermediate cert info in SalesForce (including revocation info) (dri=kwilson)
• [NEW] WebCrypto hardware-backed keys (dri=rbarnes)

Security QE

• [NEW] Password Manager (dri=kamil)
• [NEW] meta referrer (dri=kamil)
• [NEW] Safe browsing (dri=mwobensmith)
  • Run existing tests and update as needed
  • Execute test coverage with multiple blocklists
• [NEW] Tracking protection (dri=mwobensmith)
  • Test and help ship feature
  • Test plan and relevent test cases/automation
  • Community test involvement