Content Security Weekly Meeting Report

Active Projects

AsyncOpen

• 2 docshell bugs landing, one last one (hardest one) left
• Create test framework to ensure loadinfo invariants and prevent regresions post-switch.

Containers

• Finishing segregation bugs and moving onto testing bugs
• about:containers status?
• Planning for design sprint, end of August

Download Protection

• Download protection 48 blog post: https://blog.mozilla.org/security/2016/08/01/enhancing-download-protection-in-firefox/

Secure Sandbox

• Mostly team still ramping up on sandbox knowledge
• Aiming to have ‘sandbox security model’ complete by mid-august
• Starting re-audit of message manager code
• Engaging with fuzzing team to determine way plan for sandbox fuzzing

Safe Browsing

• Intent to implement version 4: https://groups.google.com/d/topic/mozilla.dev.platform/QkGabZPHiUA/discussion

Tor

• First-party isolation WIP patch has postive feedback from Jonas, needs completion?
• Test framework being developed while actual tests are blocked on first-party isolation implementation?

Tracking Protection Enhancements

HSTS

Referrer

• New Referrer Policy states now in HTML spec: https://github.com/whatwg/html/pull/1589