Security: Difference between revisions
Jump to navigation
Jump to search
m (→Security feature work: bulletized) |
m (→Security reviews for new features/products: bulletized) |
||
Line 14: | Line 14: | ||
''Main Article: [[Security/Reviews]]'' | ''Main Article: [[Security/Reviews]]'' | ||
[[Labs/Weave/Sync Client Security Review|Sync Client]] | * [[Labs/Weave/Sync Client Security Review|Sync Client]] | ||
* [[Firefox Sync/Weave 1.3b5 Client Security Review|Weave 1.3b5 Client]] | |||
[[Firefox Sync/Weave 1.3b5 Client Security Review|Weave 1.3b5 Client]] | * [[Firefox/Projects/AccountManager/SecurityReview|Account Manager]] | ||
[[Firefox/Projects/AccountManager/SecurityReview|Account Manager]] | |||
===Security feature work=== | ===Security feature work=== |
Revision as of 20:52, 15 September 2010
Mozilla Security:
Welcome to the Mozilla Security wiki. There is not much here yet so feel free to contribute.
How to report a security issue
Want to fix a security bug? Here is a list of old thorny bugs you can take on.
Security reviews for new features/products
Main Article: Security/Reviews
Security feature work
Main article: Security/Features
- Content Security Policy proposal and implementation
- Strict Transport Security proposal to prevent network attacks on all-HTTPS sites
- Origin proposal for CSRF and clickjacking mitigation (i.e. anything that requires authentication of the origin of a request)
- Process Isolation: Internal compartmentalization of Firefox architecture
Security Initiatives
- The plugin problem.
Mozilla Security resources and blogs
Mozilla security developer docs
Stuff that needs to be merged into this page properly
- Security:Strawman Model
- Security:Security Checks In Glue — a possible security model
- Security:Scattered Security Checks — a possible security model
- Security:Wrapper-based Checks — a possible security model
- Security:Bibliography
- Security:EV — summary about EV certification
- File:Intro to Mozilla Metrics.pdf Draft discussion of Security Metrics at Mozilla