Security: Difference between revisions
Jump to navigation
Jump to search
| Line 22: | Line 22: | ||
[[Security/CSP|Content Security Policy]] proposal and implementation | [[Security/CSP|Content Security Policy]] proposal and implementation | ||
[[Security/STS|Strict Transport Security]] proposal to prevent network attacks on all-HTTPS sites | |||
[[Security/Origin|Origin proposal for CSRF and clickjacking mitigation]] (i.e. anything that requires authentication of the origin of a request) | [[Security/Origin|Origin proposal for CSRF and clickjacking mitigation]] (i.e. anything that requires authentication of the origin of a request) | ||
Revision as of 22:43, 15 November 2009
Mozilla Security
Welcome to the Mozilla Security wiki. There is not much here yet so feel free to contribute.
How to report a security issue
Security reviews for new features/products
Security feature work
Main article: Security/Features
Content Security Policy proposal and implementation
Strict Transport Security proposal to prevent network attacks on all-HTTPS sites
Origin proposal for CSRF and clickjacking mitigation (i.e. anything that requires authentication of the origin of a request)
Process Isolation: Internal compartmentalization of Firefox architecture
Security Initiatives
- The plugin problem.
Mozilla Security resources and blogs
Mozilla security developer docs
Stuff that needs to be merged into this page properly
- Security:Strawman Model
- Security:Security Checks In Glue — a possible security model
- Security:Scattered Security Checks — a possible security model
- Security:Wrapper-based Checks — a possible security model
- Security:Bibliography
- Security:EV — summary about EV certification
- File:Intro to Mozilla Metrics.pdf Draft discussion of Security Metrics at Mozilla