SecurityEngineering/Roadmap: Difference between revisions
Jump to navigation
Jump to search
| Line 100: | Line 100: | ||
|- | |- | ||
| P4<br> | | P4<br> | ||
| Prevent network requests to insecure sites | | Prevent network requests to insecure sites (62178)<br> | ||
| | | <br> | ||
| | | <br> | ||
| | | <br> | ||
|} | |} | ||
Revision as of 23:56, 27 June 2011
Protect our Users
| Priority | Item | Status | ETA | Owner |
|---|---|---|---|---|
| P1 | ||||
| P2 | Plugin background updating |
not started | ? | Kev Needham |
| P2 | Plugin sandboxing |
not started | ? | ? |
| P2 | Effective certificate revocation and management |
not started | ? | ? |
| P2 | Plugin runtime mitigations such as whitelist and/or click to |
not started | ? | Justin Dolske |
| P2 | javascript: and data: handling in URL bar and chrome | |||
| P2 | ||||
| P3 |
DLL whitelisting by name or signature |
not started |
? |
? |
| P3 |
Stub installer for SSL Firefox downloads |
|||
| P3 |
Prune dead and dying code |
|||
| P3 |
Malloc should be infallible |
|||
| P3 |
TLS 1.2 support |
|||
| P3 | ||||
| P3 |
Eviltraps meta-bug (prevents users from leaving a page) |
|||
| P4 |
RFC 1918 local IP blocking |
|||
| P4 |
Notify user of malware in their crash signatures |
|||
| P4 |
Expose HSTS and other security browser state to plugins (NPAPI) |
|||
| P4 |
Prevent network requests to insecure sites (62178) |