Confirmed users
197
edits
SecurityEngineering/MeetingNotes/02-07-13: Difference between revisions
SecurityEngineering/MeetingNotes/02-07-13 (view source)
Revision as of 01:50, 8 February 2013
, 8 February 2013→The Rest:
No edit summary |
|||
| Line 25: | Line 25: | ||
* https://bugzilla.mozilla.org/show_bug.cgi?id=836431 - distinguish between mixed active vs mixed display loads in Webconsole - https://developer.mozilla.org/en-US/docs/Security/MixedContent | * https://bugzilla.mozilla.org/show_bug.cgi?id=836431 - distinguish between mixed active vs mixed display loads in Webconsole - https://developer.mozilla.org/en-US/docs/Security/MixedContent | ||
* https://bugzilla.mozilla.org/show_bug.cgi?id=418354, and https://bugzilla.mozilla.org/show_bug.cgi?id=456957 - Block https->http redirects. | * https://bugzilla.mozilla.org/show_bug.cgi?id=418354, and https://bugzilla.mozilla.org/show_bug.cgi?id=456957 - Block https->http redirects. | ||
== The Rest | == The Rest == | ||
* https://bugzilla.mozilla.org/show_bug.cgi?id=838403 - Missing call for setting flag for mixed display blocked - needs a test. | * https://bugzilla.mozilla.org/show_bug.cgi?id=838403 - Missing call for setting flag for mixed display blocked - needs a test. | ||
* https://bugzilla.mozilla.org/show_bug.cgi?id=836811 - needs a test, but has already landed in central | * https://bugzilla.mozilla.org/show_bug.cgi?id=836811 - needs a test, but has already landed in central | ||
| Line 32: | Line 32: | ||
* https://bugzilla.mozilla.org/show_bug.cgi?id=800098 - HSTS will be blocked before it's enforced. | * https://bugzilla.mozilla.org/show_bug.cgi?id=800098 - HSTS will be blocked before it's enforced. | ||
** Inconsistency between first time visitor and second time visitors to an hsts embedded page. | ** Inconsistency between first time visitor and second time visitors to an hsts embedded page. | ||
** https://blog.mozilla.org/ embeds http://blog.mozilla.org/files/2013/01/most-trusted-privacy-2012-252x218.jpg that redirects to the https version. | ** https://blog.mozilla.org/ embeds <pre>http://blog.mozilla.org/files/2013/01/most-trusted-privacy-2012-252x218.jpg</pre> that redirects to the https version. | ||
** What should the correct behavior be? | ** What should the correct behavior be? | ||
* https://bugzilla.mozilla.org/show_bug.cgi?id=826599 - users have a choice to disable mixed content on iframes. What should the correct behavior be? | * https://bugzilla.mozilla.org/show_bug.cgi?id=826599 - users have a choice to disable mixed content on iframes. What should the correct behavior be? | ||
| Line 40: | Line 40: | ||
** Strike through https - https://bugzilla.mozilla.org/show_bug.cgi?id=834830 | ** Strike through https - https://bugzilla.mozilla.org/show_bug.cgi?id=834830 | ||
** UI Redesign Tweaks - https://bugzilla.mozilla.org/show_bug.cgi?id=827595 | ** UI Redesign Tweaks - https://bugzilla.mozilla.org/show_bug.cgi?id=827595 | ||
= Research! = | = Research! = | ||
* password stats - https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AnujPp0bAzAvdDhVTnZuSTROamcwSGh0aGRZSDJNdmc#gid=6 | * password stats - https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AnujPp0bAzAvdDhVTnZuSTROamcwSGh0aGRZSDJNdmc#gid=6 | ||