SecurityEngineering/MeetingNotes/02-07-13: Difference between revisions

No edit summary
Line 25: Line 25:
* https://bugzilla.mozilla.org/show_bug.cgi?id=836431 - distinguish between mixed active vs mixed display loads in Webconsole - https://developer.mozilla.org/en-US/docs/Security/MixedContent
* https://bugzilla.mozilla.org/show_bug.cgi?id=836431 - distinguish between mixed active vs mixed display loads in Webconsole - https://developer.mozilla.org/en-US/docs/Security/MixedContent
* https://bugzilla.mozilla.org/show_bug.cgi?id=418354, and https://bugzilla.mozilla.org/show_bug.cgi?id=456957  - Block https->http redirects.
* https://bugzilla.mozilla.org/show_bug.cgi?id=418354, and https://bugzilla.mozilla.org/show_bug.cgi?id=456957  - Block https->http redirects.
== The Rest: ==
== The Rest ==
* https://bugzilla.mozilla.org/show_bug.cgi?id=838403 - Missing call for setting flag for mixed display blocked - needs a test.
* https://bugzilla.mozilla.org/show_bug.cgi?id=838403 - Missing call for setting flag for mixed display blocked - needs a test.
* https://bugzilla.mozilla.org/show_bug.cgi?id=836811 - needs a test, but has already landed in central
* https://bugzilla.mozilla.org/show_bug.cgi?id=836811 - needs a test, but has already landed in central
Line 32: Line 32:
* https://bugzilla.mozilla.org/show_bug.cgi?id=800098 - HSTS will be blocked before it's enforced.
* https://bugzilla.mozilla.org/show_bug.cgi?id=800098 - HSTS will be blocked before it's enforced.
** Inconsistency between first time visitor and second time visitors to an hsts embedded page.
** Inconsistency between first time visitor and second time visitors to an hsts embedded page.
** https://blog.mozilla.org/ embeds http://blog.mozilla.org/files/2013/01/most-trusted-privacy-2012-252x218.jpg that redirects to the https version.
** https://blog.mozilla.org/ embeds <pre>http://blog.mozilla.org/files/2013/01/most-trusted-privacy-2012-252x218.jpg</pre> that redirects to the https version.
** What should the correct behavior be?
** What should the correct behavior be?
* https://bugzilla.mozilla.org/show_bug.cgi?id=826599 - users have a choice to disable mixed content on iframes.  What should the correct behavior be?
* https://bugzilla.mozilla.org/show_bug.cgi?id=826599 - users have a choice to disable mixed content on iframes.  What should the correct behavior be?
Line 40: Line 40:
** Strike through https - https://bugzilla.mozilla.org/show_bug.cgi?id=834830
** Strike through https - https://bugzilla.mozilla.org/show_bug.cgi?id=834830
** UI Redesign Tweaks - https://bugzilla.mozilla.org/show_bug.cgi?id=827595
** UI Redesign Tweaks - https://bugzilla.mozilla.org/show_bug.cgi?id=827595
= Research! =
= Research! =
* password stats - https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AnujPp0bAzAvdDhVTnZuSTROamcwSGh0aGRZSDJNdmc#gid=6
* password stats - https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AnujPp0bAzAvdDhVTnZuSTROamcwSGh0aGRZSDJNdmc#gid=6
Confirmed users
197

edits