| Priority
|
Item
|
Status
|
ETA
|
Owner
|
| P1
|
| P2
|
Plugin background updating
|
not started
|
?
|
Kev Needham
|
| P2
|
Plugin sandboxing
|
not started
|
?
|
?
|
| P2
|
Effective certificate revocation and management
|
not started
|
?
|
?
|
| P2
|
Plugin runtime mitigations such as whitelist and/or click to
|
not started
|
?
|
Justin Dolske
|
| P2
|
javascript: and data: handling in URL bar and chrome
|
|
|
|
| P2
|
P3
|
DLL whitelisting by name or signature
|
not started
|
?
|
?
|
P3
|
Stub installer for SSL Firefox downloads
|
|
|
|
P3
|
Prune dead and dying code
|
|
|
|
P3
|
Malloc should be infallible
|
|
|
|
P3
|
TLS 1.2 support
|
|
|
|
| P3
|
P3
|
Eviltraps meta-bug (prevents users from leaving a page)
|
|
|
|
P4
|
RFC 1918 local IP blocking
|
|
|
|
P4
|
Notify user of malware in their crash signatures
|
|
|
|
P4
|
Expose HSTS and other security browser state to plugins (NPAPI)
|
|
|
|
P4
|
Prevent network requests to insecure sites (62178)
|
|
|
|