Security

Welcome to the Mozilla Security wiki. There is not much here yet so feel free to contribute.

Security-related bugs

Security Severity Ratings

How to report a security issue

Want to fix a security bug? Here is a list of old thorny bugs you can take on.

Security reviews for new features/products

Main Article: Security/Reviews

Security Radar

• Active
• Triage
• Off Scope

Unlinked Reviews

• Sync Client
• Weave 1.3b5 Client
• Account Manager

Security Discussions / Possible Features

• Security/Cookie Preferences
• Security/l20n
• Security/Add-Ons Discussion

Security feature work

Main article: Security/Features

• Content Security Policy proposal and implementation
• Strict Transport Security proposal to prevent network attacks on all-HTTPS sites
• Origin proposal for CSRF and clickjacking mitigation (i.e. anything that requires authentication of the origin of a request)
• Process Isolation: Internal compartmentalization of Firefox architecture

Security Initiatives

• The plugin problem.
  • https://wiki.mozilla.org/Security:ThePluginProblem

Mozilla Security resources and blogs

Mozilla Security Center

Mozilla security developer docs

Mozilla Security blog

Lucas Adamski's blog

Sid Stamm's blog

Chris Lyon's blog

Stuff that needs to be merged into this page properly

• Security:Strawman Model
• Security:Security Checks In Glue — a possible security model
• Security:Scattered Security Checks — a possible security model
• Security:Wrapper-based Checks — a possible security model
• Security:Bibliography

• Security:EV — summary about EV certification
• File:Intro to Mozilla Metrics.pdf Draft discussion of Security Metrics at Mozilla

Meeting Notes

• 2011-06-15
• 2011-06-08
• 2011-06-01