This is a list of projects that we could use some help with. If you're interested in pitching in and making the web a safer place, these are great ways to start.
For information about the Mozilla Mentorship program, please see Security/Mentorship.
Coding/Gecko projects
| Project Name |
Contact |
Details
|
| Wordpress CSP Plugin
|
Sid Stamm
|
We need to update it for CSP 1.0 (W3C spec)
|
| Mixed Content Dev Tools
|
Tanvi Vyas
|
??
|
| Security Report devtool
|
Tanvi Vyas
|
See also bug 781147
|
| Auto-Fix SSL errors
|
??
|
Identify and implement autocorrection for things like system time errors, server redirects to HTTPS, etc.
|
| Cookie Tagging
|
Mark Goodwin
|
Build plumbing to tag cookies allowing selection and deletion of cookies by tag type (and other things). See also bug 792986
|
| CSP 1.1: path support
|
Sid Stamm
|
Implement paths for sources in CSP. See bug 808292.
|
| CSP 1.1: Sandbox support
|
Sid Stamm
|
Implement sandbox directive for CSP. See bug 671389.
|
| CSP 1.1: Prototype script-hash or script-nonce to help the development of the spec
|
Ian Melven
|
Prototype the proposed experimental script-hash and/or script-nonce directives for CSP and share insights with WebAppSec WG
|
| Certificate Manager for B2G
|
??
|
Allow adding/removal of certs in B2G
|
| Client Cert support in Fx Android
|
??
|
|
| Certificate manager for Fx Android
|
??
|
|
Data Gathering projects
| Project Name |
Contact |
Details
|
| HSTS preload list crawler
|
David Keeler
|
|
| HTTPS by default
|
Brian Smith
|
For addressbar entries, assume https and fallback to http. Does it work? Need to study its effects.
|
| Cert error reporting
|
??
|
See also bug 707275. This would create a mechanism for users to take action that would send cert chains and error info to Mozilla.
|
| Fast profile switcher
|
Monica Chew
|
Prototype for seeing how users interact with it.
|
| WebApp CSP generator
|
??
|
Tool for generating CSPs for packaged web apps
|
| Remove UserPass support from nsIURI
|
??
|
We need to understand the affect of removing userpass support from our URIs in Firefox.
|