Enhancing product security with CSP for internal pages

Hi folks, For those who don't know me, I'm a Security Engineer working on Firefox OS (mostly Gaia and Gecko things). I have been pursuing a security goal for quite some time now but haven't yet announced this to throughout the project. A few months ago I had the idea to add a Content Security

Re: Enhancing product security with CSP for internal pages

On 15.04.2014 00:43, Neil wrote: Frederik Braun wrote: A few months ago I had the idea to add a Content Security Policy (CSP) to our internal pages, like about:newtab for example. So this just applies to about: pages? Primarily yes. I think some people are already working on other bits

Re: Enhancing product security with CSP for internal pages

On 15.04.2014 22:45, Neil wrote: Frederik Braun wrote: On 15.04.2014 00:43, Neil wrote: Frederik Braun wrote: A few months ago I had the idea to add a Content Security Policy (CSP) to our internal pages, like about:newtab for example. So this just applies to about: pages? Primarily

Link coloring in private browsing (Was: Intent to ship: Hyperlink Auditing (a ping))

On 20.05.2014 23:33, Ehsan Akhgari wrote: On 2014-05-20, 2:25 PM, Jonas Sicking wrote: On Fri, May 16, 2014 at 7:45 AM, Justin Dolske dol...@mozilla.com wrote: However we do implement some additional features in private browsing mode. For example we disable link coloring. I'm not sure what

Re: Overriding the CSP for privileged protocols

There's this bug filed about user overrides for CSPs: https://bugzilla.mozilla.org/show_bug.cgi?id=1014545 ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

Re: Are you interested in doing dynamic analysis of JS code?

Thanks for bringing this to dev-platform. Dynamic analysis is something the security teams are particularly interested in. Especially tainting user input is something we could make use of across the project: Existing security efforts for Firefox OS, Firefox Desktop, Firefox Mobile and our

Unimplement: @-moz-document regexp support?

Summary: Attackers can extract secret URL components (e.g. session IDs, oauth tokens) using @-moz-document. Using the regexp support and assuming a CSS injection (no XSS needed!), the attacker can probe the current URL with some regular expressions and send the URL parameters to a third party. A

Re: Unimplement: @-moz-document regexp support?

On 09.07.2014 01:41, Ehsan Akhgari wrote: On 2014-07-08, 6:34 PM, L. David Baron wrote: On Monday 2014-07-07 15:18 -0400, Ehsan Akhgari wrote: That seems pretty bad. I think we should at least stop supporting it for Web content. David, what do you think? I'm ok with restricting it to UA

Re: Evaluating adding JOSE and JWS to mozilla-central

Well there is https://github.com/mozilla/jwcrypto which does JWS. It is available in privileged JS through jwcrypto.jsm (i.e. resource://gre/modules/identity/jwcrypto.jsm). There's some code usage for these things in the MobileIdentityManager, Webapps and Payments jsms. On 12.08.2014 19:22,

Re: Restricting gUM to authenticated origins only

On 11.09.2014 19:04, Anne van Kesteren wrote: On Thu, Sep 11, 2014 at 6:58 PM, Martin Thomson m...@mozilla.com wrote: On 2014-09-11, at 00:56, Anne van Kesteren ann...@annevk.nl wrote: Are we actually partitioning permissions per top-level browsing context or could they already accomplish this

Per-origin versus per-domain restrictions (Re: Restricting gUM to authenticated origins only)

On 12.09.2014 11:51, Henri Sivonen wrote: On Fri, Sep 12, 2014 at 12:39 PM, Frederik Braun fbr...@mozilla.com wrote: On 11.09.2014 19:04, Anne van Kesteren wrote: On Thu, Sep 11, 2014 at 6:58 PM, Martin Thomson m...@mozilla.com wrote: On 2014-09-11, at 00:56, Anne van Kesteren ann...@annevk.nl

Re: Per-origin versus per-domain restrictions (Re: Restricting gUM to authenticated origins only)

On 12.09.2014 12:22, Anne van Kesteren wrote: On Fri, Sep 12, 2014 at 11:56 AM, Frederik Braun fbr...@mozilla.com wrote: Yes and no. I identified this while working on a thesis on the Same Origin Policy in 2012 and filed this only for Geolocation in bug https://bugzilla.mozilla.org

Re: [b2g] Script Security Talk @ MozLandia

About recording the talk: We will get recording gear from Rainer Cvillink and I'm happy to help capturing the talk, but I am *terribly* inexperienced in doing this. So any kind of help is very much appreciated! I'll be the tall person who shows up early (my picture on the phonebook is quite

Re: [meta] Intent to implement and Security Privacy concerns

On 01.04.2015 08:28, Tantek Çelik wrote: One of the suggested additions to intent to implement emails: https://wiki.mozilla.org/WebAPI/ExposureGuidelines#Intent_to_Implement is a statement regarding Security Privacy concerns, because those have often been noted as brief summary statements

Re: Permission UI

The good news is that most of the complicated bits are already implemented. See about:permissions. Though it operates on hostnames and not origins (bug 1066517). ___ dev-platform mailing list dev-platform@lists.mozilla.org

Re: Memory management in C programs

On 29.01.2015 21:32, ISHIKAWA, Chiaki wrote: On 2015/01/12 22:46, Philip Chee wrote: One large difference between C and most other programming languages is that in C, you have to handle memory yourself rather than having a garbage collector do it for you. Ensuring that memory is allocated at

Re: Intent to deprecate: Insecure HTTP

On 13.04.2015 20:52, david.a.p.ll...@gmail.com wrote: 2) Protected by subresource integrity from a secure host This would allow website operators to securely serve static assets from non-HTTPS servers without MITM risk, and without breaking transparent caching proxies. Is that a

Re: Intent to implement: Metrics API for FxOS data collection

This is going to be a certified API, right? On 01.05.2015 23:43, Tamara Hills wrote: Hi All, Summary: We want to expose a Web API to Gaia to collect metrics for FxOS. This API would leverage the existing Gecko toolkit/components/telemetry capabilities to provide histograms to Telemetry

Re: AdBlock Plus as a ServiceWorker?

I thought that the APIs we brought into Firefox by implementing Tracking Protection were supposed to provide a better (canonical?) way to hook your own blocker into Firefox. ___ dev-platform mailing list dev-platform@lists.mozilla.org

Re: New Developer Tools Feature: prettifying JSON

On 16.04.2015 11:04, Jan Odvarko wrote: On Thu, Apr 16, 2015 at 10:30 AM, Frederik Braun fbr...@mozilla.com mailto:fbr...@mozilla.com wrote: Running our code in someone else's origin sounds undesired indeed. Not only because of CSP: What if someone puts this in a frame (or a popup

Re: New Developer Tools Feature: prettifying JSON

On 15.04.2015 18:54, Jan Odvarko wrote: … This approach has one security implication, if the page uses default-src 'none' (or other security restrictions?) - injecting JS into it generates warnings: Content Security Policy: The page's settings blocked the loading of a resource at self

Modifying Element.prototype for all globals

Hi, I am planning to do a little analysis of FxOS Gaia to identify instances of innerHTML assignments at runtime[1]. I am hoping this gives me a more precise number about hot paths (in contrast to just looking at the source code). In an ideal world I would write a script along the lines of

Re: Modifying Element.prototype for all globals

On 18/06/2015 13:37, Frederik Braun wrote: Hi, I am planning to do a little analysis of FxOS Gaia to identify instances of innerHTML assignments at runtime[1]. I am hoping this gives me a more precise number about hot paths (in contrast to just looking at the source code). In an ideal world I

Re: Modifying Element.prototype for all globals

On 18.06.2015 15:51, smaug wrote: On 06/18/2015 03:37 PM, Frederik Braun wrote: Hi, I am planning to do a little analysis of FxOS Gaia to identify instances of innerHTML assignments at runtime[1]. I am hoping this gives me a more precise number about hot paths (in contrast to just looking

Re: [feature] open certain domains into a private window

On 24.06.2015 10:09, Karl Dubost wrote: Le 23 juin 2015 à 20:57, Andreas Tolfsen a...@mozilla.com a écrit : Is it an option to register two browser handlers in the operating system for Firefox? nope. Because only Firefox knows based on your preferences which domains you always want in

Re: Browser API: iframe.executeScript()

On 16.06.2015 21:41, Paul Rouget wrote: On Tue, Jun 16, 2015 at 9:33 PM, Bobby Holley bobbyhol...@gmail.com wrote: On Tue, Jun 16, 2015 at 12:28 PM, Paul Rouget p...@mozilla.com wrote: The goal is to build a browser in HTML. Not to run a browser in current Firefox Desktop or in Chrome. Ok.

Re: Intent to implement: CSS Mask Image properties

This reads like it could pose similar problems than those we've had with SVG Filters, i.e., repaint timing and history sniffing. https://bugzilla.mozilla.org/show_bug.cgi?id=711043 Who would be a good person to verify / analyze this? On 10.11.2015 08:09, Ku(顧思捷)CJ wrote: > *Summary*: > Intend

Re: Fido U2F, two-factor authentication support

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 There is an experimental add-on being worked on that tries bring U2F support to Firefox. The source code is at , but it has not yet gone through the Add-on review process. Btw, the most important thing about

Re: Intent to implement and ship: FIDO U2F API

On 02.12.2015 18:53, Robert O'Callahan wrote: > On Wed, Dec 2, 2015 at 9:37 AM, Eric Rescorla wrote: > >> Are you thinking of something like WebUSB? >> (https://reillyeon.github.io/webusb/)? This is something we've looked at >> a bit but we're still trying to wrap our heads around

Re: When the beta version of firefox with e10s would be released?

On 03.12.2015 12:55, Yonggang Luo wrote: > On Thursday, December 3, 2015 at 4:57:28 PM UTC+8, Dave Townsend wrote: >> The developer edition already ships with e10s so you can test against that. > Indeed, I am looking for more stable version I use Developer Edition (aurora) for many years now and

Re: Dan Stillman's concerns about Extension Signing

On 27.11.2015 13:16, Gervase Markham wrote: > On 26/11/15 17:13, Mike Hoye wrote: >> Stillman wrote some new code and put it through a process meant to catch >> problems in old code, and it passed. That's unfortunate, but does it >> really surprise anyone that security is an evolving process? That

Re: TIFU by using Math.random()

On 25.11.2015 12:42, Philip Chee wrote: > > > Hopefully Spidermonkey's Math.random() is better. > > Phil > There have been multiple insightful responses on HN and reddit/netsec. The short version is, that

Re: ESLint is now available in the entire tree

On 30.11.2015 10:29, Patrick Brosset wrote: > I don't how much work is involved with getting rid of non-standard > spidermonkey syntax and pre-processors, but if it's a lot, then one option > would be to fork the espree parser (used by eslint), make it support those, > and configure eslint to use

Re: Proposed W3C Charter: TV Control Working Group

On 10.03.2016 08:53, L. David Baron wrote: > On Tuesday 2016-03-01 09:32 +0800, L. David Baron wrote: >> The W3C is proposing a charter for: >> >> TV Control Working Group >> https://www.w3.org/2016/02/tvcontrol.html >> https://lists.w3.org/Archives/Public/public-new-work/2016Feb/0005.html

Re: Intent to remove:

Strong agreement for removing . Looking at , it seems that Blink was successful in discouraging its use. ___ dev-platform mailing list dev-platform@lists.mozilla.org

Re: Spidernode/JXCore

There are indeed discussions in nodejs to became more vm agnostic. This was also hinted at in https://github.com/mozilla/spidernode/issues/3 On Thu, Apr 14, 2016 at 6:08 PM, Steve Fink wrote: > On 04/14/2016 06:21 AM, Philip Chee wrote: >> >> On 12/04/2016 19:27, Henri Sivonen

Re: Intent to implement and ship: only allow Flash on HTTP/HTTPS sites

On 10.02.2017 01:09, Xidorn Quan wrote: > On Fri, Feb 10, 2017, at 04:29 AM, Benjamin Smedberg wrote: >> Will this also prevent loading downloaded .swf files into Firefox? This >> is >>> useful for running Flash games, which tend to work best in the browser >>> (some media players also support

Re: HTML spec changes about data: URIs and origins

On Tue, Sep 13, 2016 at 5:02 PM, Boris Zbarsky <bzbar...@mit.edu> wrote: > On 9/13/16 8:31 AM, Frederik Braun wrote: >> I'd be happy to add a telemetry probe > > > For what, exactly? What do you propose to measure? > First of all, just to see how much br

HTML spec changes about data: URIs and origins

Firefox treats iframes pointing to a data URL as same-origin. This is all well-known, was part of the HTML spec and has been discussed before [1,2] What has changed now is the HTML spec text[3]: Given that EdgeHTML, Webkit and Blink violated this requirement, the standard now turned around and

Re: What are your use cases for the Touch Bar on the new MacBook Pro?

Tab Preview that allows quick scrolling Open New Tab (+ Icon) When already in a new tab: Quick access to most visisted websites (like the tiles) On 03.01.2017 18:17, Stephen A Pohl wrote: > We are gathering ideas for possible use cases of the Touch Bar on the > new MacBookPro and would like to

Re: Who loves multiple selection feature in editor?

On 19.12.2016 17:19, glazou wrote: > Le jeudi 15 décembre 2016 10:47:28 UTC+1, masayuki nakano a écrit : > >> So, it might be better to stop supporting multiple selection only in >> editor if the feature is not so loved by users. > > We were already discussing this issue at Netscape 15 years

Re: Please do NOT hand-edit web platform test MANIFEST.json files

> Fun fact: lots of JSON documents also evaluate as Python data structures. > So if you prepend "foo = " and throw that into eval(), you can > magically evaluate a JSON document into a Python variable. Of course, > eval() is a security concern. But people blindly execute code in > mozilla-central

Re: Better download security through browsers

On 27.03.2017 16:21, Daniel Veditz wrote: > On Mon, Mar 27, 2017 at 1:22 AM, Frederik Braun <fbr...@mozilla.com > <mailto:fbr...@mozilla.com>> wrote: > > UI hooks, for the SafeBrowsing > ​ ​ > malicious file checks, where we really, > ​ ​ >

Re: Better download security through browsers

On 24.03.2017 18:24, Mike Hoye wrote: > My 2006 proposal didn't get any traction either. > > https://lists.w3.org/Archives/Public/public-whatwg-archive/2006Jan/0270.html > > > FWIW I still think it'd be a good idea with the right UI. I think we already have _related_ UI hooks, for the

Re: Is there a way to improve partial compilation times?

Gotcha. Problem for the Berlin office: There are only 3 people who have a desktop and run linux. Two of them are part of our "cluster" :) ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

Re: The future of commit access policy for core Firefox

On 12.03.2017 04:08, Cameron Kaiser wrote: > On 3/10/17 4:38 AM, Masatoshi Kimura wrote: >> On 2017/03/10 6:53, Mike Connor wrote: >>> - Two-factor auth must be a requirement for all users approving or >>> pushing a change. >> >> I have no mobile devices. How can I use 2FA? >> >>

Re: Is there a way to improve partial compilation times?

On 08.03.2017 01:17, Ralph Giles wrote: > I second Jeff's point about building with icecream[1]. If you work in > an office with a build farm, or near a fast desktop machine you can > pass jobs to, this makes laptop builds much more tolerable. > What do you mean by build farm? Do some offices

Re: Intent to remove: sensor APIs

As mentioned in thread, we will not disable deviceorientation. Please see below. On 02.08.2017 15:01, Salvador de la Puente wrote: > I strongly encourage you to take a look at the telemetry stats regarding > the usage of deviceorientation API and other. I don't know the penetration > of proximity

Re: Phabricator and confidential reviews

Having both reported, fixed and reviewed security bugs, I feel an uni-directional sync from Phabricator to BMO is not going to cut it. I think it will be unexpected for most users and might just lead to additional "why can I not see the patch" bug comments. I understand that it's more work, but I

Re: More Rust code

On 10.07.2017 12:29, Nicholas Nethercote wrote: > > What are the obstacles? Here are some that I've heard. > > - Lack of Rust expertise for both writing and reviewing code. We have some > pockets of expertise, but these need to be expanded greatly. I've heard > that there has been some Rust

Re: More Rust code

On 18.07.2017 06:01, Jim Blandy wrote: > BTW, speaking of training: Jason's and my book, "Programming Rust" will be > available on paper from O'Reilly on August 29th! Steve Klabnik's book with > No Starch Press is coming out soon as well, but I don't know the details > there. > Steve's book is

Re: git mirror

You could also look at git-cinnabar. It's a git helper that allows you to talk to HG remotes developed by Glandium, a Mozilla hacker. See for more Hope this helps, Freddy P.S: If you only want to look

Re: Enabling filesystem read-restrictions for content process sandbox

Hooray, this is great news! On 06.07.2017 16:07, Alex Gaynor wrote: > Hi dev-platform, > > On behalf of the Runtime Content Isolation (aka sandboxing) team, I'm > delighted > to announce that starting later this week, our macOS and Windows nightly > builds > will prohibit read access to most of

Re: Ambient Light Sensor API

at 2:41 PM, Jonathan Kingston <j...@mozilla.com> >>>> wrote: >>>> >>>>> As mentioned a permission prompt isn't great. >>>>> >>>>> In it's current state it should probably be considered a "powerful >>>>>

Ambient Light Sensor API

Hi, there is a relatively recent blog post [1] by Lukasz Olejnik and Artur Janc that explains how one can steal sensitive data using the Ambient Light Sensor API [2]. We ship API and its enabled by default [3,4] and it seems we have no telemetry for this feature. Unshipping for non-secure

Re: Ambient Light Sensor API

ted this to secure contexts? On 24.04.2017 15:24, Frederik Braun wrote: > Hi, > > there is a relatively recent blog post [1] by Lukasz Olejnik and Artur > Janc that explains how one can steal sensitive data using the Ambient > Light Sensor API [2]. > > We ship API and its

Re: Ambient Light Sensor API

On 28.04.2017 05:56, Ehsan Akhgari wrote: > On 04/27/2017 08:09 AM, Frederik Braun wrote: >> On 27.04.2017 13:56, smaug wrote: >>> On 04/25/2017 04:38 PM, Ehsan Akhgari wrote: >>>> On 04/24/2017 06:04 PM, Martin Thomson wrote: >>>>> I think that 60

Re: Intent to implement and ship: CSP exemptions for content injected by privileged callers

On 02.10.2017 18:43, Anne van Kesteren wrote: > On Mon, Oct 2, 2017 at 6:09 PM, Boris Zbarsky wrote: >> On 10/2/17 12:03 PM, Daniel Veditz wrote: >>> Fair enough. Could we propose improvements to the APIs that would make >>> them more usable? For example an object argument to

Re: Intent to implement and ship: CSP exemptions for content injected by privileged callers

On 02.10.2017 18:03, Daniel Veditz wrote: > ​Fair enough. Could we propose improvements to the API​s that would make > them more usable? For example an object argument to createElement() that > contained attribute/value pairs? > > var div = document.createElement("div", null, {"id":"foo", >

Re: Intent to unship: SMIL accessKey support

Excellent! I won't miss it :) On 05.12.2017 08:25, Brian Birtles wrote: > Background: SMIL includes a feature for triggering animations based on > keypresses: > > e.g. > > > > > > Proposal: In bug 1423098 I intend to remove this feature. > > Rationale: > > * Apart from

Re: Intent to unship: navigator.registerContentHandler()

On 04.01.2018 04:46, Karl Dubost wrote: > Jonathan, > > Le 4 janv. 2018 à 00:15, Jonathan Kingston a écrit : >> Firefox has an implementation that only can be used to allow a web page to >> handle RSS feeds. > > in Firefox 8, the feeds panel was removed from Firefox. It

Re: PSA: HTML injection in chrome documents is now automatically sanitized

Now would be a great time to file good first bugs. New contributors could rewrite innerHTML and friends into code that uses safer alternatives. On 02.02.2018 08:13, Kris Maglione wrote: > As of bug 1432966, any HTML injected into chrome-privileged documents[1] > is automatically sanitized to

Re: Intent to Implement: Storage Access API

On 09.09.2018 11:05, Mike O'Neill wrote: >> >> We don’t necessarily believe that a model where the user is asked whether >> they consent to sharing their data with third-party trackers is ideal, >> because explaining the implications of the data sharing is very hard, and >> there are many

Re: Intent to implement and ship: Blocking FTP subresources

On 09.04.2018 15:13, Tom Schuster wrote: > Summary: All FTP subresources in HTTPs pages (this also includes blob: > etc) will be blocked. Opening FTP links as toplevel documents is still > possible. > > Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1404744 > > Platform coverage: All >

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

On 20.03.2018 04:33, Dave Townsend wrote: > The DoH service > we're using is likely more private than anything the user is currently > using. This is only true for some parts of the world. I'd like us not to regress for our user base globally here.

Re: What is the future of XMLHttpRequest.mozAnon ?

On 14.09.2018 10:08, john.bieling--- via dev-platform wrote: >... mozAnon XHR has advantages in other features over fetch(). Isn't this the same as supplying the crossOrigin:anonymous option to fetch()? ___ dev-platform mailing list

Re: To what extent is sccache's distributed compilation usable?

Am 01.04.19 um 22:16 schrieb Chris M.: > Hi Emilio, if you're interested you're encouraged to try it out, however > we're shipping machines to offices now to run the schedulers, the first of > which I'll be testing in the SF office this week, so we're planning an > officially supported setup in

Re: New and improved "about:config" for Firefox Desktop

Agreed. If there's one special feature besides search I've been using most, it was sorting by modified Am Fr., 25. Jan. 2019, 12:16 hat Tom Schuster geschrieben: > I am always happy to see more xul going away. > > Please implement a filter to only show modified preferences. Sorting > by

Re: Intent to implement: Cookie SameSite=lax by default and SameSite=none only if secure

Having read the proposal, I think it's a good mechanism for us to know about websites that want third-party cookies and it seems less costly to deploy for websites than Storage Access API. However, it seems this is Google's counter to Apple's Storage Access API, which we have also implemented in

Intent to unship: typeMustMatch attribute on elements

Hi, In bug 1548773, annevk suggested to unship the `typeMustMatch`attribute from elements[1]. No other browser supports this and we have just learned that this attribute can be used to leak information about cross-origin resources[2]. While it seems worth removing immediately to me, I'm

Re: Patching FF 52.9esr with v60+ Security updates possible?

Chiming in with the others here. Without knowing more about your build issues, I'd rather try fixing them than try amd build a custom 52.x Q Charles Robertson schrieb am Sa., 13. Apr. 2019, 00:42: > Hi, > > I know this sounds like a strange questions. However, we have a very large > customer

Re: The sec-approval process makes users safer

Hi Jeff, thank you for bringing this up! Halvar Flake (also formerly of P0) argues here that committing a patch is not very different from committing the test case: Which is not something I'm willing to believe in totality. I

Re: Intent to ship: native rendering of outline-style: auto

How much of this platform-dependent rendering is web observable? If yes, I guess we'll need an escape hatch for Resist Fingerprinting Mode. Emilio Cobos Álvarez schrieb am Mi., 15. Jan. 2020, 19:27: > Hi, > > In bug 1031664 I plan to enable the themed rendering of outline-style: > auto. > >

[Intent To Close Component] Firefox :: Security: Review Requests

Hi all, as per our guidance at < https://wiki.mozilla.org/Bugmasters/Projects/Bugzilla_Clean_Up> I am informing you that we are retiring the "Security: Review Request" component under Firefox. The bugzilla driven process belonged to the security team under Paul Theriault (pauljt) that has been

Re: Intent to unship: FTP protocol implementation

> We're doing this for security reasons. FTP is an insecure protocol and > there are no reasons to prefer it over HTTPS for downloading resources. > Also, a part of the FTP code is very old, unsafe and hard to maintain > and we found a lot of security bugs in it in the past. I know this used to

Re: Intent to unship: FTP protocol implementation

AFAIU chrome removed all web-observable/web-exposed bits of FTP (e.g., navigations, subresources etc.)but still allows top-level navigations from the user. Am 19.03.20 um 09:02 schrieb Henri Sivonen: > On Thu, Mar 19, 2020 at 2:24 AM Michal Novotny > wrote: >> We plan to remove FTP protocol

Firefox Security Newsletter - 2020 Q1

Firefox Security & Privacy Newsletter 2020-Q1 Here comes our second edition of the Firefox Security & Privacy Newsletter. The shareable link for this newsletter and the back issues is at https://wiki.mozilla.org/Firefox_Security_Newsletter. This link also promises readable and stable markup

Firefox Security Newsletter - Q2 2020

Hello fellow Mozillians, Here comes our third edition of the Firefox Security & Privacy Newsletter. The shareable link for this newsletter is (References are in footnotes at the bottom, due to the text-only mailing list. You can

Re: Changes to string literals

Thank you Simon, that looks way more ergonomic! A bummer, I'll have to modify my in-flight patches though :-) Do you intend to update existing documentation at (or move it to firefox source docs)? Am 01.07.20

Re: Please don't use locale-dependent C standard library functions (was: Re: Please don't use functions from ctype.h and strings.h)

I'm in the process of setting up documentation & examples on how to implement new static analysis checks. If we're OK with turning new usages of these functions into errors, I can help whoever is volunteering to do this. Am 12.06.20 um 22:40 schrieb Jeff Gilbert: > It would be great to have CI

Intent to prototype: Sanitizer API

Hi all, *Summary*: We would like to expose a sanitizer API that accepts "bad" HTML (string, DocFragment) and returns a sanitized DocFragment, using a pre-defined list of allowed elements / attributes. The implementation is using code that we have had in mozilla-central for a long while: The

Re: Status of Ubuntu 20.04 as a development platform

Just updated to 20.10 (not 20.04) last week and things work fine here. (I have not tested rr yet) Am 10.11.20 um 15:39 schrieb James Graham: > On 10/11/2020 14:17, Kyle Huey wrote: >> On Tue, Nov 10, 2020 at 3:48 AM Henri Sivonen >> wrote: >>> >>> Does Ubuntu 20.04 work properly as a platform

Firefox Security Newsletter - Q3 2020

Hello, Here comes our Q3 edition of the Firefox Security & Privacy Newsletter. The shareable link for this newsletter is (References are in footnotes at the bottom, due to the text-only mailing list. You can always read on the

Intent to Ship: Block HTTP(s) requests to SIP ports 5060, 5061

Hi, Summary: Adding ports 5060,5061 to the existing list of blocked ports The intent for this block is to stop the specific attack of "NAT slipstreaming". We acknowledge that this stops an instance of the attack rather than solving the problem, which will happen later. Bug: 1674735 Standard:

Intent to Ship: Block HTTP ports 69, 137, 161, 1719, 1720, 1723, 6566, 10080

Hi, A couple of weeks ago, I have added the ports mentioned above to the existing list of blocked ports. The additional port blocking is in response to an improvement of last year's "NAT slipstreaming" attack, see footnote [1] for more. Again, we acknowledge that this stops an instance of the

heads-up: code-review bot's clang-format message changing

Hi all, You can stop reading, if you have a setup that never requires you to applying clang-format manually. (Aside: For those that eagerly want to belong to this group, but don't yet, I suggest you look into `./mach ide`.) For all those who get the clang-format warning from code-review bot and

Firefox Security Newsletter - Q4 2020

Hello fellow Mozillians, Here comes our Q4 edition of the Firefox Security & Privacy Newsletter. The shareable link for this newsletter is (References are in footnotes at the bottom, due to dev-platform being a text-only mailing