• Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
• Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
• Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
• Phone (Toronto): 416 848 3114 x92 Conf: 95316#
• Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Agenda

• BlackHat this week
• Tactical Goals - https://mana.mozilla.org/wiki/display/INFRASEC/2012+-+Q3+Goals
  • Work with your manager if your name is not yet listed on that page
• Apps work week next week - Raymond attending, Dchan attending
• Goals - Please keep status up to date - https://mana.mozilla.org/wiki/display/INFRASEC/2012+-+Q3+Goals
• First set of specs for minion (app sec tool)
  • https://github.com/ygjb/minion
• Work Week Schedule
  • Q&A session
  • https://etherpad.mozilla.org/security-assurance-london

Security Review Status (koenig)

• Completed in Q3 2012:
• Number of Reviews Completed (so far this quarter):
• Number of Outstanding Reviews:

Operations Security Update (Joe Stevensen)

Project Updates

Please don't leave blank. Add "No Update" if nothing has changed

Silent updates (rforbes / dveditz)

B2G (Paul Theriault, David Chan)

• Permissions model being updated this week
• Feature complete, some platform features still be finished though
• focus on polish/fixing

Thunderbird (Adam Muntner)

Rust (Jesse Ruderman)

Mobile (Mark Goodwin)

• No update

Sync (Simon Bennetts & Adam Muntner)

Services (Simon Bennetts & Adam Muntner)

• meeting may change due to the services / marketplace reorg

Social - Pancake (Mark Goodwin)

• Pancake has been resubmitted to the AppStore - awaiting review.
• Current work for me centres around ensuring everything is OK WRT error / metrics collection

Jetpack, Add-on SDK, Add-on Builder (Dan Veditz)

JS (Christian Holler)

• IonMonkey aims to land in time for Fx17

DOM, XPConnect (Jesse Ruderman)

Layout, Style (Jesse Ruderman)

Automation Tools (Gary Kwong)

Web Developer Tools (Mark Goodwin)

• Paul Rouget has an interesting toy available as a restartless addon (JSTerm)
• Would like to spend some time at the work week on ideas for in-browser security reporting (to continue on the work we've been doing already this year)
  • Hacking on stuff is an excellent way to learn about Firefox security - if you are working on FX secreviews (or would like to), getting into this stuff could be a good way of learning

Networking (Christoph Diehl)

• No update

Graphics (Christoph Diehl) =

• No update

Peach (Christoph Diehl) =

• Making Peach compatible for B2G fuzzing. Yay
• Added new Monitor, Agent and Test models for that purpose.
• Reproduction mode is working to check previous crash bugs.
  • This test is now also called automatically before any fuzzing test.
• The pit for Opus is right now the only pit which is working.
  • Around 20 pits for file and 15 pits for protocol fuzzing will need to get updated with new Models in the next days.

Networking ( Media / Codecs)

Market (Raymond Forbes)

Firefox APIs (Raymond Forbes)

Payment Flow (Raymond Forbes)

Dynamic API Security Model (Raymond Forbes)

WebRT (Raymond Forbes)

BrowserID

Identity Services (David Chan)

• no update

Addons.M.O (Raymond Forbes)

Bugzilla.M.O (Mark Goodwin & Eric Parker)

• No update

Mozillians (Raymond Forbes)

MDN (Raymond Forbes)

SUMO (Kitsune) ()