Security/Sandbox/2016-09-29

bug 1147911 - Use a separate content process for file:// URLs
- Good progress - fixed issues with view-source and forward / back navigation, which was partly down to an existing bug in docshell history code.
- Still working on problem with links from file:// to web content, because it allocates a new tab upfront in the child process.
bug 1273372 - [EME] Crash in mozilla::gmp::GMPChild::ProcessingError
- Further investigation here, probably need to add new logging to see if any new dependencies are trying to be loaded.
Chromium code
- Gone through changes in Chromium code for sandbox/ and base/ up to latest stable from our version in Fx51.
- Corresponded with Chromium sandboxing team and requested security bug access on their advice.

bug 1303813 — Allow MADV_FREE for Linux GMP; fix Widevine crash from mozjemalloc on newer build hosts.
bug 1304220 — Allow times(2) for Linux GMP; fix Widevine crash when running on older glibc.
bug 1289718 (Linux desktop file brokering): finally done reviewing.

bug 1241250 Prezi frozen at loading on fresh profile with latest Nightly 64 bits
- Prezi still unable to reproduce on their end.
bug 1269114 [x86_64] Last picked directory not saved when using Flash Player
- Landed
bug 1284897 64 bit Flash Player has storage permissions issues
- Brokering GetOpenFileName/GetSaveFileName to run on parent
Longer term discussion of Windows content proc file access logging

Unify sandbox verbose-logging controls across platforms?
- Mac: bug 1306239 - 'Add pref to toggle OS X sandbox violation debugging, default off'
- Windows has an env var: MOZ_WIN_SANDBOX_LOGGING
- Linux uses MOZ_SANDBOX_VERBOSE; see http://searchfox.org/mozilla-central/search?q=symbol:E_%3CT_mozilla%3A%3ASandboxInfo%3A%3AFlags%3E_kVerbose&redirect=false
Security implications of file:// URL page framing web content.
XP/Vista EOL move to 52 ESR approved by Mayo

Contents