Security/Sandbox/2018-05-10

MinGW Build: Great Progress!
- Debug and Opt builds seem to run fine locally
  - Best build to run: https://treeherder.mozilla.org/#/jobs?repo=try&revision=054dc4ee0c7084c3de7280bc4c59cb08cf633874
- Tests run in TC still fail. (Need to run them locally Bug 1458083)
- Need to clean up patches
CFI Build
- Clang Bug: https://bugs.llvm.org/show_bug.cgi?id=37394
- Think I can work on some of the other bugs I've hit
More Fission Work
Pulling a thread on cross-origin SVG filters

I found the kernel bug! ??
- https://bugzilla.mozilla.org/show_bug.cgi?id=1243108#c48
- Found by code inspection once I'd narrowed down what was happening
- tl;dr: needs more locking
Kernel bug action items:
- Report to Linux
- Commit a workaround
- Tell Chromium because they're doing the same thing
- …does Servo e10s need to worry?
- (*Our* IPC might be affected, but we don't create/destroy toplevel actors often so the chance of hitting this might be negligible.)
Got a late start trying to write up something about the sandbox changes for 60
bug 1460297 - A `sudo firefox` failure; a workaround exists; resolved
- Might want to post-facto relnote that.
Tor Browser will be moving to ESR60 soon; see if there's anything post-60 they might want to backport.

bug 1455252 - Startup crash in CreateProcessAsUserW (mostly zh-CN)
- Looked through a lot of reports and some dumps, looks like various things messing up hooking.
- Disappeared w/c 23/4 - maybe a Windows update??
Canvas remoting
- Different approach fixes some issues.
- Some things that crashed before now don't crash, but have black blocks overlaid.
- Also seem to have a memory leak or possibly slow to release memory.
Sandbox sec bugs.

bug 1452278 - [Mac] Make nsOSHelperAppService::GetFromTypeAndExtension() not call OS MIME API's in content
- Generic MIMEInfo class, nsOSHelperAppService
bug 1458553 - Return of Google Maps all black map with updated Nvidia web driver on Mac
- Mac telemetry

Contents