Thunderbird:Thunderbird3:ContentSecReview

From MozillaWiki
Jump to: navigation, search

Various content-related changes have happened since Thunderbird 2. We should have a meeting with security folks to do a high-level audit of the changes to see if there are implications we have missed when making these decisions.

  • Is our current http(s) link expose strategy for tabs good enough for Tb3? If not, we need to propose a different one and discuss it here. (Standard8)
  • Now that JS is on by default in docshells when they run non-mailnews content URIs, how important/difficult is it to force existing extensions to explicitly opt-in to this new behavior? (dmose)


Meeting logistics

2:30 Pacific time http://www.timeanddate.com/worldclock/meetingdetails.html?year=2009&month=9&day=30&hour=21&min=30&sec=0&p1=224

We'll be using the dialin info at <https://wiki.mozilla.org/Thunderbird/StatusMeeting/DialInInfo> for the meeting. Note that it DEFAULTS to MUTE, so you must use *1 to unmute yourself before speaking.