Content Security Intern (Summer 2019)

Apply for this job
Mountain View

Mozilla is hiring Software and Research Engineering Interns into our technical teams throughout the world. Our headquarters are based in Mountain View, which is where the internship will be located as well.

We are engineers, designers, makers, and problem solvers. We work in the fishbowl known as the open source community, with a clear focus on making the Web better. Working with us, you’ll help build interesting new features and improvements in Firefox. To be part of the team, we ask that you be technically-curious, a capable and always-interested-in-learning-more programmer or researcher, and excited to be moving the Mozilla mission forward.

Mozilla isn’t just a great place to work, it’s an experience you’ll carry with you throughout your career. As part of our internship program, you’ll have the opportunity to be mentored one-on-one by a talented and experienced engineer, to impact the projects you’ll collaborate on, and to never be bored. Ever. From the passionate people you’ll learn from, to the chances you’ll have to make the Web a better place, your time with Mozilla will be unlike any other.

Below is a small snapshot of the work we do to give you an idea about some of the big things you could do at Mozilla.

We have 2 positions open for the following roles:

Content Security Intern (Mountain View, CA)

Websites can instruct the browser to enforce certain content security mechanisms. For example, the Content Security Policy (CSP) provides a whitelisting mechanism which instructs the browser to only allow a script to execute if it is fetched from one of the predefined locations in the whitelist. Similarly, Feature Policy allows site owners to specify which browser features are enabled on their websites. These are just two of the many content security mechanisms available to site owners  for the purpose of reducing the attack surface of their websites.

HTTP response headers have become the status quo for delivering such security enforcement instructions between websites and the browser. But, HTTP headers add network overhead and obfuscate the growing number of security mechanisms available to websites. As a solution, the web security community has proposed Origin Manifest, a web platform mechanism that allows websites to bundle all security-related instructions meant for the browser into a standardized location.

Within this internship we will explore the syntax, delivery, parsing, and caching of such a security manifest.

Content Security Intern (Mountain View, CA)

Firefox not only downloads and renders content from the web, but also ships and displays several built-in pages -- the so-called ‘about’ pages in Firefox. While some of those pages only contain static content, many of them have special privileges and can query information from the browser itself. For example, some privileged about pages can access the cache of the browser, while others can query what addons a user has installed.

As the number of Firefox features grow, so does the number of these built-in pages, increasing the chance that any one of these pages contains a security vulnerability. Within this internship we will develop and apply a uniform security model that allows us to lock down privileges of each built-in ‘about’ page in Firefox. In parallel, we will establish best practices for future ‘about’ pages.

Basic Qualifications:

  • Currently enrolled in a Bachelor’s, Master’s or PhD degree program in Computer Science, Computer Engineering, or related technical discipline with a focus on software development or security and privacy, with graduation dates starting December 2019 and onward
  • Or, a recent graduate from a Coding Academy (within last year)

Preferred Qualifications:

  • C / C++, Fluency in Javascript, HTML, and CSS
  • Understanding of Secure System Development and the concepts of Web Application Security
  • Reasonable fluency in and passion for technology, strong communication, analytical and critical thinking skills

About Mozilla

Mozilla exists to build the Internet as a public resource accessible to all because we believe that open and free is better than closed and controlled. When you work at Mozilla, you give yourself a chance to make a difference in the lives of Web users everywhere. And you give us a chance to make a difference in your life every single day. Join us to work on the Web as the platform and help create more opportunity and innovation for everyone online.

We are an equal opportunity employer and value diversity. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Level: I1