Audit Application Reputation feature
Google has offered an application reputation feature to detect malicious downloads as part of Google Safe Browsing and Mozilla has implemented that in ESR 31. We should look at possible issues before switching to ESR 31. Note that the remote lookup feature is not included yet which needs to get audited before we switch to ESR 38:
https://wiki.mozilla.org/Security/Features/Application_Reputation_Design_Doc
The tracking bug is
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information