Security/Tor Uplift/Tracking

From MozillaWiki
< Security‎ | Tor Uplift
Revision as of 19:46, 2 May 2016 by Dhuseby (talk | contribs) (adding meta bug)
Jump to navigation Jump to search

Tor Uplift

To uplift all of the Tor Browser patches to mainline Firefox. The general approach is to add preferences for anything that breaks the web and set them to default "off" so that the behavior of default Firefox does not change. All bugs are tagged with [tor].

Active Bugs

Bugs which are assigned and being worked on.

Full Query
ID Whiteboard Summary Status Assigned to Resolution
1314443 [tor][fingerprinting][tor-mobile][fp-triaged] Audit the existing disable WebRTC preferences and ensure they work as advertised ASSIGNED Tom Ritter [:tjr]

1 Total; 1 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Assigned, but not started

These bugs have an owner, but their status is 'NEW' indicating that they are not being worked on yet.

Full Query
ID Whiteboard Summary Status Assigned to Resolution
1338006 [OA][tor] Perform OriginAttributes Review of WebRTC NEW Tom Ritter [:tjr]
1612422 [tor] Create a MinGW reproducible build job NEW Tom Ritter [:tjr]

2 Total; 2 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Backlog (all unowned)

Bugs looking for an owner.

Full Query
ID Whiteboard Summary Status Assigned to Resolution
440892 [tor][tor-standalone] network.protocol-handler.warn-external are ignored NEW
901614 [tor] Adopt Tor as a feature in Firefox NEW
1041818 [fingerprinting][tor][fp-triaged] take steps to mitigate canvas fingerprinting NEW
1102415 [tor] Firefox should help users attempting to visit .onion URLs without Tor NEW
1205598 [tor][tor-standalone] Print preview doesn't honor Private Browsing Mode and writes to /tmp NEW
1213698 [tor][tor-standalone] error: undefined reference to 'dlsym' if building with ASan and GCC (Tor 17509) REOPENED
1216882 [tor][necko-backlog][tor-standalone] When "security.nocertdb" pref is true, HTTP Auth Dialog fails (Tor 14716) NEW
1217166 [tor][tor-standalone] OS X trying to run a profile from a mounted DMG file (read-only) shows error "Another copy of Firefox is running" (Tor 14631) NEW
1250696 [psm-backlog][tor] .onion names contain their own validator, we should use that NEW
1284986 [fxprivacy][OA][tor] JavaScript error: chrome://browser/content/pageinfo/permissions.js, line 224: Error: Callback received for bad URI: [xpconnect wrapped nsIURI @ 0x12cf99d40 (native @ 0x1356f7b08)] NEW
1287994 [tor][necko-backlog][proxy] Implement named pipe support on option SocksPort for Windows users (Tor 14209) NEW
1305177 [tor] Provide observer notification to allow extensions to cancel external app launch (Tor 19273) NEW
1316019 [tor][domsecurity-active] [FirstPartyIsolation] Failed to sign in to the pixnet.net NEW
1319728 [tor][domsecurity-active] Fx with FPI feature wrongly displays that sign-in on youtube has failed even though it did not NEW
1319761 [tor] [domsecurity-backlog1][platform-rel-Facebook] Login on pinterest using facebook social network not working on Fx with FPI NEW
1319839 [tor][domsecurity-backlog1][dfpi-ok] [FirstPartyIsolation] If you sign in to Gmail, you'll be automatically signed in when you visit YouTube NEW
1321158 [tor][domsecurity-backlog1] Investigate if window.open() inheriting firstPartyDomain resolves breakage NEW
1330675 [domsecurity-backlog1][tor] Consider adding support for style API for disabled SVG nodes NEW
1330882 [fingerprinting][tor][fp-triaged] When privacy.resistFingerprinting = true, set new windows to rounded dimensions [tor 19459] REOPENED
1361337 [tor][necko-triaged] dns leaks with remotedns in firefox 45.9.0 over tor NEW
1363952 [tor][domsecurity-meta] The counter isn't updated after tapping the Like button in "ltn.com.tw" website NEW
1366202 [tor][necko-would-take] Randomize HTTP requests to defend against traffic fingerprinting (Tor 5282) NEW
1374027 [tor] Allow user control for kMDItemWhereFroms xattr metadata writing on downloads in macOS NEW
1375122 [tor][sb-] Check preferences for WebRTC before processing WebRTC-related IPC messages NEW
1397624 [tor] Provide an option for first-party isolation in Private Browsing Mode NEW
1397996 [tor][fingerprinting][fp-triaged][tor 22137] scrollbar thickness reveals platform NEW
1398414 [tor] Key :visited per origin (first-party-isolation / partitioning for :visited). NEW
1401493 [tor][fingerprinting][fp-triaged] Perform Fingerprint Comparison of Tor Browser and Firefox NEW
1403747 [tor][fingerprinting][fp-triaged] When privacy.resistFingerprinting is true, warn users not to maximize their window NEW
1404219 [tor][gfx-noted] fsanitize=enum (ubsan) runtime errors for SkXfermode::Coeff NEW
1405142 [tor] fsanitize=enum (ubsan) runtime errors for GtkStateFlags NEW
1405147 [tor][gfx-noted] fsanitize=enum (ubsan) runtime error for std::_Ios_Fmtflags in gfx/angle NEW
1409251 [tor][domsecurity-backlog] <style> elements in <svg> nodes are rendered as text when svg.disabled is set NEW
1409253 [tor][domsecurity-backlog] When <svg> is used as a background image, elements such as buttons may become unusable NEW
1409927 [tor] svg.disabled does not apply to the network inspector NEW
1422482 [fingerprinting][tor] OS username disclosure using downloads manager NEW
1425287 [tor] If privacy.firstparty.isolate.restrict_opener_access is set, we can probably window.open in a new process more often NEW
1433504 [tor] Add a build flag for proxy bypass protection NEW
1439784 [tor][fingerprinting][fp-triaged] Fix the KeyboardEvent mochitests NEW
1470592 [tor][fingerprinting][fp-triaged] macOS 10.14 Camera/Mic Permissions granted in Private Browsing Mode shouldn't persist NEW
1472808 [tor][fingerprinting][fp-triaged] For privacy.resistFingerprinting, spoof Keyboard Layout according to content locale NEW
1475973 [tor][fingerprinting][fp-triaged] browser/components/resistfingerprinting/test/browser/browser_roundedWindow_open_* and browser/components/resistfingerprinting/test/browser/browser_roundedWindow_windowSetting_* fail on Windows install with 150% dpi NEW
1490728 [tor][fingerprinting][domsecurity-backlog1][fp-triaged] Improve discoverability/explanation of RFP NEW
1495204 [tor][pdfjs-network] [pdf.js] Lots of errors "system principal mismatch" with privacy.firstparty.isolate=true NEW
1495458 [tor][trr][necko-triaged] Support DNS-over-Tor (via DNS-over-HTTPS) NEW
1497263 [tor][necko-triaged] Prioritize .onion hosts in Alt-Svc NEW
1532859 [domsecurity-backlog1][tor][fingerprinting][fp-triaged][fpp:m?] Non-integer devicePixelRatio's cause blurriness with RFPTarget::WindowDevicePixelRatio NEW
1598862 [fingerprinting][tor] When resistFingerprinting is enabled, alt+letter JS keyboard hotkey bindings don't work UNCONFIRMED
1603332 [fingerprinting][tor] privacy.resistFingerprinting and -moz- colors UNCONFIRMED
1618382 [tor][psm-waiting] Tor Browser: Disable self-signed certificate warnings when visiting .onion sites NEW
1620045 [tor] Enforce that rust code does not perform networking calls NEW
1647906 [tor] Add pref webgl.force-software NEW
1961408 [tor] Mock navigator.sendBeacon for compatibility when beacons are disabled NEW

53 Total; 53 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Testing Bugs

Origin Testing bugs are tagged with [oa-testing]

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);


Meta Bugs

This list is here for completeness.

Full Query
ID Whiteboard Summary Status Assigned to Resolution
1260929 [tor], [domsecurity-meta] [META] Tor Patch Uplifting NEW

1 Total; 1 Open (100%); 0 Resolved (0%); 0 Verified (0%);

Retrieved from "https://wiki.allizom.org/index.php?title=Security/Tor_Uplift/Tracking&oldid=1130591"