Security/Fusion/Dashboard

Tor Related Bugs (whiteboard contains "[tor")

ID	Summary	Status	Priority	Assigned to	Whiteboard
1594455	Change the letterboxing background to match the theme, and reposition the content	NEW	P3	Giorgio Maone [:ma1]	[tor 32220]
1799153	No focus is set after opening preferences and scrolling with openPreferences	ASSIGNED	P2	:Gijs (he/him)	[tor 41454]
354493	Mitigate CSRF attacks against internal networks (block rfc 1918 local addresses from non-local addresses)	NEW	P3		[sg:moderate][sg:want vector][tor 10839][necko-triaged]
440892	network.protocol-handler.warn-external are ignored	NEW	P3		[tor][tor-standalone]
885777	[meta] Deterministic, reproducible, bit-identical and/or verifiable Linux builds	NEW	--		[tor]
901614	Adopt Tor as a feature in Firefox	NEW	P3		[tor]
1041818	take steps to mitigate canvas fingerprinting	NEW	P2		[fingerprinting][tor][fp-triaged]
1102415	Firefox should help users attempting to visit .onion URLs without Tor	NEW	P5		[tor]
1205598	Print preview doesn't honor Private Browsing Mode and writes to /tmp	NEW	P3		[tor][tor-standalone]
1216882	When "security.nocertdb" pref is true, HTTP Auth Dialog fails (Tor 14716)	NEW	P5		[tor][necko-backlog][tor-standalone]
1217166	OS X trying to run a profile from a mounted DMG file (read-only) shows error "Another copy of Firefox is running" (Tor 14631)	NEW	P3		[tor][tor-standalone]
1233846	WebSpeech Synthesis API mustn't allow fingerprinting	NEW	P3		[fingerprinting][tor 10283][fp-triaged]
1250696	.onion names contain their own validator, we should use that	NEW	P5		[psm-backlog][tor]
1260929	[META] Tor Patch Uplifting	NEW	P3		[tor], [domsecurity-meta]
1264152	Create a tag for OriginAttribute mochitests	NEW	P3		btpp-active[OA-testing][tor-testing][domsecurity-backlog1]
1284986	JavaScript error: chrome://browser/content/pageinfo/permissions.js, line 224: Error: Callback received for bad URI: [xpconnect wrapped nsIURI @ 0x12cf99d40 (native @ 0x1356f7b08)]	NEW	P5		[fxprivacy][OA][tor]
1287994	Implement named pipe support on option SocksPort for Windows users (Tor 14209)	NEW	P3		[tor][necko-backlog][proxy]
1299996	[META] Support Tor first-party isolation	NEW	P3		[tor] [domsecurity-meta] [ETA 11/7]
1303456	Implement Optimistic SOCKS variant	NEW	P3		[tor 3875][necko-backlog]
1305177	Provide observer notification to allow extensions to cancel external app launch (Tor 19273)	NEW	P2		[tor]
1314449	Create testing framework for proxy-bypass tests for Firefox	NEW	P5		[necko-would-take][tor-testing][meta]
1315205	[META] QA bugs of First Party Isolation	NEW	P3		[tor][domsecurity-meta]
1316019	[FirstPartyIsolation] Failed to sign in to the pixnet.net	NEW	P3		[tor][domsecurity-active]
1319728	Fx with FPI feature wrongly displays that sign-in on youtube has failed even though it did not	NEW	P3		[tor][domsecurity-active]
1319761	Login on pinterest using facebook social network not working on Fx with FPI	NEW	P3		[tor] [domsecurity-backlog1][platform-rel-Facebook]
1319839	[FirstPartyIsolation] If you sign in to Gmail, you'll be automatically signed in when you visit YouTube	NEW	P3		[tor][domsecurity-backlog1][dfpi-ok]
1321158	Investigate if window.open() inheriting firstPartyDomain resolves breakage	NEW	P5		[tor][domsecurity-backlog1]
1329996	[META] Tor Uplift: Fingerprinting Resistance	NEW	P2		[tor][fingerprinting][domsecurity-meta][fp-triaged]
1330675	Consider adding support for style API for disabled SVG nodes	NEW	P3		[domsecurity-backlog1][tor]
1337868	Add Origin Attribute connection isolation tests for HTTP2, TLS, and WebSockets	NEW	P3		[OA-testing][tor-testing][domsecurity-backlog1]
1357346	[META] QA bugs of First Party Isolation on Fennec	NEW	P3		[tor][domsecurity-meta]
1361337	dns leaks with remotedns in firefox 45.9.0 over tor	NEW	P3		[tor][necko-triaged]
1363952	The counter isn't updated after tapping the Like button in "ltn.com.tw" website	NEW	P3		[tor][domsecurity-meta]
1365623	Create a proxy bypass test for SourceMap	NEW	P5		[necko-would-take][tor-testing]
1366202	Randomize HTTP requests to defend against traffic fingerprinting (Tor 5282)	NEW	P5		[tor][necko-would-take]
1371180	Create compiler switches to remove features which Orfox must remove or disable	NEW	P3		[tor-mobile]
1371651	about:cache does not show entries when `privacy.firstparty.isolate` is set to `true`	NEW	P3		[tor 22451][necko-backlog][dfpi-ok]
1374027	Allow user control for kMDItemWhereFroms xattr metadata writing on downloads in macOS	NEW	P3		[tor]
1375122	Check preferences for WebRTC before processing WebRTC-related IPC messages	NEW	P3		[tor][sb-]
1397624	Provide an option for first-party isolation in Private Browsing Mode	NEW	P3		[tor]
1397996	scrollbar thickness reveals platform	NEW	P2		[tor][fingerprinting][fp-triaged][tor 22137]
1398414	Key :visited per origin (first-party-isolation / partitioning for :visited).	NEW	P3		[tor]
1401493	Perform Fingerprint Comparison of Tor Browser and Firefox	NEW	P3		[tor][fingerprinting][fp-triaged]
1403747	When privacy.resistFingerprinting is true, warn users not to maximize their window	NEW	P5		[tor][fingerprinting][fp-triaged]
1404219	fsanitize=enum (ubsan) runtime errors for SkXfermode::Coeff	NEW	P3		[tor][gfx-noted]
1405142	fsanitize=enum (ubsan) runtime errors for GtkStateFlags	NEW	P3		[tor]
1405147	fsanitize=enum (ubsan) runtime error for std::_Ios_Fmtflags in gfx/angle	NEW	P3		[tor][gfx-noted]
1409251	<style> elements in <svg> nodes are rendered as text when svg.disabled is set	NEW	P5		[tor][domsecurity-backlog]
1409253	When <svg> is used as a background image, elements such as buttons may become unusable	NEW	P5		[tor][domsecurity-backlog]
1409927	svg.disabled does not apply to the network inspector	NEW	P3		[tor]
1414311	New window size is different than expected after changing screen dpi (with privacy.resistFingerprinting pref enabled)	NEW	P2		[fingerprinting][fp-triaged][tor 30970]
1422482	OS username disclosure using downloads manager	NEW	P3		[fingerprinting][tor]
1425287	If privacy.firstparty.isolate.restrict_opener_access is set, we can probably window.open in a new process more often	NEW	P3		[tor]
1429838	After restoring profile to a different location, paths in extensions.json are incorrect	NEW	P2		[tor 27604]
1432684	add flag to drop screensharing from build	NEW	--		[tor 16439]
1433504	Add a build flag for proxy bypass protection	NEW	--		[tor]
1434660	Automated test for updater cert pinning	NEW	--		[tor 18912]
1439784	Fix the KeyboardEvent mochitests	NEW	P3		[tor][fingerprinting][fp-triaged]
1444062	Adapt browser_insecureLoginForms.js to take into account that .onion domains might be secure	NEW	P4		[tor 21321]
1445211	Download (save page as...) with some ad-blocker fails (because some subresources are blocked) and succeeds when retried	NEW	P3		[tor 32225]
1465790	[meta] Create a mingw-clang Build Job	NEW	P5		[tor]
1470592	macOS 10.14 Camera/Mic Permissions granted in Private Browsing Mode shouldn't persist	NEW	P3		[tor][fingerprinting][fp-triaged]
1472808	For privacy.resistFingerprinting, spoof Keyboard Layout according to content locale	NEW	P3		[tor][fingerprinting][fp-triaged]
1475973	browser/components/resistfingerprinting/test/browser/browser_roundedWindow_open_* and browser/components/resistfingerprinting/test/browser/browser_roundedWindow_windowSetting_* fail on Windows install with 150% dpi	NEW	P3		[tor][fingerprinting][fp-triaged]
1485249	WebGL extensions should be disabled when private.resistFingerprinting is enabled	NEW	P2		[tor 6370][gfx-noted][fingerprinting][fp-triaged]
1485258	When privacy.spoof_english is true, don't reveal locale by charset fallback	NEW	P3		[tor 20025][fingerprinting][fp-triaged]
1490728	Improve discoverability/explanation of RFP	NEW	P3		[tor][fingerprinting][domsecurity-backlog1][fp-triaged]
1495204	[pdf.js] Lots of errors "system principal mismatch" with privacy.firstparty.isolate=true	NEW	P5		[tor][pdfjs-network]
1495458	Support DNS-over-Tor (via DNS-over-HTTPS)	NEW	P5		[tor][trr][necko-triaged]
1497263	Prioritize .onion hosts in Alt-Svc	NEW	P3		[tor][necko-triaged]
1507879	Investigate getClientRects for fingerprinting	NEW	P3		[tor 29564][fingerprinting][fp-triaged]
1532859	Non-integer devicePixelRatio's cause blurriness with RFPTarget::WindowDevicePixelRatio	NEW	P3		[domsecurity-backlog1][tor][fingerprinting][fp-triaged][fpp:m?]
1542676	Round subpixel accuracy of window properties to integers when resistfingerprinting is enabled	NEW	P3		[tor 26607][fingerprinting]
1546969	Privacy leak in private browsing mode via downloading data	NEW	P3		[tor 7449]
1587685	Some source page features disappear when directly open the "view-source:URL" from urlbar or bookmark.	NEW	P5		[tor 31977]
1595462	If a page contains a large number of videos they will all fail to play	NEW	P3		[tor 32448]
1611534	Cross-origin information leakage via cross-origin window frame count	NEW	P5		[tor 33155]
1618382	Tor Browser: Disable self-signed certificate warnings when visiting .onion sites	NEW	P5		[tor][psm-waiting]
1620045	Enforce that rust code does not perform networking calls	NEW	--		[tor]
1647906	Add pref webgl.force-software	NEW	P3		[tor]
1676104	Make WebRequest and GeckoWebExecutor First-Party aware	NEW	P2		[tor 40171] [geckoview:2023?]
1711084	Scheme flooding technique for reliable cross-browser fingerprinting	NEW	P2		[tor 40432]
1790187	Migrate appstrings.properties to Fluent & format its messages from aboutNetError.mjs	NEW	--		[tor 41483]
1869821	Consider clearing intl.accept_languages when changing app language with RFP	NEW	--		[tor 42084][tor 41930]
1923368	Extend browser.download.open_pdf_attachments_inline to other file types	NEW	--		[tor 42220]
1928464	Use the brand name for profile error messages, rather than gAppData->name "Firefox"	NEW	--		[tor 42739]
1944251	Consider deprecating font whitelist	NEW	--		[tor 43322]
1958496	[meta] Tor Uplift for esr140	NEW	P5		[tor]
1958506	resistFingerprinting: Reduce scrollbar width variation on Windows OS	NEW	--		[tor 42528]
1961408	Mock navigator.sendBeacon for compatibility when beacons are disabled	NEW	P3		[tor]
1213698	error: undefined reference to 'dlsym' if building with ASan and GCC (Tor 17509)	REOPENED	P3		[tor][tor-standalone]
1314793	Creating Testing Framework for Proxy Bypasses for Firefox Android	REOPENED	P5		[tor-mobile][tor-testing]
1330882	When privacy.resistFingerprinting = true, set new windows to rounded dimensions [tor 19459]	REOPENED	P3		[fingerprinting][tor][fp-triaged]
1433030	Copying large text from web console leaks to /tmp	REOPENED	P3		[tor 21830]
1963068	Newwin protection is broken by Mutter's auto-resize	ASSIGNED	P3	Pier Angelo Vendrame	[tor 43693]
1475811	Entering URLs in address bar violates FPI	NEW	P5	Pier Angelo Vendrame	[tor 26353][tor 31075][dfpi-ok]
1339100	Firefox does not open correctly from read-only filesystem (FileUtils.getFile() failure when checking for bundled blocklist)	NEW	P3	Robert Helmer [:rhelmer]	[tor 21445], investigation, triaged
1314443	Audit the existing disable WebRTC preferences and ensure they work as advertised	ASSIGNED	P3	Tom Ritter [:tjr]	[tor][fingerprinting][tor-mobile][fp-triaged]
1330608	[meta] Add tor build chain to taskcluster	NEW	--	Tom Ritter [:tjr]	[tor]
1338006	Perform OriginAttributes Review of WebRTC	NEW	P3	Tom Ritter [:tjr]	[OA][tor]
1393901	--enable-webrtc does not build under MinGW	NEW	P5	Tom Ritter [:tjr]	[tor 41459]
1612422	Create a MinGW reproducible build job	NEW	--	Tom Ritter [:tjr]	[tor]

102 Total; 102 Open (100%); 0 Resolved (0%); 0 Verified (0%);

Fingerprinting Bugs (whiteboard contains "finger")

Full Query

ID	Summary	Status	Priority	Assigned to	Whiteboard
1445310	Clamp and Jitter Timestamps in CSS Animations	NEW	P3	Brian Birtles (:birtles)	[fingerprinting][fp-triaged]
1422862	Make OffscreenCanvas respect Canvas Permission Prompt so you don't always get a placeholder	ASSIGNED	P3	Fatih Kilic [:fkilic]	[fingerprinting][gfx-noted][fp-triaged][fpp:m8]
1152448	"Forget About This Site" does not forget site's enumerateDevices Ids	ASSIGNED	P3	Jan-Ivar Bruaroey [:jib] (needinfo? me)	[fingerprinting][fp-triaged]
1439784	Fix the KeyboardEvent mochitests	NEW	P3		[tor][fingerprinting][fp-triaged]
503221	Locale can be determined using jar: protocol to test resource:///chrome/ entries	NEW	--		[fingerprinting]
572650	[meta] Reduce the amount of data and entropy sent out in HTTP requests	NEW	P5		[fingerprinting][necko-would-take][fp-triaged]
959893	[meta] WebRTC Internal IP Address Leakage	NEW	--		[fingerprinting][fp-triaged]
1041818	take steps to mitigate canvas fingerprinting	NEW	P2		[fingerprinting][tor][fp-triaged]
1233846	WebSpeech Synthesis API mustn't allow fingerprinting	NEW	P3		[fingerprinting][tor 10283][fp-triaged]
1315203	XSHM: Cross Site History Manipulation (information leakage)	NEW	P3		[fingerprinting][fp-triaged]
1325874	Consider seperating page content history for userContextId	NEW	P3		[fingerprinting][fp-triaged][domsecurity-backlog2][userContextId]
1329996	[META] Tor Uplift: Fingerprinting Resistance	NEW	P2		[tor][fingerprinting][domsecurity-meta][fp-triaged]
1336208	Bundle and whitelist fonts when privacy.resistFingerprinting = true	NEW	P3		[fingerprinting][gfx-noted][fp-triaged]
1356381	[META] Add Telemetry and Perform Experiments to measure breakage/impact of Anti-Fingerprinting Patches	NEW	P3		[domsecurity-meta] [fingerprinting][fp-triaged]
1362184	Add Telemetry for IndexedDB	NEW	P5		[fingerprinting][fp-triaged]
1372288	[meta] WebExtensions can be used as user fingerprint	NEW	P3		[fingerprinting][fp-triaged]
1383656	Tweak and analyze the value and find out an appropriate way to generate the padding size for opaque response	NEW	P3		[fingerprinting] [fxprivacy] [fp-triaged]
1394448	Cannot install Addon with privacy.resistFingerprinting==true	NEW	P3		[fp-triaged][domsecurity-backlog1][fingerprinting]
1397996	scrollbar thickness reveals platform	NEW	P2		[tor][fingerprinting][fp-triaged][tor 22137]
1401493	Perform Fingerprint Comparison of Tor Browser and Firefox	NEW	P3		[tor][fingerprinting][fp-triaged]
1403747	When privacy.resistFingerprinting is true, warn users not to maximize their window	NEW	P5		[tor][fingerprinting][fp-triaged]
1405971	Webextension UUID leak to servers via Fetch request headers	NEW	P3		[fingerprinting][fp-triaged]
1409974	KeyboardEvent.location could be used as a user behavior fingerprinting vector.	NEW	P3		[fingerprinting][fp-triaged]
1412814	privacy.resistFingerprinting should do something smarter about system metric media queries.	NEW	P3		[gfx-noted][fingerprinting][fp-triaged]
1414162	Investigate and improve privacy.resistFingerprinting handling when toggled on mid-session	NEW	P5		[fingerprinting][fp-triaged]
1414311	New window size is different than expected after changing screen dpi (with privacy.resistFingerprinting pref enabled)	NEW	P2		[fingerprinting][fp-triaged][tor 30970]
1420653	DeviceId is persisted even if cookies are disabled, allowing persistent fingerprint	NEW	P3		[fingerprinting][fp-triaged]
1420809	Permissions that are perpetually denied should not return Reject immediately	NEW	P3		[fingerprinting][fp-triaged]
1422482	OS username disclosure using downloads manager	NEW	P3		[fingerprinting][tor]
1422890	Add additional Canvas Fingerprinting Tests	NEW	P3		[fingerprinting][gfx-noted][fp-triaged]
1426232	Consider a Timezone Permission for Resist Fingerprinting	NEW	P5		[fingerprinting][fp-triaged]
1428033	Apply Resist Fingerprinting Protection to WebGL	NEW	P5		[fingerprinting][gfx-noted][fp-triaged]
1429097	Pause execution when Canvas Permission Prompt is displayed	NEW	P3		[fingerprinting][gfx-noted][fp-triaged]
1429519	Add a canvas-imagedata permission	NEW	P3		[fingerprinting][gfx-noted][fp-triaged]
1429648	Add tests that handle timer rounding	NEW	P3		[fingerprinting][fp-triaged]
1429865	Allow managing canvas permissions in about:preferences when resistFingerprinting is on	NEW	P3		[gfx-noted][fingerprinting][fp-triaged]
1502831	Use software rendering to mitigate canvas fingerprinting while privacy.resistFingerprinting=True	REOPENED	P2		[fingerprinting][fp-triaged]
1449732	Do not expose Local IP Address in Resist Fingerprinting Mode	REOPENED	P5		[fingerprinting][fp-triaged]
1447011	Permit setting HSTS entries only on the host name or the eTLD+1	NEW	P3		[fingerprinting][psm-backlog][fp-triaged]
1450398	[meta] Resist Fingerprinting Mode should allow finer control of applicability	NEW	P3		[fingerprinting][fp-triaged][fpp:m?]
1450401	mozFullScreen leaks exact screen resolution	NEW	P3		[fingerprinting][fp-triaged]
1466148	WebRTC leaks internal addresses even when camera/mic permissions are not granted	NEW	P3		[fingerprinting][fp-triaged]
1470592	macOS 10.14 Camera/Mic Permissions granted in Private Browsing Mode shouldn't persist	NEW	P3		[tor][fingerprinting][fp-triaged]
1472808	For privacy.resistFingerprinting, spoof Keyboard Layout according to content locale	NEW	P3		[tor][fingerprinting][fp-triaged]
1475973	browser/components/resistfingerprinting/test/browser/browser_roundedWindow_open_* and browser/components/resistfingerprinting/test/browser/browser_roundedWindow_windowSetting_* fail on Windows install with 150% dpi	NEW	P3		[tor][fingerprinting][fp-triaged]
1485249	WebGL extensions should be disabled when private.resistFingerprinting is enabled	NEW	P2		[tor 6370][gfx-noted][fingerprinting][fp-triaged]
1485258	When privacy.spoof_english is true, don't reveal locale by charset fallback	NEW	P3		[tor 20025][fingerprinting][fp-triaged]
1490728	Improve discoverability/explanation of RFP	NEW	P3		[tor][fingerprinting][domsecurity-backlog1][fp-triaged]
1507517	[META] Breakage from Fingerprinting Resistance	NEW	P3		[fingerprinting][fp-triaged][domsecurity-backlog1]
1507879	Investigate getClientRects for fingerprinting	NEW	P3		[tor 29564][fingerprinting][fp-triaged]
1522517	[meta] Unify software rendering settings while privacy.resistFingerprinting=True	NEW	P2		[fingerprinting][fp-triaged]
1522528	Disable anialiasing while privacy.resistFingerprinting=True	NEW	P2		[fingerprinting][fp-triaged]
1532859	Non-integer devicePixelRatio's cause blurriness with RFPTarget::WindowDevicePixelRatio	NEW	P3		[domsecurity-backlog1][tor][fingerprinting][fp-triaged][fpp:m?]
1538718	Account for Display Scaling when rendering	NEW	P3		[fingerprinting]
1542676	Round subpixel accuracy of window properties to integers when resistfingerprinting is enabled	NEW	P3		[tor 26607][fingerprinting]
1562290	Need a mechanism to limit gyroscope data leakage for fingerprinting	NEW	P3		[fingerprinting]
1356383	Add Telemetry for Gamepad API	REOPENED	P3		[fingerprinting][fp-triaged]
1581453	Resist Fingerprinting retriggers Bug 402089 - nsDOMUIEvent should cache coordinates when DuplicatePrivateData is called	NEW	P3		[fingerprinting]
1582687	Block user-installed fonts by default	NEW	--		[fingerprinting]
1617872	Consider making IsResistFingerprintingEnabled affect shared memory	NEW	P3		[fingerprinting][domsecurity-backlog1]
1636005	Default submit button label length allows browser language fingerprinting	NEW	P3		[reporter-external] [client-bounty-form] [verif?][fingerprinting][domsecurity-backlog1]
1717671	Avoid the use of a persistent UUID in the public base URL of extensions	NEW	P3		[mv3-future][sp3][fingerprinting]
1719738	Simplify Timezone Names to Reduce Fingerprinting	NEW	--		[fingerprinting]
1722181	Math Fingerprinting via Polyfills	NEW	P3		[fingerprinting]
1772039	Enabling privacy.resistFingerprinting causes the zoom cameras/screens to be a black screen.	NEW	P3		[fingerprinting][domsecurity-backlog3]
1916271	Gecko reveals sanitized GPU Characteristics; webkit and blink return hardcoded strings for all users	NEW	--		[client-bounty-form][fingerprinting]
1928095	x86/x86_64 architecture are exposed through sign bit on NaN arithmetic	NEW	P5		[fingerprinting]
1940296	Vsync is enabled on Wayland when RFP is on and leaks the monitor refresh rate	NEW	P3		[fingerprinting]
1330882	When privacy.resistFingerprinting = true, set new windows to rounded dimensions [tor 19459]	REOPENED	P3		[fingerprinting][tor][fp-triaged]
1591337	RFP screen spoofs: step common spoofs based on inner window	ASSIGNED	P3	Pier Angelo Vendrame	[fingerprinting]
1579584	Have window.outerHeight/outerWidth lie and report the innerHeight/innerWidth	NEW	P3	Tom Ritter [:tjr]	[fingerprinting][fpp:future]
1314443	Audit the existing disable WebRTC preferences and ensure they work as advertised	ASSIGNED	P3	Tom Ritter [:tjr]	[tor][fingerprinting][tor-mobile][fp-triaged]

72 Total; 72 Open (100%); 0 Resolved (0%); 0 Verified (0%);