Security/Fusion/Dashboard/Tor Uplift

From MozillaWiki
Jump to: navigation, search

Bug Tracking

Tor Uplift bugs are tracked under the meta bug:
bug 1260929 - [META] Tor Patch Uplifting

Open Bugs

Full Query
ID Summary Priority Status Assigned to Whiteboard
1041818 take steps to mitigate canvas fingerprinting P2 NEW [fingerprinting][tor][fp-triaged]
1305177 Provide observer notification to allow extensions to cancel external app launch (Tor 19273) P2 NEW [tor]
1329996 [META] Tor Uplift: Fingerprinting Resistance P2 NEW [tor][fingerprinting][domsecurity-meta][fp-triaged]
440892 network.protocol-handler.warn-external are ignored P3 NEW [tor][tor-standalone]
1205598 Print preview doesn't honor Private Browsing Mode and writes to /tmp P3 NEW [tor][tor-standalone]
1213698 error: undefined reference to 'dlsym' if building with ASan and GCC (Tor 17509) P3 REOPENED [tor][tor-standalone]
1217166 OS X trying to run a profile from a mounted DMG file (read-only) shows error "Another copy of Firefox is running" (Tor 14631) P3 NEW [tor][tor-standalone]
1287994 Implement named pipe support on option SocksPort for Windows users (Tor 14209) P3 NEW [tor][necko-backlog][proxy]
1299996 [META] Support Tor first-party isolation P3 NEW [tor] [domsecurity-meta] [ETA 11/7]
1303456 Implement Optimistic SOCKS variant P3 NEW [tor 3875][necko-backlog]
1330882 When privacy.resistFingerprinting = true, set new windows to rounded dimensions [tor 19459] P3 REOPENED [fingerprinting][tor][fp-triaged]
1216882 When "security.nocertdb" pref is true, HTTP Auth Dialog fails (Tor 14716) P5 NEW [tor][necko-backlog][tor-standalone]
1284986 JavaScript error: chrome://browser/content/pageinfo/permissions.js, line 224: Error: Callback received for bad URI: [xpconnect wrapped nsIURI @ 0x12cf99d40 (native @ 0x1356f7b08)] P5 NEW [fxprivacy][OA][tor]
1366202 Randomize HTTP requests to defend against traffic fingerprinting (Tor 5282) P5 NEW [tor][necko-would-take]
1369299 Add a test to assure GeoIP/RegionDefault won't send whenGeoIP search is disabled P5 NEW [tor]
1433504 Add a build flag for proxy bypass protection -- NEW [tor]
1434660 Automated test for updater cert pinning -- NEW [tor 18912]
1831879 The "Save image" and "Download link" context menu items do not have a download confirmation prompt like other browsers, making it possible to leak private tabs by accident -- NEW

18 Total; 18 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Closed Bugs

Full Query
ID Summary Priority Resolution Assigned to Whiteboard
863246 resource:// URIs leak information (Tor 8725) P1 FIXED Chung-Sheng Fu [:cfu] [tor][fingerprinting][fp:m3]
1217290 Add fingerprinting resistance for WebGL (Tor 16005) P1 FIXED Chung-Sheng Fu [:cfu] [tor][tor-standalone][fingerprinting][fp:m3]
1330876 use properly contrasting colors if the desktop theme specifies white on black for text colors [tor 6786] P1 FIXED Chung-Sheng Fu [:cfu] [fingerprinting] gfx-noted [tor][fp:m2]
967895 Prompt (w/ Site Permission) before allowing content to extract canvas data (Tor 6253) P1 FIXED Chung-Sheng Fu [:cfu] [tor][fingerprinting][fp:m3][ux]
1434706 Add a preference to disable FxA/Sync and hide their UI P1 FIXED Edouard Oger [:eoger] [tor 16488][tor 22564]
1281963 Hide navigator.plugins and navigator.mimeTypes when resisting fingerprinting (Tor 17207) P1 FIXED Dave Huseby [:huseby] [tor][fingerprinting]
1330892 <isindex> leaks user locale P1 FIXED [fingerprinting][tor][fp:m3]
1217238 Reduce precision of time exposed by Javascript (Tor 1517) P1 FIXED Jonathan Hao (inactive) [:jhao] [fingerprinting][tor][fp:m1]
1301523 Add a test that checks HTTP auth is isolated by first party domain (Tor 13900) P1 FIXED Jonathan Hao (inactive) [:jhao] [tor-testing][OA-testing][necko-next]
1115712 make DataStorage for HPKP and HSTS enumerable via xpcom P1 FIXED Jonathan Hao (inactive) [:jhao] [psm-assigned]
1222285 Keyboard layout is leaked by KeyboardEvent P1 FIXED Tim Huang[:timhuang] [tor 15646][tor 17009][tor-standalone][fingerprinting][fp:m3][fp-triaged]
1289319 Add a test framework for the first party isolation tests. P1 FIXED Tim Huang[:timhuang] [tor-testing][OA-testing][domsecurity-active]
1230910 Get sandbox compiled with mingw-w64 P1 FIXED Tom Ritter [:tjr] (OOTO until 4/30 at least) [tor 16010][tor 23658][tor-standalone], sb-
1330890 Use UTC timezone when privacy.resistFingerprinting = true [tor 16622] P1 FIXED Tom Ritter [:tjr] (OOTO until 4/30 at least) [fingerprinting][tor 16622][fp:m1][fp-triaged]
1434772 test to ensure CacheStorage is disabled in Private Browsing mode P2 FIXED Arthur Edelstein [:arthur] [tor 18995]
1266495 Consider removing <isindex> from the parser and form submission [tor 18914] P2 FIXED Henri Sivonen (:hsivonen) btpp-active [tor][fingerprinting]
1264567 Tests for first party isolation of localStorage (Tor 13749.1) P2 FIXED Jonathan Hao (inactive) [:jhao] [tor-testing][OA-testing][domsecurity-active][ETA 10/10]
1282279 Make user certificates Origin Attribute aware P2 FIXED Jonathan Hao (inactive) [:jhao] [domsecurity-backlog3][userContextId][tor][OA]
1323644 Isolate the HSTS and HPKP cache by first party domain. P2 FIXED Jonathan Hao (inactive) [:jhao] [tor][tor 17965][necko-would-take][OA]
1278037 Make the ForgetAboutSite to forget a site not only for all userContextIds, but also for all originAttributes in general. P2 FIXED Tim Huang[:timhuang] [OA][domsecurity-active]
1376621 Enforce that Rust code is proxy-safe (doesn't call directly into libc networking functions) P2 FIXED Tom Ritter [:tjr] (OOTO until 4/30 at least) [tor 21862]
1211567 Add support for domain socket/fifo connection to proxy. P2 FIXED Gary Chen [:xeonchen] [tor][necko-active][proxy]
1288308 Add support for named pipe connection to proxy. P2 FIXED Gary Chen [:xeonchen] [tor][proxy][necko-active]
1433350 As defense in depth, don't load user's name etc. into memory P3 FIXED :aceman [tor 13398][overhead:noted]
1121643 Add an option to only expose whitelisted system fonts to avoid fontlist fingerprinting (Tor 13313) P3 FIXED Arthur Edelstein [:arthur] [gfx-noted] [tor][fingerprinting]
1216893 Add pref to optionally disable SVG (Tor 12827) P3 FIXED Jonathan Kingston [:jkt] he/him [tor][tor-standalone]
1173199 Add a pref to allow disabling MathML (Tor 13548) P3 FIXED Jonathan Kingston [:jkt] he/him [tor]
1174386 Internationalization on workers uses the wrong locale P3 FIXED Jeff Walden [:Waldo] [tor]
1047105 asmjscache: should not store cache entries when private browsing is enabled (Tor 19417) P3 FIXED Kyle Machulis [:qdot] [:kmachulis] (INACTIVE) [tor][OA]
1334485 Tracking using intermediate CA caching P3 FIXED [psm-backlog][tor]
967977 Add a pref to disable SSL Session cache (Disable sending session IDs and sending session tickets) -- FIXED Arthur Edelstein [:arthur] [tor]
1173171 Provide pref to disable download of remote jar files (Tor 12430) -- FIXED Arthur Edelstein [:arthur] [tor]
1187701 Implement add_task function for mochitest chrome and plain -- FIXED Arthur Edelstein [:arthur] [tor]
1190590 MinGW build fails with --enable-bundled-fonts -- FIXED Arthur Edelstein [:arthur] [gfx-noted][tor]
1305144 Spoof referrer when leaving a .onion domain (Tor 17334) -- FIXED Arthur Edelstein [:arthur] [tor][necko-would-take]
1193593 Test fingerprinting resistance for media queries in picture elements -- FIXED Arthur Edelstein [:arthur] [tor][fingerprinting]
1200802 Accept SOCKS credentials in proxyInfo object -- FIXED Arthur Edelstein [:arthur] [tor]
967812 Permissions Manager writes to disk in Private Browsing Mode -- FIXED Arthur Edelstein [:arthur] [tor]
867501 Date.toLocaleFormat exposes OS locale (Tor 13019) -- FIXED Arthur Edelstein [:arthur] [fingerprinting][tor]
1217985 Don't depend on Windows crypto DLLs if not building the Windows Maintenance Service -- FIXED Arthur Edelstein [:arthur] [tor]
629558 need way to disable intermediate SSL certificate cache to demonstrate SSL problems -- FIXED Arthur Edelstein [:arthur] [tor]
436344 nsIProtocolProxyFilter.applyFilter() should be handed channel or request instead of URI (Tor 3455) -- FIXED Arthur Edelstein [:arthur] [tor]
1281959 Introduce pref to disable "open with" option in download dialog (Tor 17502) -- FIXED Arthur Edelstein [:arthur] [tor]
418986 window.screen and CSS media queries provide a large amount of identifiable information (Tor 2875) -- FIXED Arthur Edelstein [:arthur] [fingerprinting][tor 5856][tor 2875][tor 4755]
1281949 screen.orientation should be spoofed when privacy.resistFingerprinting is enabled (Tor 18958) -- FIXED Arthur Edelstein [:arthur] [tor][fingerprinting] btpp-active
1078657 Add a Task library for mochitest chrome and plain -- FIXED Arthur Edelstein [:arthur] [tor]
962314 Create nsIXULAppinfo.processID for obtaining Firefox PID -- FIXED Kathleen :Brade [tor]
429070 exposing Components.interfaces to untrusted content leaks information about installed extensions -- FIXED Camilo Viecco (:cviecco) [sg:low][tor]
939319 Provide a drag-and-drop observer to allow event filtering -- FIXED Georg Koppen [tor]
232227 System colors for form elements used when browser.display.use_system_colors is set to false -- FIXED Dave Huseby [:huseby] [tor]
962358 Provide an API/observer to close persistent connections -- FIXED Dave Huseby [:huseby] lame-network [tor]
751465 Websockets leak DNS requests (Tor 5741) -- FIXED Jason Duell [tor]
967970 Set NSDisablePersistence to prevent disk leaks for non-Firefox branded builds -- FIXED Mike Perry [tor] [qa-]
570342 Metabug for mingw-w64 compilation -- FIXED [tor]
1290529 clear HSTS and HPKP for subdomains as well when bug 1115712 is fixed -- FIXED Jonathan Hao (inactive) [:jhao]
1336867 Remove unsafeProcessHeader and isSecureHost in nsISiteSecurityService -- FIXED Jonathan Hao (inactive) [:jhao]
836439 Handle downloads started in private browsing mode -- FIXED Raymond Lee [:raymondlee] [tor]
1159826 ensure_copy_recursive() leaks directory streams -- FIXED Robert Strong (they/them - no direct email) [tor]
967979 Provide a pref to prevent "This Plugin is Disabled" barrier (Tor 8312) P3 INVALID [tor]
1235520 Firefox 44 beta4: totally broken appearance in Linux/CentOS 6.7 i686 when ui.use_native_colors is set to false P2 WONTFIX [tor][tor-standalone]
1524408 Enforce that Windows/Mac Rust code is proxy-safe (doesn't call directly into libc networking functions) P2 WONTFIX Tom Ritter [:tjr] (OOTO until 4/30 at least) [tor 21862]
1337647 Make a prototype of Fennec connecting to Tor network P3 WONTFIX [tor-mobile]
817255 nsPluginHost::UnloadPlugins should send plugins-list-updated if there were any plugins to begin with (Tor 3547) P3 INACTIVE [tor][tor-standalone]
1434666 updater failing on Linux (cannot find libraries) P2 DUPLICATE Arthur Edelstein [:arthur] [tor 18900]
732096 Add a preference to prevent local font enumeration P3 DUPLICATE [fingerprinting][tor][tor-standalone]
939354 Meta-bug for additional third party tracking isolation options -- DUPLICATE [tor]
870346 innerHeight of content window is not properly resized from extensions on startup -- DUPLICATE [tor][tor-standalone]
1432905 Add pref to prevent localhost DNS lookup in nsProfileLock.cpp -- DUPLICATE [tor 18800]
565965 Key cookies on setting domain * toplevel load domain -- DUPLICATE [evang-wanted][necko-backlog][tor]
1437349 Detect if user install certain software with external protocol -- DUPLICATE [fingerprinting]
1560896 Cloudflare protected websites do not load properly with Tor proxy -- DUPLICATE [tor]
1245470 mingw-w64 compiled Firefox breaks with EMET (Tor 13893) P3 WORKSFORME Georg Koppen [tor][tor-standalone]
1280628 update badge shown after fallback to complete update (Tor 19411) P3 WORKSFORME [tor][tor-standalone]
1192643 window.indexedDB throws when dom.indexedDB.enabled=false P3 WORKSFORME [tor 21308]
1275916 Fix ICU cross-compilation with mingw-w64 -- WORKSFORME Georg Koppen [tor]

75 Total; 75 Open (100%); 0 Resolved (0%); 0 Verified (0%);

Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Fusion/Dashboard/Tor_Uplift&oldid=1203935"