Security/Tor Uplift/Tracking

From MozillaWiki
Jump to: navigation, search

Tor Uplift

To uplift all of the Tor Browser patches to mainline Firefox. The general approach is to add preferences for anything that breaks the web and set them to default "off" so that the behavior of default Firefox does not change. All bugs are tagged with [tor]. The Tor Browser design document is here.

Active Bugs

Bugs which are assigned and being worked on.

Full Query
ID Whiteboard Summary Status Resolution Priority Assigned to
1302566 [tor][domsecurity-backlog1][OA] remove the IsInPrivateBrowsing mode from shared workers and use origin attributes instead. REOPENED P3 Andrea Marchesini [:baku]
1213698 [tor][tor-standalone] error: undefined reference to 'dlsym' if building with ASan and GCC (Tor 17509) REOPENED P3 Georg Koppen
1532486 [tor 29120] Ensure media cache is memory-only when in Private Browsing Mode REOPENED P3 Richard Pospesel (Tor Browser Dev)
1314443 [tor][fingerprinting][tor-mobile][fp-triaged] Audit the existing disable WebRTC preferences and ensure they work as advertised ASSIGNED P3 Tom Ritter [:tjr]
1461454 [tor 13543][fingerprinting][fp-triaged] Support Resist Fingerprinting in canPlayType and Media Capabilities APIs ASSIGNED P2 Tom Ritter [:tjr]
1520177 [tor] mingw-clang has broken accessibility REOPENED P3 Tom Ritter [:tjr]
1552706 [tor] Update MinGW to add some missing #defines required by sandbox. ASSIGNED P2 Tom Ritter [:tjr]
1361337 [tor][necko-triaged] dns leaks with remotedns in firefox 45.9.0 over tor ASSIGNED P3 Gary Chen [:xeonchen]
1397996 [tor][fingerprinting][fp-triaged][tor 22137] scrollbar thickness reveals platform ASSIGNED P2 Gary Chen [:xeonchen]
1534339 [tor][domsecurity-active] OriginAttributes.firstPartyDomain does not support IPv6 addresses ASSIGNED P2 Gary Chen [:xeonchen]
1554805 [tor] feed reader WX (Brief) not working with FPI enabled ASSIGNED P2 Gary Chen [:xeonchen]
1560574 [fingerprinting][tor-30800] [necko-triaged] ftp:// on Windows can be used to leak the system time zone (Tor 30800) ASSIGNED P2 Gary Chen [:xeonchen]

12 Total; 12 Open (100%); 0 Resolved (0%); 0 Verified (0%);

Assigned, but not started

These bugs have an owner, but their status is 'NEW' indicating that they are not being worked on yet.

Full Query
ID Whiteboard Summary Status Resolution Priority Assigned to
467035 [sg:low][fingerprinting][fp-triaged][tor 30304] <!DOCTYPE> ignores contentaccessible, leaks DTD strings and therefore browser UI locale NEW P2 Alex Catarineu
1444062 [tor 21321] Adapt browser_insecureLoginForms.js to take into account that .onion domains might be secure NEW P4 Georg Koppen
1538130 [fingerprinting][tor] privacy.resistFingerprinting should not create windows with rounded dimensions when letterboxing is enabled NEW P5 Kestrel
1358149 [tor 13017][fingerprinting][fp-triaged] Address fingerprinting using AudioContext NEW P2 Paul Adenot (:padenot)
1339100 [tor], investigation, triaged Firefox does not open correctly from read-only filesystem (FileUtils.getFile() failure when checking for bundled blocklist) NEW P3 Robert Helmer [:rhelmer]
1436226 [tor 22548] [fingerprinting][fp-triaged] Hardcode VP8/VP9 algorithm choice when resisting fingerprinting NEW P2 Tim Huang[:timhuang]
1475973 [tor][fingerprinting][fp-triaged] browser/components/resistfingerprinting/test/browser/browser_roundedWindow_open_* and browser/components/resistfingerprinting/test/browser/browser_roundedWindow_windowSetting_* fail on Windows install with 150% dpi NEW P3 Tim Huang[:timhuang]
1485249 [tor 6370][gfx-noted][fingerprinting][fp-triaged] WebGL extensions should be disabled when private.resistFingerprinting is enabled NEW P2 Tim Huang[:timhuang]
1519122 [tor][fingerprinting] In RFP Mode, spoof the modifier state "Meta" in OSX into a "Ctrl" state in keyboard events. NEW P2 Tim Huang[:timhuang]
1338006 [OA][tor] Perform OriginAttributes Review of WebRTC NEW P3 Tom Ritter [:tjr]
1393896 [tor] nrappkit uses incorrect preprocessor flags to detect Windows NEW P3 Tom Ritter [:tjr]
1393897 [tor] nICEr does not compile with MinGW because of 'interface' keyword NEW P3 Tom Ritter [:tjr]
1393901 [tor] --enable-webrtc does not build under MinGW NEW P5 Tom Ritter [:tjr]
1393903 [tor] webrtc uses __try macros (which don't exist in MinGW) NEW P5 Tom Ritter [:tjr]
1393905 [tor] Lots of error: inlining failed errors when compiling WebRTC with MinGW NEW P5 Tom Ritter [:tjr]
1393906 [tor] std:: errors when compiling WebRTC with MinGW NEW P5 Tom Ritter [:tjr]
1397624 [tor] Provide an option for first-party isolation in Private Browsing Mode NEW P2 Tom Ritter [:tjr]
1524408 [tor 21862] Enforce that Windows/Mac Rust code is proxy-safe (doesn't call directly into libc networking functions) NEW P2 Tom Ritter [:tjr]
1041818 [fingerprinting][tor][fp-triaged] take steps to mitigate canvas fingerprinting NEW P2 Gary Chen [:xeonchen]

19 Total; 19 Open (100%); 0 Resolved (0%); 0 Verified (0%);

Backlog (all unowned)

Bugs looking for an owner.

    "include_fields": "id, whiteboard, summary, status, resolution, priority, assigned_to",
   "order": "bug_id",


Testing Bugs

Origin Testing bugs are tagged with [tor-testing]

Full Query
ID Whiteboard Summary Status Resolution Priority Assigned to
1264152 btpp-active[OA-testing][tor-testing][domsecurity-backlog1] Create a tag for OriginAttribute mochitests NEW P3
1314449 [necko-would-take][tor-testing][meta] Create testing framework for proxy-bypass tests for Firefox NEW P2
1314793 [tor-mobile][tor-testing] Creating Testing Framework for Proxy Bypasses for Fennec NEW P5
1337868 [OA-testing][tor-testing][domsecurity-backlog1] Add Origin Attribute connection isolation tests for HTTP2, TLS, and WebSockets NEW P3
1365623 [necko-would-take][tor-testing] Create a proxy bypass test for SourceMap NEW P5

5 Total; 5 Open (100%); 0 Resolved (0%); 0 Verified (0%);

Meta Bugs

This list is here for completeness.

Full Query
ID Whiteboard Summary Status Resolution Priority Assigned to
1260929 [tor], [domsecurity-meta] [META] Tor Patch Uplifting NEW P3 Ethan Tseng [:ethan]

1 Total; 1 Open (100%); 0 Resolved (0%); 0 Verified (0%);

Completed Bugs

Patches that have been successfully uplifted (or [tor] tickets otherwise fixed)

   "include_fields": "id, whiteboard, summary, status, resolution, priority, assigned_to",
   "order": "assigned_to,bug_id",
   "resolution":["fixed", "duplicate"]