# General

The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).

The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.

`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.

## Firefox: https://github.com/mozilla/gecko-dev.git

- Start: `99300ebd4a4a6440b6a11a80108f1ed6d867cdb4` ( `FIREFOX_RELEASE_99_BASE` )
- End:   `cd4dcd48476d8cb29f4770f6fb659e440ff84345`  ( `FIREFOX_RELEASE_100_BASE` )

### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust

Nothing of interest (using `code_audit.sh`)

---

## Application Services: https://github.com/mozilla/application-services.git

- Start: `1fcdb5984be6e0cc460d00cde44c49b7e3ac1ec6` ( `v92.0.0` )
- End:   `21f2904245a956366cae798e16035156c8232cad`  ( `v93.0.2` )

### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust

Nothing of interest (using `code_audit.sh`)

## Android Components: https://github.com/mozilla-mobile/android-components.git

- Start: `4154c161f0949fdf3e94780c8b5ac360722e909c` ( `v99.0.0` )
- End:   `2cf4dbe50f6810d373aeb550e722fabfc6816f56`  ( `v99.0.10` )

### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust

Nothing of interest (using `code_audit.sh`)

## Fenix: https://github.com/mozilla-mobile/fenix.git

- Start: `f4a5a4e471d17be791d73fddc63ebdfb734368e4` ( `v99.0.0-beta.1` )
- End:   `2421d3731e49faf5e2b9d3d4aa41bdbf3e81459a`  ( `releases_v99.0.0` )

### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust

Nothing of interest (using `code_audit.sh`)

## Ticket Review ##

### 99 https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolution=FIXED&target_milestone=99%20Branch&order=priority%2Cbug_severity&limit=0

- https://bugzilla.mozilla.org/show_bug.cgi?id=1755354 @dan https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41138
  - Nothing to do, already disabled by pref
- https://bugzilla.mozilla.org/show_bug.cgi?id=1637922 @richard https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41139
  - Nothing to do, already disabled by pref
- https://bugzilla.mozilla.org/show_bug.cgi?id=1751366 @ma1 https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41140
  - Nothing to do, will investigate backing this out in 12.5 alpha to investigate performance improvements ( opened https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41397 )
- https://bugzilla.mozilla.org/show_bug.cgi?id=1675054 @dan https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41141
  - Not a security risk, bu discoverd the feature should also likely be enabeld for http .onion domains; opened https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41399