Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2011-10-08T01:34:19Zhttps://gitlab.torproject.org/legacy/trac/-/issues/4197Torbutton formfill blocking can't be undone2011-10-08T01:34:19ZMike PerryTorbutton formfill blocking can't be undoneWe seem to be unable to properly undo the formfill blocking when it is disabled in Torbutton.
Also, even if it is disabled to allow saving form data to disk, we should probably be setting signon.autofillForms to false, to prevent linkab...We seem to be unable to properly undo the formfill blocking when it is disabled in Torbutton.
Also, even if it is disabled to allow saving form data to disk, we should probably be setting signon.autofillForms to false, to prevent linkability between domains.
http://kb.mozillazine.org/Signon.autofillFormsMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/4192make Tor Browser fail to connect when not launched from Vidalia2020-06-15T23:15:25ZJacob Appelbaummake Tor Browser fail to connect when not launched from VidaliaIt is possible to directly launch Firefox. On Windows users who launch TBB will have two icons in their taskbar/dock like thing - a Vidalia onion and the Browser planet icon. Users who run TBB will "pin" the browser icon and run _that_ d...It is possible to directly launch Firefox. On Windows users who launch TBB will have two icons in their taskbar/dock like thing - a Vidalia onion and the Browser planet icon. Users who run TBB will "pin" the browser icon and run _that_ directly.
We must prevent this - probably by ensuring that the browser will launch the right things if a user attempts to do this.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/4017Make download manager memory-only2020-06-13T00:33:06ZMike PerryMake download manager memory-onlyWithout private browsing mode enabled, the download manager writes and then removes rows from the sqlite database, despite our use of browser.download.manager.retention=0.Without private browsing mode enabled, the download manager writes and then removes rows from the sqlite database, despite our use of browser.download.manager.retention=0.TorBrowserBundle 2.2.x-stableMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/3997Problems with twitter2020-06-15T23:13:45ZTracProblems with twitterI'm experiencing some issues w/ twitter. I use Tor Bundle 2.2.32-4, the latest one on the blog, on Ubunut and I couldn't access twitter two days ago and still. The problem is sometimes it give me just a white blank page, after retrying f...I'm experiencing some issues w/ twitter. I use Tor Bundle 2.2.32-4, the latest one on the blog, on Ubunut and I couldn't access twitter two days ago and still. The problem is sometimes it give me just a white blank page, after retrying for manytimes, it might open the home page but I can't tweet anything, and the timeline don't get updated at all. I can't access my mentions or any other things on twitter. On the right panel, there are no pictures of my followers of people I'm following and the trends don't appear too. Just for note: I use Tor Bundle for Windows and the same problem there, and I can access my account from HootSuite client without any problems. If you didn't understand the problem I would upload pictures of it. Forgive my English and forgive me for any mistakes b/c this is my first time. Thank you for what are you doing here.
**Trac**:
**Username**: 7__rTorBrowserBundle 2.2.x-stableMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/3960Torbutton's toggle disabled zoom.siteSpecific on TBB.2011-09-09T17:43:42ZMike PerryTorbutton's toggle disabled zoom.siteSpecific on TBB.Another regression caused by #2338.Another regression caused by #2338.TorBrowserBundle 2.2.x-stableMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/3955Torbutton addon for firefox makes gmail buggy2011-10-08T01:32:10ZTracTorbutton addon for firefox makes gmail buggyHi !
Torbutton add-on for firefox induces server error 103 when an email is sent with an attachment in gmail.
Issue happened with :
Firefox 6.0.1 and 8.0a2 on ubuntu 11.04
Torbutton 1.4.2
Mail sending without an attachment is ok, bu...Hi !
Torbutton add-on for firefox induces server error 103 when an email is sent with an attachment in gmail.
Issue happened with :
Firefox 6.0.1 and 8.0a2 on ubuntu 11.04
Torbutton 1.4.2
Mail sending without an attachment is ok, but when an attachment is added mail sending fails with error code 103.
Problem is solved disabling torbutton extension.
Regards,
Nicolas
**Trac**:
**Username**: nblouvetonMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/3933app.update.auto is getting changed to true2011-09-09T14:31:24ZErinn Clarkapp.update.auto is getting changed to trueWe currently ship a prefs.js in TBB that disallows auto updating of Firefox, but for some reason this is being changed from false to true, either at run time or some other time. I think it is possible (likely) that either one of the othe...We currently ship a prefs.js in TBB that disallows auto updating of Firefox, but for some reason this is being changed from false to true, either at run time or some other time. I think it is possible (likely) that either one of the other prefs for updating we set to true is causing this other one to be overridden, or we are missing some kind of build option (or adding one inadvertently) that is causing Firefox itself to override/overwrite this pref. I will investigate and fix this before our September 10th release.TorBrowserBundle 2.2.x-stableMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/3928Auto-scroll broken on Twitter w/ Torbotton/TBB2011-09-09T18:23:16ZMike PerryAuto-scroll broken on Twitter w/ Torbotton/TBBThe auto-scroll JS to get more than a page worth of results is broken on twitter.com when viewed from TBB..The auto-scroll JS to get more than a page worth of results is broken on twitter.com when viewed from TBB..TorBrowserBundle 2.2.x-stableMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/3916Rebase Firefox patches to 6.0.12011-09-03T10:27:09ZMike PerryRebase Firefox patches to 6.0.1We need to rebase to 6.0.1 and drop the diginotar patch.We need to rebase to 6.0.1 and drop the diginotar patch.TorBrowserBundle 2.2.x-stableMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/3885Investigate memory consumption of metrics-web2020-06-13T18:12:44ZKarsten LoesingInvestigate memory consumption of metrics-webLast week, metrics-web on yatei ran out of memory quite often. The reason is probably that we're reading too much stuff from stats/ (in order to avoid parsing stuff twice) without garbage collecting aggressively enough. In particular, ...Last week, metrics-web on yatei ran out of memory quite often. The reason is probably that we're reading too much stuff from stats/ (in order to avoid parsing stuff twice) without garbage collecting aggressively enough. In particular, stats/archives-import-history and stats/bridge-stats-raw might be problematic.
The workaround was to change max memory from 4G to 8G. This fixes the problem for now, but obviously we can do better.Karsten LoesingKarsten Loesinghttps://gitlab.torproject.org/legacy/trac/-/issues/3879Framed sites broken (yopmail, gmane, gmaps, etc)2020-06-13T00:34:39ZcypherpunksFramed sites broken (yopmail, gmane, gmaps, etc)Since I've updated to Iceweasel 6.0-4 and subsequently 7.0~b2-1 ("b2" stands for "beta 2") the Torbutton add-on (1.4.1) is breaking the frame system. Reproducible with (e.g.) [0] (other pages with frames, I'm using, are behind logins and...Since I've updated to Iceweasel 6.0-4 and subsequently 7.0~b2-1 ("b2" stands for "beta 2") the Torbutton add-on (1.4.1) is breaking the frame system. Reproducible with (e.g.) [0] (other pages with frames, I'm using, are behind logins and thus no good public examples ;)). Instead of loading the e-mail's content in the lower frame, a new tab/window (depending on your settings) is opened. Disabling Torbutton works around this bug.
Iceweasel 6.0-2 was the last known working version. Iceweasel is the same as Firefox, just the name was changed due to Mozilla making much ado about nothing. The Debian revisions (e.g. "-2" or "-4") indicate updates to the packaging and sometimes the inclusion of upstream commits/patches, for details about what changed, see [1].
[0] <http://news.gmane.org/gmane.comp.video.mesa3d.devel>
[1] <http://packages.debian.org/changelogs/pool/main/i/iceweasel/current/changelog> and <http://packages.debian.org/changelogs/pool/main/i/iceweasel/iceweasel_6.0-4/changelog>Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/3820Fix a warning and potential issue with session store filter2011-08-26T20:23:25ZMike PerryFix a warning and potential issue with session store filterThe warning "No tab found for session store tag" can appear during "New Identity" in TBB. This is due to a lack of proper context for the browser object. It may also indicate a leak of sessionstore data to disk.The warning "No tab found for session store tag" can appear during "New Identity" in TBB. This is due to a lack of proper context for the browser object. It may also indicate a leak of sessionstore data to disk.TorBrowserBundle 2.2.x-stableMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/3819Cookie protection API fails to clear cookies if none are protected2011-08-26T20:21:52ZMike PerryCookie protection API fails to clear cookies if none are protectedThe cookie protections API I used in "New Identity" would do nothing if you had no protected cookies.
I don't believe this issue affected 1.4.0, though.The cookie protections API I used in "New Identity" would do nothing if you had no protected cookies.
I don't believe this issue affected 1.4.0, though.TorBrowserBundle 2.2.x-stableMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/3811Create a string for a window that tells users about TBB2020-06-13T00:28:34ZMike PerryCreate a string for a window that tells users about TBBWhen TBB 2.2.x is stable, we should have Torbutton pop up a one-time message informing non-TBB users to download and install TBB.
We should create the string early on, so it gets translated before deployment.When TBB 2.2.x is stable, we should have Torbutton pop up a one-time message informing non-TBB users to download and install TBB.
We should create the string early on, so it gets translated before deployment.TorBrowserBundle 2.2.x-stableMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/3809Remove referer spoofing support2020-06-13T02:00:55ZMike PerryRemove referer spoofing supportReferer spoofing breaks browser navigation due to an interaction with our content policy. We could alter the content policy, but that would make the toggle model even less safe, because of Firefox API limitations. Basically the fix would...Referer spoofing breaks browser navigation due to an interaction with our content policy. We could alter the content policy, but that would make the toggle model even less safe, because of Firefox API limitations. Basically the fix would increase the probability that some requests might leak through from one torbutton state to another.
I am kind of torn. On the one hand, since we're don't really support the toggle model, it might be fine to make it (more) insecure. However, I don't really think the referrer blocking feature is very useful, and I am planning on removing it in the next major release.. So to break it for this reason seems kind of silly.
Hence, let's hide the referer spoofing option, demoting it to an about:config pref only, to prevent people from breaking their TBBs with it.
We will remove the pref entirely in a future release.TorBrowserBundle 2.2.x-stableMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/3754SafeCache implementation breaks OCSP validation2020-06-13T00:28:54ZGeorg KoppenSafeCache implementation breaks OCSP validationIf one configures Firefox to fail hard if there occurs an error while validating certificates using OCSP the SafeCache implementation leads to failures that do not exist without it. Steps to reproduce:
1) Configure Firefox properly (che...If one configures Firefox to fail hard if there occurs an error while validating certificates using OCSP the SafeCache implementation leads to failures that do not exist without it. Steps to reproduce:
1) Configure Firefox properly (check "Use the Online Certificate Status Protocol (OCSP) to confirm the current validity of certificates"; Use "Validate all certificates using the following OCSP Server" and take the first one (in my case: https://rca.e-szigno.hu/ocsp); check "When an OCSP connection fails, treat the certificate as invalid"
2) Restart Firefox and surf to e.g. https://anonymous-proxy-servers.net/forum/ if that does not already break the validation then open in a second tab https://ssl.scoogle.org and it breaks always.
3) Do the same without Torbutton installed and it works fine.
The problematic code is (for whatever reason, I am currently debugging it as JonDoFox is affected as well):
```
if(!this.readCacheKey(channel.cacheKey)) {
this.setCacheKey(channel, channel.URI.host);
} else {
SSC_dump("Existing cache key detected; leaving it unchanged.");
}
```
If you comment that code everything works fine in Torbutton again.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/3649Error applying Non-Tor settings: NS_ERROR_FILE_ACCESS_DENIED2020-06-13T00:30:21ZTracError applying Non-Tor settings: NS_ERROR_FILE_ACCESS_DENIEDI’m not sure whom I’m to file the error to. It says to “file bug report”. I was trying to access some site that I cannot remember.
The following error was shown while I was in FireFox:
[JavaScript Application]
Torbutton: Please file b...I’m not sure whom I’m to file the error to. It says to “file bug report”. I was trying to access some site that I cannot remember.
The following error was shown while I was in FireFox:
[JavaScript Application]
Torbutton: Please file bug report! Error applying Non-Tor settings: [Exception... 'Component returned failure code: 0x80520015 (NS_ERROR_FILE_ACCESS_DENIED)
[nsIPrefService.savePrefFile]' nsresult: “0x80520015 (NS_ERROR_FILE_ACCESS_DENIED)” location: 'JS frame :: chrome://torbutton/content/torbutton.js :: torbutton_update_status :: line 1666” data: no]
**Trac**:
**Username**: ronTorBrowserBundle 2.2.x-stableMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/3454Cookie protections ignore disk settings2011-06-24T00:01:08ZMike PerryCookie protections ignore disk settingsThe Cookie protections dialog is writing cookie protection information to disk regardless of the cookie disk settings.The Cookie protections dialog is writing cookie protection information to disk regardless of the cookie disk settings.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/3446Support Firefox 5.0.2011-07-06T01:19:35ZMike PerrySupport Firefox 5.0.Torbutton 1.4.0 should claim to be Firefox 5.0, as it looks like that is what we'll be using in TBB 2.2.x.
We should also perform some basic tests of FF5.0 compatibility. The set of changes on https://developer.mozilla.org/en/Firefox_5_...Torbutton 1.4.0 should claim to be Firefox 5.0, as it looks like that is what we'll be using in TBB 2.2.x.
We should also perform some basic tests of FF5.0 compatibility. The set of changes on https://developer.mozilla.org/en/Firefox_5_for_developers looks small enough that it might just work.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/3444Bw auths should group nodes by ratio (stream capacity), not consensus bw2020-06-13T16:18:32ZMike PerryBw auths should group nodes by ratio (stream capacity), not consensus bwRight now, the bw auths group nodes into "slices" of 50 nodes of similar consensus bandwidth. This is probably not the optimal grouping. They should instead be grouped by stream capacity. This is also equivalent to grouping them by the r...Right now, the bw auths group nodes into "slices" of 50 nodes of similar consensus bandwidth. This is probably not the optimal grouping. They should instead be grouped by stream capacity. This is also equivalent to grouping them by the ratio of the consensus bandwidth to the descriptor bandwidth.
This would be implemented as a PathSupport.RatioPercentRestriction. We should then be able to easily switch from PercentileRestrictions to RatioPercentileRestrictions without too much issue.
This will result in faster scans and more accurate measurements.Mike PerryMike Perry