# General

The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).

The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.

`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.

## Firefox: https://github.com/mozilla/gecko-dev.git

- Start: `a8c31da1c243a855de8c3b241a437dd1b65684d5` ( `FIREFOX_104_0_2_RELEASE` )
- End:   `2dd649f09f70ec5b9304d62daeb427a86bbc5a36`  ( `FIREFOX_105_0_3_RELEASE` )

### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust

Nothing of interest (using `code_audit.sh`)

---

## Application Services: https://github.com/mozilla/application-services.git

- Start: `78b165b798118e9b5fa62af07aa44d663f386492`  ( `v94.1.0` )
- End:   `be8254df118b2fc2aae726e1d13ca4c982bec920`  ( `v94.3.1` )

### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust

Nothing of interest (using `code_audit.sh`)

## Android Components: https://github.com/mozilla-mobile/android-components.git

- Start: `b3e0289b3f07929c0403ac6e672c88b5db079748`
- End:   `658c2d239f9aef5927f654aa36a0b0739b116d92`  ( `v105.0.8` )

### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust

Nothing of interest (using `code_audit.sh`)

## Fenix: https://github.com/mozilla-mobile/fenix.git

- Start: `a5d13e2ef26d4eb98a32c94b6c6530771e90cd56` ( `v105.0b1` )
- End:   `01fbfd63743f30ebca31bbfb775bddef94a01a3e`  ( `v105.2.0` )

### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust

Nothing of interest (using `code_audit.sh`)

## Ticket Review ##

Bugzilla Query: `https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolution=FIXED&target_milestone=105%20Branch&order=priority%2Cbug_severity&limit=0`

#### Problematic Issues

- **Use the WER runtime exception module to catch early crashes** https://bugzilla.mozilla.org/show_bug.cgi?id=1682520
  - *RESOLUTION*: no new functionality here, just making it work better by moving the registration earlier in the Firefox boot process
- **Add a pref to disable Spectre mitigations for Fission web content processes** https://bugzilla.mozilla.org/show_bug.cgi?id=1774178
- **Add Surrogate COM Server to handle native Windows notifications when Firefox is closed.** https://bugzilla.mozilla.org/show_bug.cgi?id=1774083
  - *RESOLUTOIN* COM sever registration happens in the official firefox installer which we do not use, so nothing to do here
- **Add a cookie banner service to automatically handle website cookie banners** https://bugzilla.mozilla.org/show_bug.cgi?id=1783019
  - *RESOLUTION* disabled this feature until fully audit, may bring back in the 13.5 time-frame
- **Add a locale parameter to the text recognition API** https://bugzilla.mozilla.org/show_bug.cgi?id=1782579
  - *RESOLUTION* we'v diabled this system entirely in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42057
- **Broken since Firefox 102.0: no instant fallback to direct connection when proxy became unreachable while runtime** https://bugzilla.mozilla.org/show_bug.cgi?id=1779005
  - *RESOLUTION*: Tor Browser uses explicitly configured proxy settings so this auto-detect system is no used/does not apply to us
- **On systems with IPv6 preferred DNS resolution clients will fail to connect when "localhost" is used as host for the WebSocket server** https://bugzilla.mozilla.org/show_bug.cgi?id=1769994
- **Hide the text recognition context menu if the macOS version doesn't support APIs** https://bugzilla.mozilla.org/show_bug.cgi?id=1782981
  - *RESOLUTION* we'v diabled this system entirely in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42057
- **Implement a context menu modal for text recognition** https://bugzilla.mozilla.org/show_bug.cgi?id=1782578
  - *RESOLUTION* we've disabled this system entirely in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42057
## Export
- [ ] Export Report and save to `tor-browser-spec/audits`