# General

The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).

The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.

`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.

## Firefox: https://github.com/mozilla/gecko-dev.git

- Start: tor-browser@7e38fabb90748649da04ed45a2f80d68423362d9 ( `FIREFOX_122_0_RELEASE` )
- End: tor-browser@f8704c84a751716bad093b9bdc482db53fe5b3ea ( `FIREFOX_123_0_RELEASE` )

### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust

Nothing of interest (using `code_audit.sh`)

#### 14797b7fa8c5df0332ba5d422803dbcdf548c056
#### eb73825495faf333a4fe812316ac38e138f5bf8d
#### 818788a96a700c6d44a17ab1e932de96cc45eac6
#### c0aa048b3918e367e9fd84442695f1fbb2087f30
- https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43161
- Mozilla 1852900: Pass HTTPS requests to native resolver thread
- Mozilla 1852902: Allow nsINativeDNSResolverOverride to override native HTTPS records
- https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43161
- Review Result: SAFE
