Unverified Commit 5422d608 authored by Matthew Finkel's avatar Matthew Finkel
Browse files

Bug 40013: Add FF86 audit

parent b72a5306
`git diff 5a2e34d5821fa203454eb9a8b12d7749a7c50d00 cb5d7889e9b8fb61fe5fe6c87f6b58e261be0ddb`
and then go over all the changes containing the
below mentioned potentially dangerous calls and features. Grep the diff for
the following strings and examine surrounding usage.
=============== Native DNS Portion =============
PR_GetHostByName
PR_GetIPNodeByName
PR_GetAddrInfoByName
PR_StringToNetAddr (itself is good as it passes AI_NUMERICHOST to getaddrinfo. No resolution.)
MDNS
TRR (DNS Trusted Recursive Resolver)
Direct Paths to DNS resolution:
nsDNSService::Resolve
nsDNSService::AsyncResolve
nsHostResolver::ResolveHost
# FF86:
# Bug 1652723 :
# - Prefetch https rr in HTMLDNSPrefetch
# - Review Result: Safe
============ Misc Socket Portion ==============
SOCK_
SOCKET_
_SOCKET
# FF86:
# - Bug 1685900
# - Split internal and external contentPolicyType
# - Review Result: Safe
UDPSocket
TCPSocket
PR_NewTCPSocket
AsyncTCPSocket
Misc PR_Socket
# FF86: Nothing of interest
=========== Misc XPCOM Portion ================
Misc XPCOM (including commands for pre-diff review approach)
*SocketProvider
grep -R udp-socket .
grep -R tcp-socket .
grep for tcpsocket
grep -R "NS_" | grep SOCKET | grep "_C"
grep -R "@mozilla.org/network/" . | grep socket | grep -v udp-socket
# FF86:
# Bug 1684982:
# - Add a scope to XRE_mainRun
# - Review Result: Safe
# Bug 1681307
# - clean up view-source utils now that .webShell property on the progress listener no longer exists
# - Review Result: Safe
============ Rust Portion ================
Rust
- XXX: What do we grep for here? Or do we rely on Ritter's compile-time tool?
- Check for new sendmsg and recvmsg usage
# FF86: Nothing of interest (mostly new neqo tests)
============ Android Portion =============
Android Java calls
- URLConnection
- XXX: getInputStream? other methods?
- HttpURLConnection
- UrlConnectionDownloader
- ch.boye.httpclientandroidlib.impl.client.* (look for execute() calls)
- grep -n openConnection\( mobile/android/thirdparty/
- java.net.URL -- has SEVERAL proxy bypass URL fetching methods :/
- java.net
- javax.net
- ch.boye.httpclientandroidlib.conn.* (esp ssl)
- ch.boye.httpclientandroidlib.impl.conn.* (esp ssl)
- Sudden appearance of thirdparty libs:
- OkHttp
- Retrofit
- Glide
- com.amitshekhar.android
- IntentHelper
- openUriExternal (can come from GeckoAppShell too)
- getHandlersForMimeType
- getHandlersForURL
- getHandlersForIntent
- android.content.Intent - too common; instead find launch methods:
- startActivity
- startActivities
- sendBroadcast
- sendOrderedBroadcast
- startService
- bindService
- android.app.PendingIntent
- android.app.DownloadManager
- ActivityHandlerHelper.startIntentAndCatch
# FF86: Nothing new (using `java_audit.sh`)
============ Application Services Portion =============
Start: 4cc798c8cd8a1e38ce88e0bb22a05692be63b164 # v67.2.0
End: 4cc798c8cd8a1e38ce88e0bb22a05692be63b164 # v67.2.0
# FF86: Same tag as FF85
============ Android Components Portion =============
Start: 21ce9abdda0bc4001a72835fbbe7d71026ac0e66 # v70.0.16
End: 4f36d0f93dab50e946a0dede0732c901c9942851 # v72.0.5
# FF86 (using `java_audit.sh`)
# Issue 8598:
# - Adds ActivityDelegate to support the GeckoView delegate
# - Review Result: Conditionally Safe
# - Comment: Uses PendingIntent, safety depends on usage. Current
# usage by new WebAuthn support in Fenix is safe.
============ Fenix Portion =============
Start: 24995d51a12d8e0bb10166f9f286c68d23b84a6a # v85.1.0
End: 159c13ba04cdd8e4cd888b637d65e11e95241696 # v86.0.0-beta.2
# FF86: Nothing new (using `java_audit.sh`)
============ Regression/Prior Vuln Review =========
Review proxy bypass bugs; check for new vectors to look for:
- https://trac.torproject.org/projects/tor/query?keywords=~tbb-proxy
- Look for new features like these. Especially external app launch vectors
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment