GitLab

/

Help
Sign in

T tor-browser-spec
Project information
- Project information
- Activity
- Labels
- Members
Repository
- Repository
- Files
- Commits
- Branches
- Tags
- Contributor statistics
- Graph
- Compare revisions
Issues 13
- Issues 13
- List
- Boards
- Service Desk
- Milestones
Merge requests 1
- Merge requests 1
Deployments
- Deployments
- Releases
Monitor
- Monitor
- Incidents
Analytics
- Analytics
- Value stream
- Repository
Wiki
- Wiki
Activity
Graph
Create a new issue
Commits
Issue Boards

Collapse sidebar

The Tor Project
Applications
tor-browser-spec
Issues
#40023

Closed

Open

Issue created Mar 02, 2022 by aguestuser @aguestuser

FF94 Audit

General

The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).

The output includes the entire patch where the new problematic code was introduced. Search for XXX MATCH XXX to find the next potential violation.

code_audit.sh contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.

Firefox

Repo: https://github.com/mozilla/gecko-dev.git

Start: 5f4358c1c5bc2ca87d60eadebeab439562c90495 ( FIREFOX_RELEASE_94_BASE )
End: 6c9b6e1483551f220cd409e4e584349bc74a8231 ( FIREFOX_RELEASE_95_BASE )

Languages:

java
cpp
js
rust

Nothing of interest (using code_audit.sh)

(mostly) only tests triggered matches or false positives

Application Services

Repo: https://github.com/mozilla/application-services.git

Start: b1f371719ca20db642b64a0e860b4ecb0aaf316f ( v86.1.0 )
End: df1a47fde89f49201b1e839f960e8f16eb95a55d ( v87.1.0 )

Languages:

java
cpp
js
rust

Android Components

Repo: https://github.com/mozilla-mobile/android-components.git

Start: fce7eb5cff2d56acd3195bf1d9a89386c63dc3d5 ( v94.0.0 )
End: 28c1b7db40105dcaea09caa0b5108554a83959cd ( v94.0.15 )

Languages:

java
cpp
js
rust

Nothing of interest (using code_audit.sh)

Fenix

Repo: https://github.com/mozilla-mobile/fenix.git

Start: 54d80751bfc9a4aa4341e78221060940a36e3d17 ( v94.0.0-beta.1 )
End: cb5708f88847601426833067f93d16d25d36451f ( v94.1.2 )

Languages:

java
cpp
js
rust

Nothing of interest (using code_audit.sh)

Ticket Review

Review List

94 https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolution=FIXED&target_milestone=94%20Branch&order=priority%2Cbug_severity&limit=0

https://bugzilla.mozilla.org/show_bug.cgi?id=1730418 : @ma1 tor-browser#41123 (closed)
https://bugzilla.mozilla.org/show_bug.cgi?id=1732388: @dan tor-browser#41124 (closed)

Regression/Prior Vuln Review

Review proxy bypass bugs; check for new vectors to look for:

https://gitlab.torproject.org/groups/tpo/applications/-/issues?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=Proxy%20Bypass
- Look for new features like these. Especially external app launch vectors

Edited Aug 23, 2022 by richard

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Assignee

Assign to

Time tracking