FF96 Audit

General

The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).

The output includes the entire patch where the new problematic code was introduced. Search for XXX MATCH XXX to find the next potential violation.

code_audit.sh contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.

Firefox: https://github.com/mozilla/gecko-dev.git

• Start: 6a277ae5bdf6554793cd0da292a9c9ea804b4ed9 ( FIREFOX_RELEASE_96_BASE )
• End: e6b83e1727b7e9a6847e6e15bdb935d9937099e4 ( FIREFOX_RELEASE_97_BASE )

Languages:

• java
• cpp
• js
• rust

e88ab3dace9ad1c671c6c37a5aa1a3652e754544

• Some windows proxy stuff we need to check
• Review Result: (SAFE|BAD)

---

Application Services: https://github.com/mozilla/application-services.git

• Start: 5ceeb43598871a7d8550acc574a6a3fb93803ad7 ( v87.3.0 )
• End: df53ad867be7d79899e05797533cd624f1eeb2a2 ( v90.0.1 )

Languages:

• java
• cpp
• js
• rust

Nothing of interest (using code_audit.sh)

Android Components: https://github.com/mozilla-mobile/android-components.git

• Start: ea5bd2687c9b64245ea8e3cdcb84faa5d87d540a ( v96.0.0 )
• End: 0178a6fde98fa8c76885d67a2362f2ca310b67fd ( v96.0.15 )

Languages:

• java
• cpp
• js
• rust

Nothing of interest (using code_audit.sh)

OR

Fenix: https://github.com/mozilla-mobile/fenix.git

• Start: a7afdb776ca202bf5eafc29d6a84f047c1609e0f ( v96.0.0-beta.1 )
• End: abe11c163d14fab17bdcf8aebbef2de2a3360032 ( releases_v96.0.0 )

Languages:

• java
• cpp
• js
• rust

Nothing of interest (using code_audit.sh)

OR

Ticket Review

Review List

96 https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolution=FIXED&target_milestone=96%20Branch&order=priority%2Cbug_severity&limit=0

• https://bugzilla.mozilla.org/show_bug.cgi?id=1740840 : @ma1 tor-browser#41129 (closed)

foreach PROBLEMATIC_TICKET:

$(PROBLEMATIC_TICKET)

• Summary
• Review Result: (SAFE|BAD)

Regression/Prior Vuln Review

Review proxy bypass bugs; check for new vectors to look for:

• https://gitlab.torproject.org/groups/tpo/applications/-/issues?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=Proxy%20Bypass
  • Look for new features like these. Especially external app launch vectors

Export

• Export Report and save to tor-browser-spec/audits