FF95 Audit

General

The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).

The output includes the entire patch where the new problematic code was introduced. Search for XXX MATCH XXX to find the next potential violation.

code_audit.sh contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.

Firefox: https://github.com/mozilla/gecko-dev.git

• Start: 6c9b6e1483551f220cd409e4e584349bc74a8231 ( FIREFOX_RELEASE_95_BASE )
• End: 6a277ae5bdf6554793cd0da292a9c9ea804b4ed9 ( FIREFOX_RELEASE_96_BASE )

Languages:

• java
• cpp
• js
• rust

Nothing of interest (using code_audit.sh)

---

Application Services: https://github.com/mozilla/application-services.git

• Start: df1a47fde89f49201b1e839f960e8f16eb95a55d ( v87.1.0 )
• End: 5ceeb43598871a7d8550acc574a6a3fb93803ad7 ( v87.3.0 )

Languages:

• java
• cpp
• js
• rust

Nothing of interest (using code_audit.sh)

Android Components: https://github.com/mozilla-mobile/android-components.git

• Start: ef09fecd91dfcbffb85d9f4907b76cc9e5a0b70e ( v95.0.0 )
• End: 93066a8f082fa2db3d38d361d0a538c438d2e1b8 ( v95.0.15 )

Languages:

• java
• cpp
• js
• rust

Nothing of interest (using code_audit.sh)

Fenix: https://github.com/mozilla-mobile/fenix.git

• Start: 9ab24a371b2dd51d18dab2f7f49facc6d2fd56ad ( v95.0.0-beta.1 )
• End: d01642a0b1e3819cd2802b42a8a6aae43eb5ff12 ( releases_v95.0.0 )

Languages:

• java
• cpp
• js
• rust

Nothing of interest (using code_audit.sh)

Ticket Review

Review List

95 https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolution=FIXED&target_milestone=95%20Branch&order=priority%2Cbug_severity&limit=0

• https://bugzilla.mozilla.org/show_bug.cgi?id=1732792 : @dan tor-browser#41125 (closed)
• https://bugzilla.mozilla.org/show_bug.cgi?id=1734262 : @ma1 tor-browser#41126 (closed)
• https://bugzilla.mozilla.org/show_bug.cgi?id=1726524 : @henry tor-browser#41127 (closed)
• https://bugzilla.mozilla.org/show_bug.cgi?id=1734331 : @boklm tor-browser#41128 (moved)

foreach PROBLEMATIC_TICKET:

$(PROBLEMATIC_TICKET)

• Summary
• Review Result: (SAFE|BAD)

Regression/Prior Vuln Review

Review proxy bypass bugs; check for new vectors to look for:

• https://gitlab.torproject.org/groups/tpo/applications/-/issues?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=Proxy%20Bypass
  • Look for new features like these. Especially external app launch vectors

Export

• Export Report and save to tor-browser-spec/audits