FF108 Audit
General
The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
The output includes the entire patch where the new problematic code was introduced. Search for XXX MATCH XXX to find the next potential violation.
code_audit.sh contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
Firefox: https://github.com/mozilla/gecko-dev.git
- Start:
1187da3c99c93ad941eea0809d3b2c8f81ac5ccf(FIREFOX_107_0_1_RELEASE) - End:
0ae93a27c796bea7836d4b0885c8a1f2c4c18284(FIREFOX_108_0_2_RELEASE)
Languages:
-
java -
cpp -
js -
rust
Nothing of interest (using code_audit.sh)
Application Services: https://github.com/mozilla/application-services.git
- Start:
ce8f1767d991da9d6d26331faecd426210071c7e(v96.1.0) - End:
d8b5a386936aa156f4c6d93e6645a6d2188aa788(v96.2.1)
Languages:
-
java -
cpp -
js -
rust
Nothing of interest (using code_audit.sh)
Firefox Android: https://github.com/mozilla-mobile/firefox-android.git
- Start:
0486e931b4427d646af1dcf69a53c90efbe60862 - End:
55d34bf82ad051e25f15c0d1ef5fb8b3a32a7522
Languages:
-
java -
cpp -
js -
rust
Nothing of interest (using code_audit.sh)
Fenix: https://github.com/mozilla-mobile/fenix.git
- Start:
171d8a7aa521676d008bfd98bfae34ce8774e5f5(v108.0b1) - End:
78718ba91dd19f78e94d8f8c462598c29d48069a(v108.2.0)
Languages:
-
java -
cpp -
js -
rust
Nothing of interest (using code_audit.sh)
Ticket Review
Bugzilla Query: https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolution=FIXED&target_milestone=108%20Branch&order=priority%2Cbug_severity&limit=0
Problematic Issues:
-
Remove descriptionheightworkaround. https://bugzilla.mozilla.org/show_bug.cgi?id=1795944
- tor-browser#41959 (closed)
- RESOLUTOIN not a security issue, more of a general ESR migration/functionality issue
-
Proxy environment variables should be upper case / case insensitive https://bugzilla.mozilla.org/show_bug.cgi?id=1797896
- tor-browser#41960 (closed)
- RESOLUTION: determined this logic is gated behind our tor configuration settings, and so aren't relevant or a de-anonimisation vector; nothing to do here
-
Hide cookie banner handling UI by default https://bugzilla.mozilla.org/show_bug.cgi?id=1798868
- tor-browser#41961 (closed)
- RESOLUTION: we will hide the UI to enable/disable the feature, and likely enable the feature for everyone
Export
-
Export Report and save to tor-browser-spec/audits