FF109 Audit
General
The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
The output includes the entire patch where the new problematic code was introduced. Search for XXX MATCH XXX to find the next potential violation.
code_audit.sh contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
Firefox: https://github.com/mozilla/gecko-dev.git
- Start:
0ae93a27c796bea7836d4b0885c8a1f2c4c18284(FIREFOX_108_0_2_RELEASE) - End:
b89c6dedbd57992efe751d1b585116f2eaa34481(FIREFOX_109_0_1_RELEASE)
Languages:
-
java -
cpp -
js -
rust
Nothing of interest (using code_audit.sh)
Application Services: https://github.com/mozilla/application-services.git
- Start:
d8b5a386936aa156f4c6d93e6645a6d2188aa788(v96.2.1) - End:
102fa0de36a21b1b2f561ba6de557e20d05b7380(v96.3.0)
Languages:
-
java -
cpp -
js -
rust
Nothing of interest (using code_audit.sh)
Firefox Android: https://github.com/mozilla-mobile/firefox-android.git
- Start:
55d34bf82ad051e25f15c0d1ef5fb8b3a32a7522 - End:
a7e03da7c26d76bea2fb9c77efce9d841d81f4e0
Languages:
-
java -
cpp -
js -
rust
Nothing of interest (using code_audit.sh)
Fenix: https://github.com/mozilla-mobile/fenix.git
- Start:
dc08c68a6cd7932dad599d0713bb3bd3b9f72b57(v109.0b1) - End:
a66807eeb0ff39f96a41a60ac950bd9f31ecf5bd(v109.2.0)
Languages:
-
java -
cpp -
js -
rust
Nothing of interest (using code_audit.sh)
Ticket Review
Bugzilla Query: https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolution=FIXED&target_milestone=109%20Branch&order=priority%2Cbug_severity&limit=0
Problematic Tickets
-
Re-enable pingsender2 https://bugzilla.mozilla.org/show_bug.cgi?id=1746983
- tor-browser#41969 (closed)
- RESOLUTION our existing patches are sufficient to keep pingsender away
-
WebRTC bypasses Network settings & proxy.onRequest https://bugzilla.mozilla.org/show_bug.cgi?id=1790270
- tor-browser#41970 (closed)
- RESOLUTION nothing to do here, the upstream bug fix is good for us and fixes some proxy leak
Export
-
Export Report and save to tor-browser-spec/audits