FF114 Audit
General
The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
The output includes the entire patch where the new problematic code was introduced. Search for XXX MATCH XXX to find the next potential violation.
code_audit.sh contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
Firefox: https://github.com/mozilla/gecko-dev.git
- Start:
8a724297d78ba792067a7e4d17d170c6b3af796e(FIREFOX_113_0_2_RELEASE) - End:
b1d2c35b2699a6d77f6a41ae2338d9c370c5172e(FIREFOX_114_0_2_RELEASE)
Languages:
-
java -
cpp -
js -
rust
Nothing of interest (using code_audit.sh)
Application Services: https://github.com/mozilla/application-services.git
- Start:
b126218b17a2273edb2f1ed5806f689440740b23(v114.1not really, Mozilla created a new branch and there's no tag associated with v114.1 in ) - End:
78ab4ce85120f45a4b67b055936e401193eabd68(v115.0)
Languages:
-
java -
cpp -
js -
rust
Problematic Commits
- Add Remote Settings client component
d054f01641a3da94dba4076c3ac8236547e2b3f4
Firefox Android: https://github.com/mozilla-mobile/firefox-android.git
- Start:
9d87757910437e94a860e1d6f2577d5648ded966 - End:
fa28e4ddf82bedaa65153cbc6bac3ce7d8729ef5
Languages:
-
java -
cpp -
js -
rust
Nothing of interest (using code_audit.sh)
Ticket Review
Bugzilla Query: https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolution=FIXED&target_milestone=114%20Branch&order=priority%2Cbug_severity&limit=0
Nothing of interest (manual inspection)
Export
-
Export Report and save to tor-browser-spec/audits