FF117 Audit

General

The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).

The output includes the entire patch where the new problematic code was introduced. Search for XXX MATCH XXX to find the next potential violation.

code_audit.sh contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.

Firefox: https://github.com/mozilla/gecko-dev.git

Start: ff486626d0de0e7f34d65ef000c657080ddf564d ( FIREFOX_116_0_3_RELEASE )
End: 6f3830e39c76ae6d0ab19b4f9289d434d424cbe3 ( FIREFOX_117_0_RELEASE )

Languages:

java
cpp
js
rust

Nothing of interest (using code_audit.sh)

foreach PROBLEMATIC_HASH:

$(PROBLEMATIC_HASH)

Summary
Review Result: (SAFE|BAD)

Application Services: https://github.com/mozilla/application-services.git

Start: $(FIRST_GIT_HASH) ( $(START_TAG) )
End: $(LAST_GIT_HASH) ( $(END_TAG) )

Languages:

java
cpp
js
rust

Nothing of interest (using code_audit.sh)

foreach PROBLEMATIC_HASH:

$(PROBLEMATIC_HASH)

Summary
Review Result: (SAFE|BAD)

Export

Export Report and save to tor-browser-spec/audits

Edited Aug 20, 2024 by morgan