FF 123 Audit
General
The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
The output includes the entire patch where the new problematic code was introduced. Search for XXX MATCH XXX to find the next potential violation.
code_audit.sh contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
Firefox: https://github.com/mozilla/gecko-dev.git
- Start: tor-browser@7e38fabb (
FIREFOX_122_0_RELEASE) - End: tor-browser@f8704c84 (
FIREFOX_123_0_RELEASE)
Languages:
-
java -
cpp -
js -
rust
Nothing of interest (using code_audit.sh)
OR
foreach PROBLEMATIC_HASH:
$(PROBLEMATIC_HASH)
- Summary
- Review Result: (SAFE|BAD)
Application Services: https://github.com/mozilla/application-services.git
- Start:
$(FIRST_GIT_HASH)($(START_TAG)) - End:
$(LAST_GIT_HASH)($(END_TAG))
Languages:
-
java -
cpp -
js -
rust
Nothing of interest (using code_audit.sh)
OR
foreach PROBLEMATIC_HASH:
$(PROBLEMATIC_HASH)
- Summary
- Review Result: (SAFE|BAD)
Export
-
Export Report and save to tor-browser-spec/audits
Edited by morgan