1. 17 Mar, 2021 3 commits
    • Richard Pospesel's avatar
      Bug 23247: Communicating security expectations for .onion · 3b0641f3
      Richard Pospesel authored and Matthew Finkel's avatar Matthew Finkel committed
      Encrypting pages hosted on Onion Services with SSL/TLS is redundant
      (in terms of hiding content) as all traffic within the Tor network is
      already fully encrypted.  Therefore, serving HTTP pages from an Onion
      Service is more or less fine.
      
      Prior to this patch, Tor Browser would mostly treat pages delivered
      via Onion Services as well as pages delivered in the ordinary fashion
      over the internet in the same way.  This created some inconsistencies
      in behaviour and misinformation presented to the user relating to the
      security of pages delivered via Onion Services:
      
       - HTTP Onion Service pages did not have any 'lock' icon indicating
         the site was secure
       - HTTP Onion Service pages would be marked as unencrypted in the Page
         Info screen
       - Mixed-mode content restrictions did not apply to HTTP Onion Service
         pages embedding Non-Onion HTTP content
      
      This patch fixes the above issues, and also adds several new 'Onion'
      icons to the mix to indicate all of the various permutations of Onion
      Services hosted HTTP or HTTPS pages with HTTP or HTTPS content.
      
      Strings for Onion Service Page Info page are pulled from Torbutton's
      localization strings.
      3b0641f3
    • Georg Koppen's avatar
      Bug 18821: Disable libmdns for Android and Desktop · 3523a980
      Georg Koppen authored and Matthew Finkel's avatar Matthew Finkel committed
      There should be no need to remove the OS X support introduced in
      https://bugzilla.mozilla.org/show_bug.cgi?id=1225726 as enabling this
      is governed by a preference (which is actually set to `false`). However,
      we remove it at build time as well (defense in depth).
      
      This is basically a backout of the relevant passages of
      https://hg.mozilla.org/mozilla-central/rev/6bfb430de85d,
      https://hg.mozilla.org/mozilla-central/rev/609b337bf7ab and
      https://hg.mozilla.org/mozilla-central/rev/8e092ec5fbbd.
      
      Fixed bug 21861 (Disable additional mDNS code to avoid proxy bypasses)
      as well.
      3523a980
    • Mike Perry's avatar
      Bug 3547: Block all plugins. · 18cfbdff
      Mike Perry authored and Matthew Finkel's avatar Matthew Finkel committed
      We cannot use the @mozilla.org/extensions/blocklist;1 service, because we
      actually want to stop plugins from ever entering the browser's process space
      and/or executing code (for example, AV plugins that collect statistics/analyse
      urls, magical toolbars that phone home or "help" the user, skype buttons that
      ruin our day, and censorship filters). Hence we rolled our own.
      
      See https://trac.torproject.org/projects/tor/ticket/3547#comment:6 for musings
      on a better way. Until then, it is delta-darwinism for us.
      18cfbdff
  2. 10 Mar, 2021 1 commit
  3. 05 Feb, 2021 1 commit
  4. 09 Mar, 2021 1 commit
  5. 11 Feb, 2021 1 commit
  6. 02 Sep, 2020 1 commit
  7. 04 Aug, 2020 1 commit
  8. 01 Mar, 2021 1 commit
  9. 22 Feb, 2021 1 commit
  10. 11 Feb, 2021 1 commit
  11. 09 Feb, 2021 1 commit
  12. 03 Feb, 2021 1 commit
  13. 02 Jun, 2020 1 commit
  14. 08 Feb, 2021 2 commits
  15. 26 Jan, 2021 1 commit
  16. 02 Dec, 2020 1 commit
  17. 18 Jan, 2021 1 commit
  18. 26 Jan, 2021 1 commit
  19. 04 Aug, 2020 1 commit
  20. 12 Jan, 2021 1 commit
  21. 13 Jan, 2021 3 commits
  22. 12 Jan, 2021 2 commits
  23. 14 Dec, 2020 1 commit
  24. 16 Dec, 2020 1 commit
  25. 21 Dec, 2020 1 commit
  26. 22 Oct, 2020 1 commit
  27. 28 Dec, 2020 1 commit
  28. 15 Dec, 2020 1 commit
  29. 11 Dec, 2020 1 commit
  30. 04 Dec, 2020 1 commit
  31. 12 Nov, 2020 1 commit
  32. 23 Nov, 2020 2 commits
  33. 18 Nov, 2020 1 commit