Firefox computes an internal network ID used to detect network changes
and act consequently (e.g., to improve WebSocket UX).
However, there are a few ways to get this internal network ID, so we
patch them out, to be sure any new code will not be able to use them and
possibly link users.

We also sent a patch to Mozilla to seed the internal network ID, to
prevent any accidental leak in the future.
Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1817756

This helps to prevent linkability of users in the same network.

Differential Revision: https://phabricator.services.mozilla.com/D170373

We have enabled HTTPS-Only mode, therefore we do not need
HTTPS-Everywhere anymore.
However, we want to keep supporting .tor.onion aliases (especially for
securedrop).
Therefore, in this patch we implemented the parsing of HTTPS-Everywhere
rulesets, and the redirect of .tor.onion domains.
Actually, Tor Browser believes they are actual domains. We change them
on the fly on the SOCKS proxy requests to resolve the domain, and on
the code that verifies HTTPS certificates.

Kathleen Brade authored 5 years ago and Pier Angelo Vendrame committed 2 years ago

When Tor informs the browser that client authentication is needed,
temporarily load about:blank instead of about:neterror and prompt
for the user's key.

If a correctly formatted key is entered, use Tor's ONION_CLIENT_AUTH_ADD
control port command to add the key (via Torbutton's control port
module) and reload the page.

If the user cancels the prompt, display the standard about:neterror
"Unable to connect" page. This requires a small change to
browser/actors/NetErrorChild.jsm to account for the fact that the
docShell no longer has the failedChannel information. The failedChannel
is used to extract TLS-related error info, which is not applicable
in the case of a canceled .onion authentication prompt.

Add a leaveOpen option to PopupNotifications.show so we can display
error messages within the popup notification doorhanger without
closing the prompt.

Add support for onion services strings to the TorStrings module.

Add support for Tor extended SOCKS errors (Tor proposal 304) to the
socket transport and SOCKS layers. Improved display of all of these
errors will be implemented as part of bug 30025.

Also fixes bug 19757:
 Add a "Remember this key" checkbox to the client auth prompt.

 Add an "Onion Services Authentication" section within the
 about:preferences "Privacy & Security section" to allow
 viewing and removal of v3 onion client auth keys that have
 been stored on disk.

Also fixes bug 19251: use enhanced error pages for onion service errors.

Alex Catarineu authored 5 years ago and Pier Angelo Vendrame committed 2 years ago

More concretely, SearchService.jsm 'hijack-blocklists' and
url-classifier-skip-urls.

Avoid creating instance for 'anti-tracking-url-decoration'.

If prefs are disabling their usage, avoid creating instances for
'cert-revocations' and 'intermediates'.

Do not ship JSON dumps for collections we do not expect to need. For
the ones in the 'main' bucket, this prevents them from being synced
unnecessarily (the code in remote-settings does so for collections
in the main bucket for which a dump or local data exists). For the
collections in the other buckets, we just save some size by not
shipping their dumps.

We also clear the collections database on the v2 -> v3 migration.

Mike Perry authored 10 years ago and Pier Angelo Vendrame committed 2 years ago

The Mozilla bugs: https://bugzilla.mozilla.org/show_bug.cgi?id=1046421,
https://bugzilla.mozilla.org/show_bug.cgi?id=1261591, #27602

Bug 1768907 - Part 1: Make browser.privatebrowsing.autostart a static pref. r=handyman,necko-reviewers

Differential Revision: https://phabricator.services.mozilla.com/D157843

Differential Revision: https://phabricator.services.mozilla.com/D168444

Differential Revision: https://phabricator.services.mozilla.com/D168657

Differential Revision: https://phabricator.services.mozilla.com/D168241

Previously we'd always read the full stream, but if an aCount lower than
the actual size of the stream is provided, we should only encode that
many bytes.

This patch also improves handling of streams shorter than aCount bytes,
ensuring that the generated string is of the correct length.

Differential Revision: https://phabricator.services.mozilla.com/D166941

Differential Revision: https://phabricator.services.mozilla.com/D165564

Bug 1795697: Update Tsan suppressions for libusrsctp, and add a stack unwind to help avoid reentrancy problems. r=decoder,ng a=RyanVM

Differential Revision: https://phabricator.services.mozilla.com/D159617

Differential Revision: https://phabricator.services.mozilla.com/D159616

Differential Revision: https://phabricator.services.mozilla.com/D164447

Differential Revision: https://phabricator.services.mozilla.com/D163573

Bug 1780094 - Add diagnostic asserts that ProxyAutoConfig::SetRunning is called at the correct times. r=kershaw, a=RyanVM

Differential Revision: https://phabricator.services.mozilla.com/D157199

No Bug, mozilla-esr102 repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update, r=dmeehan

Differential Revision: https://phabricator.services.mozilla.com/D162989

Differential Revision: https://phabricator.services.mozilla.com/D162435

Differential Revision: https://phabricator.services.mozilla.com/D160638

Differential Revision: https://phabricator.services.mozilla.com/D162279

No Bug, mozilla-esr102 repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update, r=dmeehan

Differential Revision: https://phabricator.services.mozilla.com/D161463

Bug 1791314, some underlying streams prefer being closed on the target thread, r=valentin,necko-reviewers, a=dmeehan

Differential Revision: https://phabricator.services.mozilla.com/D160054

Differential Revision: https://phabricator.services.mozilla.com/D159478

No Bug, mozilla-esr102 repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update, r=dmeehan

Differential Revision: https://phabricator.services.mozilla.com/D161119

Differential Revision: https://phabricator.services.mozilla.com/D161059

No Bug, mozilla-esr102 repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update, r=dmeehan

Differential Revision: https://phabricator.services.mozilla.com/D160783

No Bug, mozilla-esr102 repo-update HSTS HPKP remote-settings tld-suffixes - a=repo-update, r=dmeehan

Differential Revision: https://phabricator.services.mozilla.com/D160039

Bug 1794061 - WebSocketChannel::CleanupConnection should run on IO thread, r=necko-reviewers,valentin, a=dmeehan

Differential Revision: https://phabricator.services.mozilla.com/D158831

Differential Revision: https://phabricator.services.mozilla.com/D158654

Bug 1658869 - Propagate the InterceptedHttpChannel information to fetch's channel casued by FetchEvent.request. r=dom-worker-reviewers,dragana,jesup, a=dmeehan


When a network load needs to be intercepted by ServiceWorker, we extract the Request from the InterceptedHttpChannel, and propagate the Request through FetchEvent.request.

However, some needed information is not extracted or is modified during the Request propagation, so getting the wrong result when using the Request to fetch resources in the ServiceWorker script.

Differential Revision: https://phabricator.services.mozilla.com/D145969

Differential Revision: https://phabricator.services.mozilla.com/D159504

Differential Revision: https://phabricator.services.mozilla.com/D158755

Differential Revision: https://phabricator.services.mozilla.com/D158320