Tor Browser issueshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues2023-05-02T19:23:07Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41750revisit browser.download.forbid_open_with2023-05-02T19:23:07ZThorinrevisit browser.download.forbid_open_withhmmm ..
- https://old.reddit.com/r/TOR/comments/134e16g/what_settings_can_be_changed_on_tor_browser_and/jiesqjc/
- > I cannot understand why Tor Browser developers leave this option false!
- 6 year old previously closed ticket with @g...hmmm ..
- https://old.reddit.com/r/TOR/comments/134e16g/what_settings_can_be_changed_on_tor_browser_and/jiesqjc/
- > I cannot understand why Tor Browser developers leave this option false!
- 6 year old previously closed ticket with @gk's one liner at #19667
- > I think this is fine as-is
from an old arkenfox (the current one has this under optional opsec and is a one liner with no info)
```js
/* disable "open with" in download dialog [FF50+]
* This is very useful to enable when the browser is sandboxed (e.g. via AppArmor)
* in such a way that it is forbidden to run external applications.
* [SETUP-CHROME] This may interfere with some users' workflow or methods
* [1] https://bugzilla.mozilla.org/1281959 ***/
user_pref("browser.download.forbid_open_with", true);
```
why is this `fine`? @gk
![thisisfine](/uploads/23937b6cd9e1cd1413118bc290b500ef/thisisfine.jpg)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41696privacy browser: window toasts2023-07-03T11:59:17ZThorinprivacy browser: window toastsFF111+ enabled toasts via the OS. This is not an issue for Tor Browser, because IIRC it requires service workers and also TB is in PB mode and notifications are disabled.
Move issue to Privacy Browser repo is you want - IDK what's going...FF111+ enabled toasts via the OS. This is not an issue for Tor Browser, because IIRC it requires service workers and also TB is in PB mode and notifications are disabled.
Move issue to Privacy Browser repo is you want - IDK what's going on over there ( i am a :turtle: with my PGP key, sorry). IIUIC, forcing app notifications, which are secure context, would prevent the OS directly touching the data? @pierov .. all yours
```js
pref("alerts.useSystemBackend.windows.notificationserver.enabled", false);
```https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41679Backport Android-specific security fixes from Firefox 111 to ESR 102.9-based ...2023-04-10T16:09:57ZrichardBackport Android-specific security fixes from Firefox 111 to ESR 102.9-based Tor Browser<details>
<summary>Explanation of Variables</summary>
- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc
- example : `102.8.0`
- `$(RR_VERSION)` : the Mozilla defin...<details>
<summary>Explanation of Variables</summary>
- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc
- example : `102.8.0`
- `$(RR_VERSION)` : the Mozilla defined Rapid-Release version; Tor Browser for Android is based off of the `$(ESR_VERSION)`, but Mozilla's Firefox for Android is based off of the `$(RR_VERSION)` so we need to keep track of security vulnerabilities to backport from the monthly Rapid-Release train and our frozen ESR train.
- example: `110`
- `$(TOR_BROWSER_MAJOR)` : the Tor Browser major version
- example : `12`
- `$(TOR_BROWSER_MINOR)` : the Tor Browser minor version
- example : either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
- `$(BUILD_N)` : a project's build revision within a its branch; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build.
- example : `build1`
</details>
**NOTE:** It is assumed the `tor-browser` rebase has already happened and there exists a `build1` build tag for both `base-browser` and `tor-browser`
### **Bookkeeping**
- [ ] Link this issue to the appropriate [Release Prep](https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/?sort=updated_desc&state=opened&label_name%5B%5D=Release%20Prep) issues (stable and alpha).
### **Security Vulnerabilities Report** : https://www.mozilla.org/en-US/security/advisories/
- Potentially Affected Components:
- `firefox`/`geckoview` : https://github.com/mozilla/gecko-dev
- `application-services` : https://github.com/mozilla/application-services
- `android-components` : https://github.com/mozilla-mobile/firefox-android
- `fenix` : https://github.com/mozilla-mobile/firefox-android
**NOTE:** `android-components` and `fenix` used to have their own repos, but since November 2022 they have converged to a single `firefox-android` repo. Any backports will require manually porting patches over to our legacy repos.
- [x] Go through any `Security Vulnerabilities fixed in Firefox $(RR_VERSION)` (or similar) and create a candidate list of CVEs which potentially need to be backported in this issue:
- CVEs which are explicitly labeled as 'Android' only
- CVEs which are fixed in Rapid Release but not in ESR
- 'Memory safety bugs' fixed in Rapid Release but not in ESR
- [x] Foreach issue:
- Create link to the CVE on [mozilla.org](https://www.mozilla.org/en-US/security/advisories/)
- example: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25740
- Create link to the associated Bugzilla issues (found in the CVE description)
- Create a link to the relevant `gecko-dev`/other commit hashes which need to be backported OR a brief justification for why the fix does not need to be backported
- To find the `gecko-dev` version of a `mozilla-central`, search for a unique string in the relevant `mozilla-central` commit message in the `gecko-dev/release` branch log.
- **NOTE:** This process is unfortunately somewhat poorly defined/ad-hoc given the general variation in how Bugzilla issues are labeled and resolved. In general this is going to involve a bit of hunting to identify needed commits or determining whether or not the fix is relevant.
### **tor-browser** : https://gitlab.torproject.org/tpo/applications/tor-browser.git
- [x] Backport any Android-specific security fixes from Firefox rapid-release
- [x] Sign/Tag commit:
- Tag : `tor-browser-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
- Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)`
- [x] Push tag to `origin`
**OR**
- [ ] No backports
### **application-services** : *TODO: we will need to setup a gitlab copy of this repo that we can apply security backports to if there are ever any security issues here*
- [ ] Backport any Android-specific security fixes from Firefox rapid-release
- [ ] Sign/Tag commit:
- Tag : `application-services-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
- Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha`
- [ ] Push tag to `origin`
**OR**
- [x] No backports
### **android-components** : https://gitlab.torproject.org/tpo/applications/android-components.git
- [x] Backport any Android-specific security fixes from Firefox rapid-release
- **NOTE**: Since November 2022, this repo has been merged with `fenix` into a singular `firefox-android` repo: https://github.com/mozilla-mobile/firefox-android. Any backport will require a patch rewrite to apply to our legacy `android-components` project.
- [ ] Sign/Tag commit:
- Tag : `android-components-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
- Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)`
- [ ] Push tag to `origin`
**OR**
- [ ] No backports
### **fenix** : https://gitlab.torproject.org/tpo/applications/fenix.git
- [ ] Backport any Android-specific security fixes from Firefox rapid-release
- **NOTE**: Since February 2023, this repo has been merged with `android-components` into a singular `firefox-android` repo: https://github.com/mozilla-mobile/firefox-android. Any backport will require a patch rewrite to apply to our legacy `fenix` project.
- [ ] Sign/Tag commit:
- Tag : `tor-browser-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
- Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)`
- [ ] Push tag to `origin`
**OR**
- [x] No backports
### CVEs
- [ ] https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28159
- https://bugzilla.mozilla.org/show_bug.cgi?id=1783561
- **patches**:
- android-components: https://github.com/mozilla-mobile/firefox-android/pull/565/commits
- fenix: https://github.com/mozilla-mobile/fenix/pull/28572/commits
- [ ] https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25748
- https://bugzilla.mozilla.org/show_bug.cgi?id=1798798
- **patch**: https://github.com/mozilla-mobile/firefox-android/commit/1dc21a3786506200be124733e654dff8f39b5395
- [x] https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25749
- https://bugzilla.mozilla.org/show_bug.cgi?id=1810705
- **patch**: https://github.com/mozilla-mobile/firefox-android/commit/4ff195aa268af1dabbcac050bb6e3e6e9abecff7
- **note**: our existing fix for fenix#34378 actually fixes this already so let's not backport this one :D
- [x] https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25750
- https://bugzilla.mozilla.org/show_bug.cgi?id=1814733
- esr102 unaffected AND this is a service workers issue (service workers are not enabled in Tor Browser)
- [x] https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28160
- https://bugzilla.mozilla.org/show_bug.cgi?id=1802385
- **patch**: https://hg.mozilla.org/mozilla-central/rev/554a5aa89673
- **note:** This is a potential fingerprinting vector fix, but only accessible from webextensions which Android in general doesn't support very many of so if this is a pain to backport that's fine
- [x] https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28161
- https://bugzilla.mozilla.org/show_bug.cgi?id=1811181
- This patch would apparently require a lot of re-work for esr102 (and is not applicable to Android) so lets skip it
- [x] https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28177
- [x] https://bugzilla.mozilla.org/show_bug.cgi?id=1817336
- esr102 unaffected, affects linux desktop
- [x] https://bugzilla.mozilla.org/show_bug.cgi?id=1803109
- only happens when profiling which is one reason they didn't backport
- **patch**: https://hg.mozilla.org/mozilla-central/rev/adcb31b93a01
- [x] https://bugzilla.mozilla.org/show_bug.cgi?id=1809542
- esr102 unaffected, affects Windows
- [x] https://bugzilla.mozilla.org/show_bug.cgi?id=1808832
- esr102 unaffected,
<!-- Create CVE resolution here -->ma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41595Disable pagethumbnails capturing2023-02-15T18:50:34ZThorinDisable pagethumbnails capturingTB doesn't set this. AFAICT (@fabrizio did some digging) this is only ever exposed in privileged/principal contexts, basically only ever in chrome (and ? activity stream). And AFAICT it is cleared when history is cleared, and also not co...TB doesn't set this. AFAICT (@fabrizio did some digging) this is only ever exposed in privileged/principal contexts, basically only ever in chrome (and ? activity stream). And AFAICT it is cleared when history is cleared, and also not collected/used in PB mode (but I am not sure). I also know of bugzillas where thumbnails can capture PII (login screens, webcam in use, user handles/names/avatars - true story, I once found a real ID of someone trying to hide, from their unusual avatar using reverse image search)
So kicking this into here for someone else to check, like @pierov :imp: :cheese:
also may be relevant for privacy browser
```js
user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]
```
---
Here are some comments from fabrizio
> when it collects thumbs
https://searchfox.org/mozilla-central/source/browser/base/content/browser-thumbnails.js#68-84
the logic must be a bit more complex than this, I've seen bugzilla tickets about when and when not to capture (eg. documents, redirects, pages that have thumbnails already..)
> where it stores them
https://searchfox.org/mozilla-central/source/toolkit/components/thumbnails/PageThumbs.jsm#20-23
> how are they sanitized
each hour if there are more than 50 thumbnails remove the exceeding ones, otherwise set a certain age:
https://searchfox.org/mozilla-central/source/toolkit/components/thumbnails/PageThumbs.jsm#12-18
also sanitized with history or when the page is removed (forget about this site I think):
https://searchfox.org/mozilla-central/source/toolkit/components/thumbnails/PageThumbs.jsm#124
---
some more references for a deeper dive:
- not captured in PB mode --> https://searchfox.org/mozilla-central/source/toolkit/components/thumbnails/PageThumbs.jsm#265
- 11 yo bugzilla that decoupled thumbnails from disk cache --> https://bugzilla.mozilla.org/show_bug.cgi?id=744388
- the thumbnails component is assigned to NTP bug wise, so it should be AS mostly --> https://searchfox.org/mozilla-central/source/toolkit/components/thumbnails/moz.build
- the thumbnail service spec, not very detailed tbh --> https://wiki.mozilla.org/Firefox/Features/Generic_Thumbnail_Service
a quick look at the uses:
- https://searchfox.org/mozilla-central/search?q=symbol:%23BackgroundPageThumbs&redirect=false
- https://searchfox.org/mozilla-central/search?q=symbol:%23PageThumbs&redirect=false
as you can see new tab page, places, ctrl-tab. also [this comment](https://bugzilla.mozilla.org/show_bug.cgi?id=497543#c87) and there are more bugzilla on the security aspect.Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41594The browser creates a %userProfile%\LocalLow\$vendor directory and temporary ...2023-01-30T16:57:25ZPier Angelo VendrameThe browser creates a %userProfile%\LocalLow\$vendor directory and temporary subdirectoriesTor Browser, Base Browser and Privacy Browser create temporary directories in `%userProfile%\LocalLow\$vendor`.
The subdirectories are `Temp-{uuid}`, and the UUID seems to be always the same! So I guess it's related to the profile someho...Tor Browser, Base Browser and Privacy Browser create temporary directories in `%userProfile%\LocalLow\$vendor`.
The subdirectories are `Temp-{uuid}`, and the UUID seems to be always the same! So I guess it's related to the profile somehow, and different "installations" of Tor Browser produce different UUIDs.
When the browser is closed, the directory is deleted.
I don't know what it is used for.
Probably we've never noticed on Tor Browser because the vendor is Mozilla, so they should not be very distinguishable from Firefox's (if users have Firefox in their systems).
For Sponsor 131, the temporary subdirectories are deleted, but the main directory remains, even in portable mode!
Also affect Linux, but in this case `/tmp/Temp-$someUUID` is used, instead.
And also for Linux, the UUID is persistent.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41589Do not call _collectStartupConditionsTelemetry and _firstWindowTelemetry2023-01-30T08:35:43ZPier Angelo VendrameDo not call _collectStartupConditionsTelemetry and _firstWindowTelemetry`_collectStartupConditionsTelemetry` disk leaks some timing data about the browser startup, and it does so only for telemetry purposes.
And it's quite annoying because it also adds an error in the JS console.
We could just remove the c...`_collectStartupConditionsTelemetry` disk leaks some timing data about the browser startup, and it does so only for telemetry purposes.
And it's quite annoying because it also adds an error in the JS console.
We could just remove the call to it and, since we're at it, also to `_firstWindowTelemetry`, which is another telemetry function that we don't care anything about and is called just before the other one.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41565Gate Telemetry Tasks behind AppConstants.MOZ_TELEMETRY_REPORTING2023-05-03T18:06:48ZrichardGate Telemetry Tasks behind AppConstants.MOZ_TELEMETRY_REPORTINGOriginally from @cypherpunks1's MR here: https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests/436/diffs?commit_id=da5344a0586898fc95a679332168443d97966d64
We should gate these behind the telemetry pref and uplift ...Originally from @cypherpunks1's MR here: https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests/436/diffs?commit_id=da5344a0586898fc95a679332168443d97966d64
We should gate these behind the telemetry pref and uplift to Mozilla.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41538console still has remnants of previous user commands2022-12-23T23:10:49ZThorinconsole still has remnants of previous user commandsI do not know when/if this was a thing that was patched, but it seems so, since the behavior is different to FF
On stable 12 I have nothing. But as an example on my stable, I restart, open the console (ctrl-k) and arrow up and there is ...I do not know when/if this was a thing that was patched, but it seems so, since the behavior is different to FF
On stable 12 I have nothing. But as an example on my stable, I restart, open the console (ctrl-k) and arrow up and there is nothing. Now I type `navigator.appCodeName` and hit enter. Close the browser, restart, open console and arrow up and nothing is retained
On my alpha however, I do have entries. If I add a new one and restart, the new one is not remembered, but the original remnants are there. Where are they? Can we add some code to clear it out properly? But only if this was a thing TB patched.
PS: I don't do much testing in TB stable TBHhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41403Some visited addresses are stored inside notificationstore.json in the profil...2023-01-05T18:05:48Zcypherpunks1Some visited addresses are stored inside notificationstore.json in the profile folderMight be related: https://bugzilla.mozilla.org/show_bug.cgi?id=1095073
The file persists after closing the browser.
Visiting the following address can create one if it doesn't exist:
https://privacycheck.sec.lrz.de/active/fp_fd/fp_fea...Might be related: https://bugzilla.mozilla.org/show_bug.cgi?id=1095073
The file persists after closing the browser.
Visiting the following address can create one if it doesn't exist:
https://privacycheck.sec.lrz.de/active/fp_fd/fp_feature_detection.html
The file will get bigger after each visit. That doesn't seem secure.Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41131Review Mozilla 1738983: Enable Background Update by default on Release starti...2022-12-09T14:40:46ZrichardReview Mozilla 1738983: Enable Background Update by default on Release starting in FX96## https://bugzilla.mozilla.org/show_bug.cgi?id=1738983
Updater changes, odds are you're already aware and handled in the rebase already## https://bugzilla.mozilla.org/show_bug.cgi?id=1738983
Updater changes, odds are you're already aware and handled in the rebase alreadyhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41009ESR102: ensure download improvements don't exacerbate disk leaks2023-12-04T14:10:36ZThorinESR102: ensure download improvements don't exacerbate disk leaks@richard FYI and also labels please: `FF102-esr`, `Disk Leak` , @pierov FYI
ESR102 introduces changes to download behavior and use of `/tmp/`
- e.g. see this very noisy [1738574](https://bugzilla.mozilla.org/show_bug.cgi?id=1738574) and...@richard FYI and also labels please: `FF102-esr`, `Disk Leak` , @pierov FYI
ESR102 introduces changes to download behavior and use of `/tmp/`
- e.g. see this very noisy [1738574](https://bugzilla.mozilla.org/show_bug.cgi?id=1738574) and just skip to comments by Gijs
- btw, that bugzilla introduces a new pref to revert the behavior
Note: https://bugzilla.mozilla.org/show_bug.cgi?id=1738574#c40 from Gijs
> If you pick "open with Firefox" as the default action for PDFs, we'll open them directly from the internet in almost all cases (there are some edgecases to be worked out, cf. ~~bug 1742648~~), without storing anything on disk in the first place.
>
> So to be clear, we tried not to change the default action for PDFs. We changed it for most other mimetypes, but not PDFs (nor any other filetypes set to "open in Firefox" by default)
We should make sure that any download improvements since the last ESR, don't create disk leaks. IDK if PB mode does anything special here. I haven't worked through all the variables, and it gets a little convoluted - hence opening this ticket to make sure we address itSponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40869Investigate timestamp leaks in TBB2023-01-05T16:17:21ZPier Angelo VendrameInvestigate timestamp leaks in TBBOn 2022-03-29's weekly meeting, we discussed applying the timestamp of the update to all TBB files, to avoid leaking when a user started Tor Browser and applied updates and/or when the user started using TBB.
We should also check which ...On 2022-03-29's weekly meeting, we discussed applying the timestamp of the update to all TBB files, to avoid leaking when a user started Tor Browser and applied updates and/or when the user started using TBB.
We should also check which preferences Firefox saves, as they could leak data about the user's Tor Browser usage as well.
So far, boklm found that `browser.laterrun.bookkeeping.profileCreationTime` is exposing it.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40868Remove the applied update list2022-10-26T13:13:48ZPier Angelo VendrameRemove the applied update listCurrently, Tor Browser lists the updates that a user applied.
We should get rid of that, because it can leak data about users' behavior.
![updates](/uploads/ac3c17d895f1ed13e13e147daf85d711/updates.png)Currently, Tor Browser lists the updates that a user applied.
We should get rid of that, because it can leak data about users' behavior.
![updates](/uploads/ac3c17d895f1ed13e13e147daf85d711/updates.png)Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40766disk avoidance: SSSS.txt is not sanitized on session close, records "some" si...2023-04-25T16:58:35ZThorindisk avoidance: SSSS.txt is not sanitized on session close, records "some" site URLS and timestamps### STR
- with TB closed (I used stable alpha), open `SiteSecurityServiceState.txt` (SSSS) in your profile, blank it, save it
- start TB
- go to https://firstlook.org/theintercept/
- I did this twice, the second time was with prioriti...### STR
- with TB closed (I used stable alpha), open `SiteSecurityServiceState.txt` (SSSS) in your profile, blank it, save it
- start TB
- go to https://firstlook.org/theintercept/
- I did this twice, the second time was with prioritized onions but IDThink it matters since the https site has to load first anyway
- close TB (this forces writes to SSSS and will save you lots of time)
- open SSSS
- it contains timestamps and HSTS site info
here's mine
```
versioncheck-bg.addons.mozilla.org:HSTS 0 18988 1640586546830,1,0,2
o.prod.theintercept.com:HSTS 0 18988 1640673010997,1,1,2
aus1.torproject.org:HSTS 0 18988 1656354740558,1,0,2
theintercept.com:HSTS 0 18988 1656354609146,1,1,2
```
I don't think privileged/system ones from extensions/apps matter, but websites being listed is an issue IMO. I loaded about a dozen websites (including intercept and torproject prioritizing onions), and this was the only one that landed [1]
In my test suite, all the Firefox SSSS's are blanked because all my FF profiles are set to sanitize on close and the one HSTS is linked to is "site settings" - however, that is not available in options when in TB which uses PB Mode (and I doubt the prefs would work anyway)
[1] which is weird because I included TZP in that and TZP was listed in some of my TB test suite profiles so IDK who/how/what gets written there - it seems to only ever be eTLD/+1's, never third parties
[2] see image my test suite - the TB ones are now blank, because I did that before testing, so I can't look anything up retro-actively (and I only ever use these to load TZP), but given I can STR I don't care :smile: But I do have 34 up-to-date alphas for the other 34 languages should anyone want me to look
<details><summary> [2] click me for long image</summary><p>
sorry, I am too lazy to edit it, scroll to the end to see the TB entries, clearly been happening since at least ESR60-based
![hmmm](/uploads/e5597eba659506e5468548ff001192ab/hmmm.png)
</p></details>Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40574Tor Browser leak the "Tor Browser" text to ~/.config/pulse/*-stream-volumes.t...2022-07-09T20:25:51ZcypherpunksTor Browser leak the "Tor Browser" text to ~/.config/pulse/*-stream-volumes.tdb in PulseAudio.Tor Browser leak the "Tor Browser" text to ~/.config/pulse/*-stream-volumes.tdb in PulseAudio.Tor Browser leak the "Tor Browser" text to ~/.config/pulse/*-stream-volumes.tdb in PulseAudio.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40999Update "cleared data" on New Identity2023-09-20T17:46:06ZMatthew FinkelUpdate "cleared data" on New IdentityFirefox has some more flags we should set.Firefox has some more flags we should set.Sponsor 131 - Phase 3 - Major ESR 102 MigrationPier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40248tor browser creates data outside bundle directory on windows2022-12-08T15:15:31Zconcarnetor browser creates data outside bundle directory on windowsWhile using tor-browser on windows (bundle installed on usb flash) it creates a folder labeled "tor" in C:\Users\<username>\AppData\Roaming
it does that on any machine that the USB is plugged into and tor-browser is executed including t...While using tor-browser on windows (bundle installed on usb flash) it creates a folder labeled "tor" in C:\Users\<username>\AppData\Roaming
it does that on any machine that the USB is plugged into and tor-browser is executed including the the machine that was originally used to download and install the tor browser. The tor browser itself works fine on all machines it is used on.
List of files in the "tor" directory can be seen in the screenshot![tbb](/uploads/d5c494e9c5b46ec5e2d654bba2e8580f/tbb.JPG) attachedhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40207Tor Browser is writing to Windows registry on every start2022-11-30T15:19:24ZGeorg KoppenTor Browser is writing to Windows registry on every startI got a report from a cypherpunk:
```
https://gitlab.torproject.org/tpo/applications/tor-browser/-/wikis/Platform-Installation
Firefox is still writing to Windows Registry on every start:
Computer\HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firef...I got a report from a cypherpunk:
```
https://gitlab.torproject.org/tpo/applications/tor-browser/-/wikis/Platform-Installation
Firefox is still writing to Windows Registry on every start:
Computer\HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Launcher
There it stores all the paths TBB was started from.
That also allows an attacker to permanently disable Launcher Process
security feature, and even any hiccup can do/leads to it:
about:support
Launcher Process Disabled due to failure
```Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40163New certificate storage does not obey `security.nocertdb`2020-10-14T08:04:12ZGeorg KoppenNew certificate storage does not obey `security.nocertdb`As mentioned in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33534#note_2683533 there is a new certificate storage mechanism
where data is stored under `profiledir/security_state/` which is not
disabled by Tor Brow...As mentioned in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33534#note_2683533 there is a new certificate storage mechanism
where data is stored under `profiledir/security_state/` which is not
disabled by Tor Browser setting `security.nocertdb` = `true`.
Thanks to a cypherpunk for the reminder to file the ticket.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41215Downloads are not cleared after browser restart2022-09-01T22:37:54ZAlex CatarineuDownloads are not cleared after browser restart