Tor Browser issueshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues2023-08-26T04:14:20Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41875revisit enforce `ask` for downloads | also patch `ask` for other files2023-08-26T04:14:20ZThorinrevisit enforce `ask` for downloads | also patch `ask` for other filesESR115 built from https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/33fdfcfcf4128fbb99599c464aa05177a85f194d
```
/* 2651: enable user interaction for security by always asking where to download
* [SETUP-CHROME] On And...ESR115 built from https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/33fdfcfcf4128fbb99599c464aa05177a85f194d
```
/* 2651: enable user interaction for security by always asking where to download
* [SETUP-CHROME] On Android this blocks longtapping and saving images
* [SETTING] General>Downloads>Always ask you where to save files ***/
user_pref("browser.download.useDownloadDir", false);
```
this is default false on previous ESRs, so we've regressed something somewhere? @pierov
also, while we're at it
```
/* 2654: enable user interaction for security by always asking how to handle new mimetypes [FF101+]
* [SETTING] General>Files and Applications>What should Firefox do with other files ***/
user_pref("browser.download.always_ask_before_handling_new_types", true);
```
this is default false in earlier releases and I think I opened an issue about this, might as well cover it herehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41595Disable pagethumbnails capturing2023-02-15T18:50:34ZThorinDisable pagethumbnails capturingTB doesn't set this. AFAICT (@fabrizio did some digging) this is only ever exposed in privileged/principal contexts, basically only ever in chrome (and ? activity stream). And AFAICT it is cleared when history is cleared, and also not co...TB doesn't set this. AFAICT (@fabrizio did some digging) this is only ever exposed in privileged/principal contexts, basically only ever in chrome (and ? activity stream). And AFAICT it is cleared when history is cleared, and also not collected/used in PB mode (but I am not sure). I also know of bugzillas where thumbnails can capture PII (login screens, webcam in use, user handles/names/avatars - true story, I once found a real ID of someone trying to hide, from their unusual avatar using reverse image search)
So kicking this into here for someone else to check, like @pierov :imp: :cheese:
also may be relevant for privacy browser
```js
user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]
```
---
Here are some comments from fabrizio
> when it collects thumbs
https://searchfox.org/mozilla-central/source/browser/base/content/browser-thumbnails.js#68-84
the logic must be a bit more complex than this, I've seen bugzilla tickets about when and when not to capture (eg. documents, redirects, pages that have thumbnails already..)
> where it stores them
https://searchfox.org/mozilla-central/source/toolkit/components/thumbnails/PageThumbs.jsm#20-23
> how are they sanitized
each hour if there are more than 50 thumbnails remove the exceeding ones, otherwise set a certain age:
https://searchfox.org/mozilla-central/source/toolkit/components/thumbnails/PageThumbs.jsm#12-18
also sanitized with history or when the page is removed (forget about this site I think):
https://searchfox.org/mozilla-central/source/toolkit/components/thumbnails/PageThumbs.jsm#124
---
some more references for a deeper dive:
- not captured in PB mode --> https://searchfox.org/mozilla-central/source/toolkit/components/thumbnails/PageThumbs.jsm#265
- 11 yo bugzilla that decoupled thumbnails from disk cache --> https://bugzilla.mozilla.org/show_bug.cgi?id=744388
- the thumbnails component is assigned to NTP bug wise, so it should be AS mostly --> https://searchfox.org/mozilla-central/source/toolkit/components/thumbnails/moz.build
- the thumbnail service spec, not very detailed tbh --> https://wiki.mozilla.org/Firefox/Features/Generic_Thumbnail_Service
a quick look at the uses:
- https://searchfox.org/mozilla-central/search?q=symbol:%23BackgroundPageThumbs&redirect=false
- https://searchfox.org/mozilla-central/search?q=symbol:%23PageThumbs&redirect=false
as you can see new tab page, places, ctrl-tab. also [this comment](https://bugzilla.mozilla.org/show_bug.cgi?id=497543#c87) and there are more bugzilla on the security aspect.Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42282"Tor Browser" entry created in registry Editor under HKLM and HKCR2024-01-09T13:58:23Zcypherpunks"Tor Browser" entry created in registry Editor under HKLM and HKCR"Tor Browser" entry created in registry Editor under HKLM and HKCR"Tor Browser" entry created in registry Editor under HKLM and HKCRcypherpunkscypherpunkshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42147Add browser.helperApps.deleteTempFileOnExit to our profile2023-10-31T05:46:31ZThorinAdd browser.helperApps.deleteTempFileOnExit to our profilefrom the almighty AF
```js
/* 2603: remove temp files opened with an external application
* [1] https://bugzilla.mozilla.org/302433 ***/
user_pref("browser.helperApps.deleteTempFileOnExit", true);
```
cc: @pierovfrom the almighty AF
```js
/* 2603: remove temp files opened with an external application
* [1] https://bugzilla.mozilla.org/302433 ***/
user_pref("browser.helperApps.deleteTempFileOnExit", true);
```
cc: @pierovPier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42057Disable Platform text-recognition functionality2023-10-03T15:38:02ZrichardDisable Platform text-recognition functionalityMozilla's text recognition API is currently macOS only and calls out to these platfoms apis: https://developer.apple.com/documentation/vision/recognizing_text_in_images
In the future this could/should be replaced with local in-process O...Mozilla's text recognition API is currently macOS only and calls out to these platfoms apis: https://developer.apple.com/documentation/vision/recognizing_text_in_images
In the future this could/should be replaced with local in-process OCR system like teseract ( https://github.com/tesseract-ocr/tesseract ). For now let's neuter the global check to hard return false always and prevent all the dependent code paths from being taken.richardrichardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42015Review Mozilla 1830890: Keep a history window of WebRTC stats for about:webrtc2023-10-05T12:44:53ZrichardReview Mozilla 1830890: Keep a history window of WebRTC stats for about:webrtcLink: https://bugzilla.mozilla.org/show_bug.cgi?id=1830790
We should make sure there's no disk leak here, and if there is gate it behind private browsing mode and uplift.Link: https://bugzilla.mozilla.org/show_bug.cgi?id=1830790
We should make sure there's no disk leak here, and if there is gate it behind private browsing mode and uplift.richardrichardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42002Review Mozilla 1809305: Allow user to copy an image to the clipboard2023-10-03T13:28:08ZrichardReview Mozilla 1809305: Allow user to copy an image to the clipboardLink: https://bugzilla.mozilla.org/show_bug.cgi?id=1809305
We should see if there are mitigations we should apply here similar to our desktop clipboard patches.
/cc @danLink: https://bugzilla.mozilla.org/show_bug.cgi?id=1809305
We should see if there are mitigations we should apply here similar to our desktop clipboard patches.
/cc @danma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41944Review Mozilla 1774083: Add Surrogate COM Server to handle native Windows not...2023-10-05T17:15:48ZrichardReview Mozilla 1774083: Add Surrogate COM Server to handle native Windows notifications when Firefox is closed.Link: https://bugzilla.mozilla.org/show_bug.cgi?id=1774083
On windows COM servers are registered in the registy (if i recall correctly). We should make sure any such registration is gated behind w/e pref is used to disable notifications.Link: https://bugzilla.mozilla.org/show_bug.cgi?id=1774083
On windows COM servers are registered in the registy (if i recall correctly). We should make sure any such registration is gated behind w/e pref is used to disable notifications.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41942Review Mozilla 1682520: Use the WER runtime exception module to catch early c...2023-10-05T17:15:48ZrichardReview Mozilla 1682520: Use the WER runtime exception module to catch early crashesLink: https://bugzilla.mozilla.org/show_bug.cgi?id=1682520
WER is the Windows crash reporting system. The above change may involve registry edits we want to get rid or other disk leak type stuffs.Link: https://bugzilla.mozilla.org/show_bug.cgi?id=1682520
WER is the Windows crash reporting system. The above change may involve registry edits we want to get rid or other disk leak type stuffs.richardrichardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41881Developer tools/Network/New Request remembers requests2023-10-03T15:37:59ZcypherpunksDeveloper tools/Network/New Request remembers requestsOn TBB 12.5.1, opening Developer tools, Network tab and then clicking on "New Request" causes address, headers, POST body to be autofilled with ones of previous request in other isolation domain or even after browser restart.On TBB 12.5.1, opening Developer tools, Network tab and then clicking on "New Request" causes address, headers, POST body to be autofilled with ones of previous request in other isolation domain or even after browser restart.cypherpunkscypherpunkshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41752Review changes done by Bug 415652023-10-05T12:40:26ZPier Angelo VendrameReview changes done by Bug 41565While trying to uplift #41565/!505, I got some feedback, see [Bug 1829140](https://bugzilla.mozilla.org/show_bug.cgi?id=1829140).
- `fission.experiment.*` has gone in [Bug 1671548](https://bugzilla.mozilla.org/show_bug.cgi?id=1671548)
-...While trying to uplift #41565/!505, I got some feedback, see [Bug 1829140](https://bugzilla.mozilla.org/show_bug.cgi?id=1829140).
- `fission.experiment.*` has gone in [Bug 1671548](https://bugzilla.mozilla.org/show_bug.cgi?id=1671548)
- `browser.js` changes are done to avoid calls to histogram functions that become a no-op with telemetry disabled
- not a good approach for Mozilla: the assumption is that all the telemetry checks are done _by these functions_, not by the caller
- after all, not good also for us: we don't patch any other block of calls (unless it's for other reasons, such as the download code, in which we drop an entire telemetry block because our patch changes several scopes)
- as a result, **dropping these changes seems a sensible option**
- for `BrwoserGlue`, I've been asked to move these changes closer to where the writing actually happens
- possibly document the reasons for which the usual Firefox's assumptions (call Telemetry, it will check if it's allowed to run instead) don't hold
- makes sense, and I'm doing it also for the C++ changes (i.e., not change `nsAppRunner.cpp`, but `WriteFailedProfileLock` in `Telemetry.cpp`)
- `reportInstallationTelemetry` doesn't actually write anything: it depends on `installation_telemetry.json`, written by the installer. We don't add that file, so as a matter of fact, we don't need to do anything on that function. It looks like a performance improvement, but upstream says that they should be measurable, and if they are, probably the code _with telemetry enabled_ should be improved, instead of having these changes
- it could make sense to drop this change, too. I will comment upstream, to deepen the performance improvement argument (it's async stuff, so it should not be that heavy)
- `_collectStartupConditionsTelemetry` does not write anything on disk directly, either, so upsteram is less happy to take it.
- In general, disk leak of times is a very weak argument, because there are probably plenty of other ways to get the same information.
- for `times.json`, I've kept thinking about it for a few days, and I think it was a misunderstanding on our side. `times.json` is used also for profile health and something for the Activity Stream. But, as a coincidence, the only piece of code calling `ProfileAge()` in Tor Browser was that telemetry file.
- I'm leaning toward not patching it anymore. What is its role in the security treat model, exactly?
- `times.json` is created with the profile, so we still have the profile creation time. Also, if we didn't have it, there would probably be some file leaking some date.
- I don't think fighting timestamps is worth the issue. There are several other things that change them, including preferences and even our Onion Aliases patch.
- This can be disabled, but I'm sure many more remain.
- I don't think we need profile health at the moment, neither in Tor Browser, nor in Mullvad Browser, since we should hardly write anything on them. Maybe in the future we might, but if we have a stronger reason to disable timestamp collection, I'd be up for just disabling it.
- The I/O argument hardly holds, as it's implemented in an async way. Also, performance improvements should be measured/measurable to make sure they're worth it (and upstream should improve the code in the first place, if that's the case).
I'd be happy if upstream took the disk changes.
But after having re-reviewed the patch, I think I'd be okay in making it lighter even if they didn't (i.e., take what I proposed upstream).Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41750revisit browser.download.forbid_open_with2023-05-02T19:23:07ZThorinrevisit browser.download.forbid_open_withhmmm ..
- https://old.reddit.com/r/TOR/comments/134e16g/what_settings_can_be_changed_on_tor_browser_and/jiesqjc/
- > I cannot understand why Tor Browser developers leave this option false!
- 6 year old previously closed ticket with @g...hmmm ..
- https://old.reddit.com/r/TOR/comments/134e16g/what_settings_can_be_changed_on_tor_browser_and/jiesqjc/
- > I cannot understand why Tor Browser developers leave this option false!
- 6 year old previously closed ticket with @gk's one liner at #19667
- > I think this is fine as-is
from an old arkenfox (the current one has this under optional opsec and is a one liner with no info)
```js
/* disable "open with" in download dialog [FF50+]
* This is very useful to enable when the browser is sandboxed (e.g. via AppArmor)
* in such a way that it is forbidden to run external applications.
* [SETUP-CHROME] This may interfere with some users' workflow or methods
* [1] https://bugzilla.mozilla.org/1281959 ***/
user_pref("browser.download.forbid_open_with", true);
```
why is this `fine`? @gk
![thisisfine](/uploads/23937b6cd9e1cd1413118bc290b500ef/thisisfine.jpg)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41679Backport Android-specific security fixes from Firefox 111 to ESR 102.9-based ...2023-04-10T16:09:57ZrichardBackport Android-specific security fixes from Firefox 111 to ESR 102.9-based Tor Browser<details>
<summary>Explanation of Variables</summary>
- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc
- example : `102.8.0`
- `$(RR_VERSION)` : the Mozilla defin...<details>
<summary>Explanation of Variables</summary>
- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc
- example : `102.8.0`
- `$(RR_VERSION)` : the Mozilla defined Rapid-Release version; Tor Browser for Android is based off of the `$(ESR_VERSION)`, but Mozilla's Firefox for Android is based off of the `$(RR_VERSION)` so we need to keep track of security vulnerabilities to backport from the monthly Rapid-Release train and our frozen ESR train.
- example: `110`
- `$(TOR_BROWSER_MAJOR)` : the Tor Browser major version
- example : `12`
- `$(TOR_BROWSER_MINOR)` : the Tor Browser minor version
- example : either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
- `$(BUILD_N)` : a project's build revision within a its branch; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build.
- example : `build1`
</details>
**NOTE:** It is assumed the `tor-browser` rebase has already happened and there exists a `build1` build tag for both `base-browser` and `tor-browser`
### **Bookkeeping**
- [ ] Link this issue to the appropriate [Release Prep](https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/?sort=updated_desc&state=opened&label_name%5B%5D=Release%20Prep) issues (stable and alpha).
### **Security Vulnerabilities Report** : https://www.mozilla.org/en-US/security/advisories/
- Potentially Affected Components:
- `firefox`/`geckoview` : https://github.com/mozilla/gecko-dev
- `application-services` : https://github.com/mozilla/application-services
- `android-components` : https://github.com/mozilla-mobile/firefox-android
- `fenix` : https://github.com/mozilla-mobile/firefox-android
**NOTE:** `android-components` and `fenix` used to have their own repos, but since November 2022 they have converged to a single `firefox-android` repo. Any backports will require manually porting patches over to our legacy repos.
- [x] Go through any `Security Vulnerabilities fixed in Firefox $(RR_VERSION)` (or similar) and create a candidate list of CVEs which potentially need to be backported in this issue:
- CVEs which are explicitly labeled as 'Android' only
- CVEs which are fixed in Rapid Release but not in ESR
- 'Memory safety bugs' fixed in Rapid Release but not in ESR
- [x] Foreach issue:
- Create link to the CVE on [mozilla.org](https://www.mozilla.org/en-US/security/advisories/)
- example: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25740
- Create link to the associated Bugzilla issues (found in the CVE description)
- Create a link to the relevant `gecko-dev`/other commit hashes which need to be backported OR a brief justification for why the fix does not need to be backported
- To find the `gecko-dev` version of a `mozilla-central`, search for a unique string in the relevant `mozilla-central` commit message in the `gecko-dev/release` branch log.
- **NOTE:** This process is unfortunately somewhat poorly defined/ad-hoc given the general variation in how Bugzilla issues are labeled and resolved. In general this is going to involve a bit of hunting to identify needed commits or determining whether or not the fix is relevant.
### **tor-browser** : https://gitlab.torproject.org/tpo/applications/tor-browser.git
- [x] Backport any Android-specific security fixes from Firefox rapid-release
- [x] Sign/Tag commit:
- Tag : `tor-browser-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
- Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)`
- [x] Push tag to `origin`
**OR**
- [ ] No backports
### **application-services** : *TODO: we will need to setup a gitlab copy of this repo that we can apply security backports to if there are ever any security issues here*
- [ ] Backport any Android-specific security fixes from Firefox rapid-release
- [ ] Sign/Tag commit:
- Tag : `application-services-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
- Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha`
- [ ] Push tag to `origin`
**OR**
- [x] No backports
### **android-components** : https://gitlab.torproject.org/tpo/applications/android-components.git
- [x] Backport any Android-specific security fixes from Firefox rapid-release
- **NOTE**: Since November 2022, this repo has been merged with `fenix` into a singular `firefox-android` repo: https://github.com/mozilla-mobile/firefox-android. Any backport will require a patch rewrite to apply to our legacy `android-components` project.
- [ ] Sign/Tag commit:
- Tag : `android-components-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
- Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)`
- [ ] Push tag to `origin`
**OR**
- [ ] No backports
### **fenix** : https://gitlab.torproject.org/tpo/applications/fenix.git
- [ ] Backport any Android-specific security fixes from Firefox rapid-release
- **NOTE**: Since February 2023, this repo has been merged with `android-components` into a singular `firefox-android` repo: https://github.com/mozilla-mobile/firefox-android. Any backport will require a patch rewrite to apply to our legacy `fenix` project.
- [ ] Sign/Tag commit:
- Tag : `tor-browser-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
- Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)`
- [ ] Push tag to `origin`
**OR**
- [x] No backports
### CVEs
- [ ] https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28159
- https://bugzilla.mozilla.org/show_bug.cgi?id=1783561
- **patches**:
- android-components: https://github.com/mozilla-mobile/firefox-android/pull/565/commits
- fenix: https://github.com/mozilla-mobile/fenix/pull/28572/commits
- [ ] https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25748
- https://bugzilla.mozilla.org/show_bug.cgi?id=1798798
- **patch**: https://github.com/mozilla-mobile/firefox-android/commit/1dc21a3786506200be124733e654dff8f39b5395
- [x] https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25749
- https://bugzilla.mozilla.org/show_bug.cgi?id=1810705
- **patch**: https://github.com/mozilla-mobile/firefox-android/commit/4ff195aa268af1dabbcac050bb6e3e6e9abecff7
- **note**: our existing fix for fenix#34378 actually fixes this already so let's not backport this one :D
- [x] https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25750
- https://bugzilla.mozilla.org/show_bug.cgi?id=1814733
- esr102 unaffected AND this is a service workers issue (service workers are not enabled in Tor Browser)
- [x] https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28160
- https://bugzilla.mozilla.org/show_bug.cgi?id=1802385
- **patch**: https://hg.mozilla.org/mozilla-central/rev/554a5aa89673
- **note:** This is a potential fingerprinting vector fix, but only accessible from webextensions which Android in general doesn't support very many of so if this is a pain to backport that's fine
- [x] https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28161
- https://bugzilla.mozilla.org/show_bug.cgi?id=1811181
- This patch would apparently require a lot of re-work for esr102 (and is not applicable to Android) so lets skip it
- [x] https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28177
- [x] https://bugzilla.mozilla.org/show_bug.cgi?id=1817336
- esr102 unaffected, affects linux desktop
- [x] https://bugzilla.mozilla.org/show_bug.cgi?id=1803109
- only happens when profiling which is one reason they didn't backport
- **patch**: https://hg.mozilla.org/mozilla-central/rev/adcb31b93a01
- [x] https://bugzilla.mozilla.org/show_bug.cgi?id=1809542
- esr102 unaffected, affects Windows
- [x] https://bugzilla.mozilla.org/show_bug.cgi?id=1808832
- esr102 unaffected,
<!-- Create CVE resolution here -->ma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41589Do not call _collectStartupConditionsTelemetry and _firstWindowTelemetry2023-01-30T08:35:43ZPier Angelo VendrameDo not call _collectStartupConditionsTelemetry and _firstWindowTelemetry`_collectStartupConditionsTelemetry` disk leaks some timing data about the browser startup, and it does so only for telemetry purposes.
And it's quite annoying because it also adds an error in the JS console.
We could just remove the c...`_collectStartupConditionsTelemetry` disk leaks some timing data about the browser startup, and it does so only for telemetry purposes.
And it's quite annoying because it also adds an error in the JS console.
We could just remove the call to it and, since we're at it, also to `_firstWindowTelemetry`, which is another telemetry function that we don't care anything about and is called just before the other one.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41565Gate Telemetry Tasks behind AppConstants.MOZ_TELEMETRY_REPORTING2023-05-03T18:06:48ZrichardGate Telemetry Tasks behind AppConstants.MOZ_TELEMETRY_REPORTINGOriginally from @cypherpunks1's MR here: https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests/436/diffs?commit_id=da5344a0586898fc95a679332168443d97966d64
We should gate these behind the telemetry pref and uplift ...Originally from @cypherpunks1's MR here: https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests/436/diffs?commit_id=da5344a0586898fc95a679332168443d97966d64
We should gate these behind the telemetry pref and uplift to Mozilla.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40999Update "cleared data" on New Identity2023-09-20T17:46:06ZMatthew FinkelUpdate "cleared data" on New IdentityFirefox has some more flags we should set.Firefox has some more flags we should set.Sponsor 131 - Phase 3 - Major ESR 102 MigrationPier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40868Remove the applied update list2022-10-26T13:13:48ZPier Angelo VendrameRemove the applied update listCurrently, Tor Browser lists the updates that a user applied.
We should get rid of that, because it can leak data about users' behavior.
![updates](/uploads/ac3c17d895f1ed13e13e147daf85d711/updates.png)Currently, Tor Browser lists the updates that a user applied.
We should get rid of that, because it can leak data about users' behavior.
![updates](/uploads/ac3c17d895f1ed13e13e147daf85d711/updates.png)Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40248tor browser creates data outside bundle directory on windows2022-12-08T15:15:31Zconcarnetor browser creates data outside bundle directory on windowsWhile using tor-browser on windows (bundle installed on usb flash) it creates a folder labeled "tor" in C:\Users\<username>\AppData\Roaming
it does that on any machine that the USB is plugged into and tor-browser is executed including t...While using tor-browser on windows (bundle installed on usb flash) it creates a folder labeled "tor" in C:\Users\<username>\AppData\Roaming
it does that on any machine that the USB is plugged into and tor-browser is executed including the the machine that was originally used to download and install the tor browser. The tor browser itself works fine on all machines it is used on.
List of files in the "tor" directory can be seen in the screenshot![tbb](/uploads/d5c494e9c5b46ec5e2d654bba2e8580f/tbb.JPG) attachedhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40163New certificate storage does not obey `security.nocertdb`2020-10-14T08:04:12ZGeorg KoppenNew certificate storage does not obey `security.nocertdb`As mentioned in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33534#note_2683533 there is a new certificate storage mechanism
where data is stored under `profiledir/security_state/` which is not
disabled by Tor Brow...As mentioned in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33534#note_2683533 there is a new certificate storage mechanism
where data is stored under `profiledir/security_state/` which is not
disabled by Tor Browser setting `security.nocertdb` = `true`.
Thanks to a cypherpunk for the reminder to file the ticket.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/31505Remove "Show update history" button and contained history.2022-07-08T17:46:14ZTracRemove "Show update history" button and contained history.Options - "Keep Tor Browser up to date for the best performance, stability, and security."
Remove "Show update history" button and contained history.
What is the point if this browser keep update history?!
**Trac**:
**Username**: cyp...Options - "Keep Tor Browser up to date for the best performance, stability, and security."
Remove "Show update history" button and contained history.
What is the point if this browser keep update history?!
**Trac**:
**Username**: cyperpunks