Tor Browser issueshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues2024-01-15T08:24:00Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42351ESR128 - check protocol handling2024-01-15T08:24:00ZThorinESR128 - check protocol handlingmight be others
- [1827827](https://bugzilla.mozilla.org/show_bug.cgi?id=1827827) add `payto` protocol to the registerProtocolHandler safelist
- [1871955](https://bugzilla.mozilla.org/show_bug.cgi?id=1871955) add `lbry` to the registerPr...might be others
- [1827827](https://bugzilla.mozilla.org/show_bug.cgi?id=1827827) add `payto` protocol to the registerProtocolHandler safelist
- [1871955](https://bugzilla.mozilla.org/show_bug.cgi?id=1871955) add `lbry` to the registerProtocolHandler allowlist
@pierov feel free to close if we are covered - i.e we block all then allowlisthttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42114Disable Allow sharing current tab URL from Android's Recents screen in privat...2023-10-03T10:54:03ZrichardDisable Allow sharing current tab URL from Android's Recents screen in private browsing modeSeems to be a pixel-only Android feature. See tor-browser#42006Seems to be a pixel-only Android feature. See tor-browser#42006Dan BallardDan Ballardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42008Review Mozilla 1808146: Copying images from Pixiv and pasting them in certain...2023-10-05T17:15:48ZrichardReview Mozilla 1808146: Copying images from Pixiv and pasting them in certain programs is brokenLink: https://bugzilla.mozilla.org/show_bug.cgi?id=1808146
So in some instances on Windows when you copy an image to paste in another app, what is actually copied is the URL (and now including referrer) and the image is then resolved wi...Link: https://bugzilla.mozilla.org/show_bug.cgi?id=1808146
So in some instances on Windows when you copy an image to paste in another app, what is actually copied is the URL (and now including referrer) and the image is then resolved with a separate web request; unclear where the web request happens whether in Firefox, in some OS clipboard service, or from the target application.
Could be a big deal or nothing depending.ma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42006Review Mozilla 1817726: Allow sharing current tab URL from Android's Recents ...2023-10-03T13:28:05ZrichardReview Mozilla 1817726: Allow sharing current tab URL from Android's Recents (App Overview) screen.Link: https://bugzilla.mozilla.org/show_bug.cgi?id=1817726
Hopefully this is properly handling/is disabled private browsing mode but we must check.Link: https://bugzilla.mozilla.org/show_bug.cgi?id=1817726
Hopefully this is properly handling/is disabled private browsing mode but we must check.Dan BallardDan Ballardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41991Review Mozilla 1812518: Allow a custom View for 3rd party downloads2023-10-03T13:28:14ZrichardReview Mozilla 1812518: Allow a custom View for 3rd party downloadsLink: https://bugzilla.mozilla.org/show_bug.cgi?id=1812518
Unclear what 3rd party downloads or how they are meant to work, but we def don't want files downloaded via tor browser android to be re-routed outside the browser and not throug...Link: https://bugzilla.mozilla.org/show_bug.cgi?id=1812518
Unclear what 3rd party downloads or how they are meant to work, but we def don't want files downloaded via tor browser android to be re-routed outside the browser and not through tor.Dan BallardDan Ballardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41970Review Mozilla 17909270: WebRTC bypasses Network settings & proxy.onRequest2023-10-05T12:44:53ZrichardReview Mozilla 17909270: WebRTC bypasses Network settings & proxy.onRequestLink: https://bugzilla.mozilla.org/show_bug.cgi?id=1790270
Looks like a pref that was being set to preven this behaviour was not being honored. I think we just need to make sure we're setting+locking the pref correctly.Link: https://bugzilla.mozilla.org/show_bug.cgi?id=1790270
Looks like a pref that was being set to preven this behaviour was not being honored. I think we just need to make sure we're setting+locking the pref correctly.ma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41960Review Mozilla 1797896: Proxy environment variables should be upper case / ca...2023-10-03T13:28:27ZrichardReview Mozilla 1797896: Proxy environment variables should be upper case / case insensitiveLink: https://bugzilla.mozilla.org/show_bug.cgi?id=1797896
We should make sure these env variables do not conflict with tor setup and that are ignored.Link: https://bugzilla.mozilla.org/show_bug.cgi?id=1797896
We should make sure these env variables do not conflict with tor setup and that are ignored.Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41947Review Mozilla 1779005: Broken since Firefox 102.0: no instant fallback to di...2023-10-05T12:44:52ZrichardReview Mozilla 1779005: Broken since Firefox 102.0: no instant fallback to direct connection when proxy became unreachable while runtimeLink: https://bugzilla.mozilla.org/show_bug.cgi?id=1779005
Proxy-related patches so we should review for usual suspects (linkability, proxy bypass, etc).Link: https://bugzilla.mozilla.org/show_bug.cgi?id=1779005
Proxy-related patches so we should review for usual suspects (linkability, proxy bypass, etc).https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41938Review Mozilla 1769994: On systems with IPv6 preferred DNS resolution clients...2023-10-05T12:44:52ZrichardReview Mozilla 1769994: On systems with IPv6 preferred DNS resolution clients will fail to connect when "localhost" is used as host for the WebSocket serverLink: https://bugzilla.mozilla.org/show_bug.cgi?id=1769994
Found via the code audit, particularly gecko-dev commit [c193147b7b622a9b69e768079553e0d27c05c993](https://github.com/mozilla/gecko-dev/commit/c193147b7b622a9b69e768079553e0d27c...Link: https://bugzilla.mozilla.org/show_bug.cgi?id=1769994
Found via the code audit, particularly gecko-dev commit [c193147b7b622a9b69e768079553e0d27c05c993](https://github.com/mozilla/gecko-dev/commit/c193147b7b622a9b69e768079553e0d27c05c993) with title 'Resolve localhost to an IP before starting httpd.js'Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41888checking: mobile WebShare API2023-08-26T06:37:55ZThorinchecking: mobile WebShare API`dom.webshare.enabled`
- https://developer.mozilla.org/en-US/docs/Web/API/Web_Share_API
- [1653481](https://bugzilla.mozilla.org/show_bug.cgi?id=1653481) [Meta] Implement and maintain WebShare API
- desktop: false except windows if `@IS_...`dom.webshare.enabled`
- https://developer.mozilla.org/en-US/docs/Web/API/Web_Share_API
- [1653481](https://bugzilla.mozilla.org/show_bug.cgi?id=1653481) [Meta] Implement and maintain WebShare API
- desktop: false except windows if `@IS_EARLY_BETA_OR_EARLIER@` [source](https://searchfox.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml#4843-4850)
- mobile: true [source](https://searchfox.org/mozilla-central/source/mobile/android/app/geckoview-prefs.js#37)
- navigator keys: share, canShare
also see (if relevant)
- [1828939](https://bugzilla.mozilla.org/show_bug.cgi?id=1828939) Share URL menu item is a potential proxy bypass and is a candidate for gating by MOZ_PROXY_BYPASS_PROTECTION
in [this](https://github.com/arkenfox/TZP/commit/a4eef4c1097b5f690077637560d34c8fe46421f6) TZP patch, I added a health check (i.e the result should be deterministic) and stable across the ESR lifecycle, especially once we release to stable and ESR has had 3 release cycles. So I noticed there is a difference between platforms (this is fine from a fingerprinting perspective, we are not hiding major OS, and I will refine/check it once we have nightly TB13's out) - in this case so far, mobile has `share` and canShare` whereas desktop doesn't (makes sense, see llinks above). Just checking that this is OK from TB android perspective. If we're not going to allow the API due to proxy bypasses, then shouldn't we just disable the API? Or am I confusing things? Please advise :)
cc @danhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41727WebRTC privacy-hardening settings2023-10-09T17:50:23Zma1WebRTC privacy-hardening settingsAs noted in mullvad-browser#151, the most sensible preference changes to harden WebRTC privacy for our use cases seem to be:
- `media.peerconnection.ice.relay_only` -> `false`
- `media.peerconnection.ice.default_address_only` -> `true`
...As noted in mullvad-browser#151, the most sensible preference changes to harden WebRTC privacy for our use cases seem to be:
- `media.peerconnection.ice.relay_only` -> `false`
- `media.peerconnection.ice.default_address_only` -> `true`
- `media.peerconnection.ice.proxy_only_if_behind_proxy` -> `true`ma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41353Drag&Drop protection doesn't work anymore2023-05-30T15:17:32ZPier Angelo VendrameDrag&Drop protection doesn't work anymoreTor Browser should provide protection against proxy bypass by [filtering URLs when doing drag&drop](https://2019.www.torproject.org/projects/torbrowser/design/#proxy-obedience) (see point 3 of section 4.1).
Steps to reproduce:
1. Open ...Tor Browser should provide protection against proxy bypass by [filtering URLs when doing drag&drop](https://2019.www.torproject.org/projects/torbrowser/design/#proxy-obedience) (see point 3 of section 4.1).
Steps to reproduce:
1. Open https://pearlcrescent.com/tor/22434.html **in Firefox/Chrome** (found in #22434)
2. Drop a link or a favicon from Tor Browser into the rectangle
3. Notice that `text/plain` and `text/html` still contain the URL; also, Firefox will open the page if you drop it somewhere else.
So, should we scrub URLs from plain text and HTML, too?Sponsor 131 - Phase 3 - Major ESR 102 Migrationma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41139Review Mozilla 1637922: Consider disabling dom.netinfo.enabled on mobile2022-10-25T22:16:40ZrichardReview Mozilla 1637922: Consider disabling dom.netinfo.enabled on mobile## https://bugzilla.mozilla.org/show_bug.cgi?id=1637922
Not sure what this is but we should investigate and see if we also want it disabled## https://bugzilla.mozilla.org/show_bug.cgi?id=1637922
Not sure what this is but we should investigate and see if we also want it disabledSponsor 131 - Phase 3 - Major ESR 102 Migrationrichardrichardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41134Review Mozilla 1749501: "Use system proxy settings" no longer uses all define...2022-10-23T23:38:48ZrichardReview Mozilla 1749501: "Use system proxy settings" no longer uses all defined exceptionsWe need to make sure this change is interacting correctly with our proxy bypass expections. If there's any fixes required they should be gated behind MOZ_PROXY_BYPASS_PROTECTION and uplifted.We need to make sure this change is interacting correctly with our proxy bypass expections. If there's any fixes required they should be gated behind MOZ_PROXY_BYPASS_PROTECTION and uplifted.Sponsor 131 - Phase 3 - Major ESR 102 Migrationma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41125Review Mozilla 1732792: retry polling requests without proxy2022-10-18T15:21:15ZrichardReview Mozilla 1732792: retry polling requests without proxyWe should not do anything without the proxy, (if it isn't already) we should gate this feature behind MOZ_PROXY_BYPASS_PROTECTION and uplift.We should not do anything without the proxy, (if it isn't already) we should gate this feature behind MOZ_PROXY_BYPASS_PROTECTION and uplift.Sponsor 131 - Phase 3 - Major ESR 102 MigrationDan BallardDan Ballardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41124Review Mozilla 1732388: support a proxy bypass flag for http requests2022-09-01T16:30:01ZrichardReview Mozilla 1732388: support a proxy bypass flag for http requests- Literally a proxy bypass >:[
- Related:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1732793
- https://bugzilla.mozilla.org/show_bug.cgi?id=1733994
- https://bugzilla.mozilla.org/show_bug.cgi?id=1732792
- https://bugzilla.moz...- Literally a proxy bypass >:[
- Related:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1732793
- https://bugzilla.mozilla.org/show_bug.cgi?id=1733994
- https://bugzilla.mozilla.org/show_bug.cgi?id=1732792
- https://bugzilla.mozilla.org/show_bug.cgi?id=1733481
either revert or shim this flag to always be false
looks like several other mozilla tickets depend on this one though so that's fun
We need to review these patches, and potentially gate any proxy bypasses behind MOZ_PROXY_BYPASS_PROTECTION and uplift any patch we write.Sponsor 131 - Phase 3 - Major ESR 102 MigrationDan BallardDan Ballardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41123Review Mozilla 1730418: Blocked network requests still reach a custom DoH res...2022-09-07T14:09:55ZrichardReview Mozilla 1730418: Blocked network requests still reach a custom DoH resolver## https://bugzilla.mozilla.org/show_bug.cgi?id=1730418
Not exactly a proxy bypass issue, but adjacent. A lot of interesting stuff going on in this ticket, the fix is good/desired but we should check and see if any of the prefs mentione...## https://bugzilla.mozilla.org/show_bug.cgi?id=1730418
Not exactly a proxy bypass issue, but adjacent. A lot of interesting stuff going on in this ticket, the fix is good/desired but we should check and see if any of the prefs mentioned are used/should be used in tor-browserSponsor 131 - Phase 3 - Major ESR 102 Migrationma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41119Review Mozilla 1721178: Target messages to users who just signed in to public...2022-08-31T19:19:04ZrichardReview Mozilla 1721178: Target messages to users who just signed in to public wi-fi## https://bugzilla.mozilla.org/show_bug.cgi?id=1721178
This looks like a potential proxy bypass vector, but we should also probably figure out in general (long term) how we currently/should handle captive portals.
cc @duncan## https://bugzilla.mozilla.org/show_bug.cgi?id=1721178
This looks like a potential proxy bypass vector, but we should also probably figure out in general (long term) how we currently/should handle captive portals.
cc @duncanSponsor 131 - Phase 3 - Major ESR 102 MigrationDan BallardDan Ballardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41118Review Mozilla 1714583: UNC shared folder as default download location not wo...2022-09-06T14:37:45ZrichardReview Mozilla 1714583: UNC shared folder as default download location not working on Windows 10 (because nsIFile::exists() returns false for network server names on Windows)## https://bugzilla.mozilla.org/show_bug.cgi?id=1714583
This patch fixes an issue whereby users were unable to save files to a UNC shared folder. We have a few other issues in the past with UNC paths (some unavaoidable iirc) for referne...## https://bugzilla.mozilla.org/show_bug.cgi?id=1714583
This patch fixes an issue whereby users were unable to save files to a UNC shared folder. We have a few other issues in the past with UNC paths (some unavaoidable iirc) for refernence:
- https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26874
- https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424
We should figure out what the right behaviour is here, maybe revert the above Mozilla fix or more actively prevent UNC path access.Sponsor 131 - Phase 3 - Major ESR 102 Migrationma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41117Review Mozilla 1512851: Add Share Menu to File Menu on macOS2023-04-19T19:52:24ZrichardReview Mozilla 1512851: Add Share Menu to File Menu on macOS## https://bugzilla.mozilla.org/show_bug.cgi?id=1512851
Adds a File > Share menu on macOS. Seems like a great linkability vector.
@duncan: can you verify this menu appears in the esr102-based alpha?
@pierov: do you have an opinion on w...## https://bugzilla.mozilla.org/show_bug.cgi?id=1512851
Adds a File > Share menu on macOS. Seems like a great linkability vector.
@duncan: can you verify this menu appears in the esr102-based alpha?
@pierov: do you have an opinion on whether this should be disabled in tor-browser or base-browser
@dan: I'd like you to write w/e patch is required for disabling this.Sponsor 131 - Phase 3 - Major ESR 102 MigrationDan BallardDan Ballard