Tor Browser issueshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues2022-09-01T22:31:27Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41190Check voice for search for proxy bypasses2022-09-01T22:31:27ZGeorg KoppenCheck voice for search for proxy bypassesWhile going over the network audit for Fenix 81 the [voice for search features showed up](https://github.com/mozilla-mobile/fenix/issues/1216). Your search is sent to Google and you get results back. However, from a cursory glance it's n...While going over the network audit for Fenix 81 the [voice for search features showed up](https://github.com/mozilla-mobile/fenix/issues/1216). Your search is sent to Google and you get results back. However, from a cursory glance it's not exactly clear whether some external app is actually doing the Google-contacting and whether that's bypassing Tor.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41888checking: mobile WebShare API2023-08-26T06:37:55ZThorinchecking: mobile WebShare API`dom.webshare.enabled`
- https://developer.mozilla.org/en-US/docs/Web/API/Web_Share_API
- [1653481](https://bugzilla.mozilla.org/show_bug.cgi?id=1653481) [Meta] Implement and maintain WebShare API
- desktop: false except windows if `@IS_...`dom.webshare.enabled`
- https://developer.mozilla.org/en-US/docs/Web/API/Web_Share_API
- [1653481](https://bugzilla.mozilla.org/show_bug.cgi?id=1653481) [Meta] Implement and maintain WebShare API
- desktop: false except windows if `@IS_EARLY_BETA_OR_EARLIER@` [source](https://searchfox.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml#4843-4850)
- mobile: true [source](https://searchfox.org/mozilla-central/source/mobile/android/app/geckoview-prefs.js#37)
- navigator keys: share, canShare
also see (if relevant)
- [1828939](https://bugzilla.mozilla.org/show_bug.cgi?id=1828939) Share URL menu item is a potential proxy bypass and is a candidate for gating by MOZ_PROXY_BYPASS_PROTECTION
in [this](https://github.com/arkenfox/TZP/commit/a4eef4c1097b5f690077637560d34c8fe46421f6) TZP patch, I added a health check (i.e the result should be deterministic) and stable across the ESR lifecycle, especially once we release to stable and ESR has had 3 release cycles. So I noticed there is a difference between platforms (this is fine from a fingerprinting perspective, we are not hiding major OS, and I will refine/check it once we have nightly TB13's out) - in this case so far, mobile has `share` and canShare` whereas desktop doesn't (makes sense, see llinks above). Just checking that this is OK from TB android perspective. If we're not going to allow the API due to proxy bypasses, then shouldn't we just disable the API? Or am I confusing things? Please advise :)
cc @danhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25166Clipboard may be cleared or modified by websites2023-01-05T17:22:02ZGeorg KoppenClipboard may be cleared or modified by websitesThings like `document.execCommand('copy')` allows websites to mess with the clipboard. We might want to think to either warn users when this happens or just disable that feature by flipping the `dom.allow_cut_copy` preference. See: https...Things like `document.execCommand('copy')` allows websites to mess with the clipboard. We might want to think to either warn users when this happens or just disable that feature by flipping the `dom.allow_cut_copy` preference. See: https://bugzilla.mozilla.org/show_bug.cgi?id=1012662 for the original implementation and discussion about exposing the preference.
Thanks to xiaoyinl who reported that issue in our bug bounty program.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40062consider disabling the Web Share API (Android and Windows)2022-11-30T15:13:29ZMark Smithconsider disabling the Web Share API (Android and Windows)From #33534: The Web Share API allows web pages to bring up a system sharing UI. Does this cause any disk leaks or proxy bypass possibilities? If it does, we should disable it.
https://bugzilla.mozilla.org/show_bug.cgi?id=1402369 \
"Imp...From #33534: The Web Share API allows web pages to bring up a system sharing UI. Does this cause any disk leaks or proxy bypass possibilities? If it does, we should disable it.
https://bugzilla.mozilla.org/show_bug.cgi?id=1402369 \
"Implement Web Share API on Fenix"
https://bugzilla.mozilla.org/show_bug.cgi?id=1573029 \
"Implement Web Share on Windows"https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40021Consider protecting against webextensions with "proxy" permissions2023-01-05T17:38:50ZAlex CatarineuConsider protecting against webextensions with "proxy" permissionsAFAIK, if a user installs a webextension with "proxy" permissions it may result in proxy bypass. We don't support nor encourage users installing extensions, but given how critical are proxy bypasses it might be a good idea to try to make...AFAIK, if a user installs a webextension with "proxy" permissions it may result in proxy bypass. We don't support nor encourage users installing extensions, but given how critical are proxy bypasses it might be a good idea to try to make sure that no webextension can cause one.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40034DoH/TRR disabled by network.dns.disabled makes it unsafe to test DoH2023-01-05T17:38:57ZMike PerryDoH/TRR disabled by network.dns.disabled makes it unsafe to test DoHIn #33962, our patches for network.dns.disabled also block TRR/DoH. This means that if people want to test DoH, they have to enable unproxied DNS as well.
This can be dangerous; while DoH/TRR is proxy-safe, it does have codepaths to iss...In #33962, our patches for network.dns.disabled also block TRR/DoH. This means that if people want to test DoH, they have to enable unproxied DNS as well.
This can be dangerous; while DoH/TRR is proxy-safe, it does have codepaths to issue native queries in the background for performance comparison.
We could change the check in nsHostResolver::TrrLookup() to check a different pref.
Or, we could *additionally* put the other places where network.dns.disabled back to network.dns.socks_remote_dns.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42351ESR128 - check protocol handling2024-01-15T08:24:00ZThorinESR128 - check protocol handlingmight be others
- [1827827](https://bugzilla.mozilla.org/show_bug.cgi?id=1827827) add `payto` protocol to the registerProtocolHandler safelist
- [1871955](https://bugzilla.mozilla.org/show_bug.cgi?id=1871955) add `lbry` to the registerPr...might be others
- [1827827](https://bugzilla.mozilla.org/show_bug.cgi?id=1827827) add `payto` protocol to the registerProtocolHandler safelist
- [1871955](https://bugzilla.mozilla.org/show_bug.cgi?id=1871955) add `lbry` to the registerProtocolHandler allowlist
@pierov feel free to close if we are covered - i.e we block all then allowlisthttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40786Investigate whether HTTP/3 is bypassing proxy settings2023-01-05T17:59:18ZGeorg KoppenInvestigate whether HTTP/3 is bypassing proxy settingsWith our switch to esr91 [HTTP/3 is enabled by default](https://bugzilla.mozilla.org/show_bug.cgi?id=1710816) which we "countered" by flipping the respective pref in #40423.
In this ticket we should investigate whether it would be safe ...With our switch to esr91 [HTTP/3 is enabled by default](https://bugzilla.mozilla.org/show_bug.cgi?id=1710816) which we "countered" by flipping the respective pref in #40423.
In this ticket we should investigate whether it would be safe to enable HTTP/3 again and if not what we'd need to patch/fix to get there.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18101IP leak from Windows/macOS UI dialog with URI2024-01-09T14:37:48ZTracIP leak from Windows/macOS UI dialog with URIIt is possible for the client IP to leak from the browser and onto the network via the Windows API when prompted with Windows dialog box to select files.
Not entirely sure if this is a bug, but should at least be documented.
Steps to r...It is possible for the client IP to leak from the browser and onto the network via the Windows API when prompted with Windows dialog box to select files.
Not entirely sure if this is a bug, but should at least be documented.
Steps to reproduce:
1. Visit a website that provides an upload box.
2. Instead of selecting a file, paste a URI as a file name.
3. The IP is leaked.
This may potentially work with Ctrl+O (Open File) and Ctrl+S (Save Page As).
Tested on Windows 7 and verified with Wireshark.
**Trac**:
**Username**: uileakhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/28148Limit or Restrict PTCPSocket and PUDPSocket IPC mechanisms2023-01-05T17:30:04ZTom Rittertom@ritter.vgLimit or Restrict PTCPSocket and PUDPSocket IPC mechanismsThese actors live on PNecko.ipdl and appear to allow a content process to open a direct TCP or UDP connection to a server; bypassing the proxy.
We should validate if that is the case, and determine a way to stop that.These actors live on PNecko.ipdl and appear to allow a content process to open a direct TCP or UDP connection to a server; bypassing the proxy.
We should validate if that is the case, and determine a way to stop that.