Tor Browser issueshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues2022-07-09T18:03:24Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18288Sign Tor Browser binaries on Windows (not just the setup executable)2022-07-09T18:03:24ZGeorg KoppenSign Tor Browser binaries on Windows (not just the setup executable)Mozilla is doing the signing of Firefox binaries for a while now, beyond providing signatures for the setup executable. https://blogs.msdn.com/b/ieinternals/archive/2011/03/22/authenticode-code-signing-for-developers-for-file-downloads-b...Mozilla is doing the signing of Firefox binaries for a while now, beyond providing signatures for the setup executable. https://blogs.msdn.com/b/ieinternals/archive/2011/03/22/authenticode-code-signing-for-developers-for-file-downloads-building-smartscreen-application-reputation.aspx has some things to say about that.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18287Use SHA-2 signature for Tor Browser setup executables2022-04-05T02:28:34ZGeorg KoppenUse SHA-2 signature for Tor Browser setup executablesAs tjr mentioned in legacy/trac#17870 we only use SHA-1 when signing our Windows setup executables and should switch to SHA-2 or, better, provide both SHA-1 for older systems and SHA-2 for newer ones. Mozilla tried to deal with it in htt...As tjr mentioned in legacy/trac#17870 we only use SHA-1 when signing our Windows setup executables and should switch to SHA-2 or, better, provide both SHA-1 for older systems and SHA-2 for newer ones. Mozilla tried to deal with it in https://bugzilla.mozilla.org/show_bug.cgi?id=1079858 which might be a good starting point for solving this bug.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/182743DES_EDE_CBC cipher is weak in the current TBB configuration!2022-11-10T11:31:50Zbugzilla3DES_EDE_CBC cipher is weak in the current TBB configuration!From The Design and Implementation of the Tor Browser [DRAFT]:
> we also enable TLS False Start via the Firefox Pref security.ssl.enable_false_start.
From TLS False Start https://tools.ietf.org/html/draft-bmoeller-tls-falsestart-00
> ge...From The Design and Implementation of the Tor Browser [DRAFT]:
> we also enable TLS False Start via the Firefox Pref security.ssl.enable_false_start.
From TLS False Start https://tools.ietf.org/html/draft-bmoeller-tls-falsestart-00
> generally symmetric ciphers with an effective key length of 128 bits or more can be considered strong. In TLS 1.2 [RFC5246], this allows all cipher suites **except** those using the NULL or 3DES_EDE_CBC ciphers
Detected by https://www.ssllabs.com/ssltest/viewMyClient.html
> TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112
In `about:config`:
`security.ssl3.rsa_des_ede3_sha`;`true`
Why is this security hole still present?https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18107Prevent automatic HTTP redirects2023-01-05T17:00:27ZTracPrevent automatic HTTP redirectsApparently, at some point this feature was removed from Firefox. The option "Advanced -> General -> Warn me when websites try to redirect" doesn't seem to work. For example, this link redirects automatically: http://bit.ly/M4DEDa
I thin...Apparently, at some point this feature was removed from Firefox. The option "Advanced -> General -> Warn me when websites try to redirect" doesn't seem to work. For example, this link redirects automatically: http://bit.ly/M4DEDa
I think that automatic HTTP redirects are a potential attack vector. (See, for example, [1]). Can the option to disable them be restored?
[1] https://www.reddit.com/r/TOR/comments/41bfwq/tor_exits_can_strip_ssl_inject_malicious_js_then/
**Trac**:
**Username**: slycelotehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18042Make sure certificates signed with SHA-1 are not accepted anymore in ESR 452022-01-11T19:32:38ZGeorg KoppenMake sure certificates signed with SHA-1 are not accepted anymore in ESR 45MOzilla released Firefox 43 which did not accept SHA-1 signed certificates anymore. However, this apparently broke some MITM boxes (https://blog.mozilla.org/security/2016/01/06/man-in-the-middle-interfering-with-increased-security/) and ...MOzilla released Firefox 43 which did not accept SHA-1 signed certificates anymore. However, this apparently broke some MITM boxes (https://blog.mozilla.org/security/2016/01/06/man-in-the-middle-interfering-with-increased-security/) and they released a point update reverting this change.
We don't want to have this security feature reverted and should make sure our ESR 45 based code is rejecting SHA-1 signed certificates as expected.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18017Switch to NSS 3.19.2.2 to mitigate SLOTH attack (CVE-2015-7575)2022-01-11T19:32:38ZGeorg KoppenSwitch to NSS 3.19.2.2 to mitigate SLOTH attack (CVE-2015-7575)Mozilla thinks backporting the fix for CVE-2015-7575 is not important enough and does not do it. I think giving our context we should do it, though. Let's try switching to NSS 3.19.2.2 in the next release (end of January).Mozilla thinks backporting the fix for CVE-2015-7575 is not important enough and does not do it. I think giving our context we should do it, though. Let's try switching to NSS 3.19.2.2 in the next release (end of January).https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18008Create a new MAR signing key and bake it into Tor Browser2022-01-11T19:32:38ZGeorg KoppenCreate a new MAR signing key and bake it into Tor BrowserWe want to deprecate the MAR signing key mostly used for signing our MAR files so far and embed a new one instead. This is the begin of a yearly-ish procedure as there is no good way of revoking a MAR signing key.We want to deprecate the MAR signing key mostly used for signing our MAR files so far and embed a new one instead. This is the begin of a yearly-ish procedure as there is no good way of revoking a MAR signing key.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17931Tor Browser crashes in LogMessageToConsole()2022-01-11T19:32:38ZTracTor Browser crashes in LogMessageToConsole()Just tried to search "let's encrypt" on https://github.com. It crashes the Tor Browser Hardened 5.5a5-hardened without any error message.
The error is reproducible (at least on my two machines), but no other search term seems to trigger...Just tried to search "let's encrypt" on https://github.com. It crashes the Tor Browser Hardened 5.5a5-hardened without any error message.
The error is reproducible (at least on my two machines), but no other search term seems to trigger a crash.
BTW, is there a way to get any logs from the crash?
**Trac**:
**Username**: pegehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17929Får "Tor Browser does not have permission to access the profile. Please adjus...2022-01-11T19:32:37ZTracFår "Tor Browser does not have permission to access the profile. Please adjust your file system permissions and try again.Efter att ha installerat och kört ett antal anti-malware-program efter en massiv infektion, kommer meddelandet i ämnesraden upp.
Det står "Please adjust your file system permissions..." men var gör jag det?
Tack.
**Trac**:
**Usernam...Efter att ha installerat och kört ett antal anti-malware-program efter en massiv infektion, kommer meddelandet i ämnesraden upp.
Det står "Please adjust your file system permissions..." men var gör jag det?
Tack.
**Trac**:
**Username**: Itshimagainhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17925Investigate memory consumption of hardened Tor Browser builds2022-01-11T19:32:37ZGeorg KoppenInvestigate memory consumption of hardened Tor Browser buildsASan needs a lot of memory. But apart from that it seems even closing tabs or browser windows does not reduce the memory footprint of hardened builds. Rather, the memory consumption is growing and growing. We should try to determine if t...ASan needs a lot of memory. But apart from that it seems even closing tabs or browser windows does not reduce the memory footprint of hardened builds. Rather, the memory consumption is growing and growing. We should try to determine if that is an ASan "feature" or whether we have real memory leaks that need to get fixed.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17895Tor Browser Bundle installer subject to DLL hijacking2022-01-11T19:32:37ZTracTor Browser Bundle installer subject to DLL hijackingtorbrowser-install-5.0.4.exe is vulnerable to DLL hijacking.
Create, e.g. shfolder.dll with a malicious DLL main and observe it runs when the tor installer is executed from the same downloads folder.
http://textslashplain.com/2015/12/1...torbrowser-install-5.0.4.exe is vulnerable to DLL hijacking.
Create, e.g. shfolder.dll with a malicious DLL main and observe it runs when the tor installer is executed from the same downloads folder.
http://textslashplain.com/2015/12/18/dll-hijacking-just-wont-die/
**Trac**:
**Username**: ericlawboklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17870Some Windows 10 users experience authenticode errors if Tor Browser is signed...2022-01-11T19:32:37ZGeorg KoppenSome Windows 10 users experience authenticode errors if Tor Browser is signed on LinuxThere are users (like the one in https://blog.torproject.org/blog/tor-browser-505-released#comment-141808) that experience authenticode errors when trying to install a Tor Browser signed on a Linux system instead of a Windows one. It wor...There are users (like the one in https://blog.torproject.org/blog/tor-browser-505-released#comment-141808) that experience authenticode errors when trying to install a Tor Browser signed on a Linux system instead of a Windows one. It works fine for me and others on Windows 7, 8 and 10, though.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17869Provide hardened Tor in hardened build series separately2022-01-11T19:32:37ZGeorg KoppenProvide hardened Tor in hardened build series separatelyThere is no hardened Tor archive we ship in our hardened builds although we have the corresponding debug files.There is no hardened Tor archive we ship in our hardened builds although we have the corresponding debug files.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17858Creating incremental MAR files for the hardened builds is broken2022-01-11T19:32:37ZGeorg KoppenCreating incremental MAR files for the hardened builds is brokenASan seems to break the creation of incremental MAR files. `mbsdiff` is basically frozen while trying to cope with libxul. Using a non-ASan MAR tools archive is working.ASan seems to break the creation of incremental MAR files. `mbsdiff` is basically frozen while trying to cope with libxul. Using a non-ASan MAR tools archive is working.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17734Use PDF.js to sanitize saved PDFs2023-01-05T16:59:02ZcypherpunksUse PDF.js to sanitize saved PDFsPDF files often have malicious content within itself, which can be used to compromise the security of the system. Rendering PDF file with PDF.js is often slow and broken, which makes the users to open the files with native readers. Unfor...PDF files often have malicious content within itself, which can be used to compromise the security of the system. Rendering PDF file with PDF.js is often slow and broken, which makes the users to open the files with native readers. Unfortunately, there is no good sanitizers: they are mostly written in script languages (s.a. Python and Ruby) and require their runtime. It will be very useful to have a tool to remove malicious content from downloaded PDF implemented in JS right in browser. Fortunately, Firefox already has PDF parsing library inside its PDF.js engine.
* Use PDF.js to parse PDF into internal representation, but do not render it.
* Decompress and destream it.
* Remove all potentially malicious tags (this should be tweakable in popup window similar to "Clear Recent History"): JS, fonts, flash (and other objects calling plugins), 3d, forms, signatures, remote content, anything else not needed for rendering directly.
* Recreate PDF file from the internal representation recomputing all the recomputable fields to destroy memory corruption exploits.
First I asked abou it in PDF.js bug tracker, they refused because it is not the goal of that project.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17532Provide a hardened Tor Browser for Windows2022-01-11T19:32:37ZGeorg KoppenProvide a hardened Tor Browser for WindowsWhile we started with Linux we should provide a hardened Tor Browser for Windows as well.While we started with Linux we should provide a hardened Tor Browser for Windows as well.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17531Provide a hardened Tor Browser for OS X2022-01-11T19:32:37ZGeorg KoppenProvide a hardened Tor Browser for OS XWhile we started with Linux we should provide a hardened Tor Browser for OS X as well.While we started with Linux we should provide a hardened Tor Browser for OS X as well.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17519Build nightlies for the hardened builds series2022-01-11T19:32:37ZGeorg KoppenBuild nightlies for the hardened builds seriesWe should build nightlies for our hardened-builds as well.We should build nightlies for our hardened-builds as well.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17509Write a patch for additional -ldl needed when compiling Tor Browser with ASan...2023-01-05T16:58:29ZGeorg KoppenWrite a patch for additional -ldl needed when compiling Tor Browser with ASan and GCC 5This is a reminder to investigate and write a patch for https://bugzilla.mozilla.org/show_bug.cgi?id=1213698.This is a reminder to investigate and write a patch for https://bugzilla.mozilla.org/show_bug.cgi?id=1213698.Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17508Using FORTIFY_SOURCE breaks inlining of memcpy when comiling Tor Browser with...2022-01-11T19:33:01ZGeorg KoppenUsing FORTIFY_SOURCE breaks inlining of memcpy when comiling Tor Browser with ASanWhile it is a known thing that ASan is not working particularly well with `FORTIFY_SOURCE` (legacy/trac#14821 and https://code.google.com/p/address-sanitizer/issues/detail?id=247) this combination is breaking Tor Browser compilation dire...While it is a known thing that ASan is not working particularly well with `FORTIFY_SOURCE` (legacy/trac#14821 and https://code.google.com/p/address-sanitizer/issues/detail?id=247) this combination is breaking Tor Browser compilation directly:
```
In file included from ../../dist/system_wrappers/sys/cdefs.h:3:0,
from /usr/include/features.h:346,
from ../../dist/system_wrappers/features.h:3,
from /home/ubuntu/install/gcc/include/c++/5.1.0/x86_64-unknown-linux-gnu/bits/os_defines.h:39,
from /home/ubuntu/install/gcc/include/c++/5.1.0/x86_64-unknown-linux-gnu/bits/c++config.h:482,
from /home/ubuntu/install/gcc/include/c++/5.1.0/cstddef:44,
from ../../dist/system_wrappers/cstddef:3,
from ../../dist/include/mozilla/Compiler.h:46,
from ../../dist/include/mozilla/Attributes.h:12,
from ../../dist/include/mozilla/Assertions.h:16,
from ../../dist/include/mozilla/ArrayUtils.h:14,
from /home/ubuntu/build/tor-browser/xpcom/threads/BackgroundHangMonitor.cpp:7,
from /home/ubuntu/build/tor-browser/obj-x86_64-unknown-linux-gnu/xpcom/threads/Unified_cpp_xpcom_threads0.cpp:2:
/usr/include/bits/string3.h: In member function 'void mozilla::ThreadStackHelper::FillThreadContext(void*)':
/usr/include/bits/string3.h:49:1: error: inlining failed in call to always_inline 'void* memcpy(void*, const void*, size_t) throw ()': function attribute mismatch
__NTH (memcpy (void *__restrict __dest, __const void *__restrict __src,
^
In file included from /home/ubuntu/build/tor-browser/obj-x86_64-unknown-linux-gnu/xpcom/threads/Unified_cpp_xpcom_threads0.cpp:29:0:
/home/ubuntu/build/tor-browser/xpcom/threads/ThreadStackHelper.cpp:730:66: error: called from here
&context.uc_mcontext.gregs[REG_R8], 8 * sizeof(int64_t));
^
make[5]: Leaving directory `/home/ubuntu/build/tor-browser/obj-x86_64-unknown-linux-gnu/xpcom/threads'
make[5]: *** [Unified_cpp_xpcom_threads0.o] Error 1
```
It is not clear why this is happening right now. We only workaround this problem by backporting
https://hg.mozilla.org/mozilla-central/rev/5e86358d4ec2
https://hg.mozilla.org/mozilla-central/rev/33e89c9a4172