Tor Browser issueshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues2022-11-30T15:19:24Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40207Tor Browser is writing to Windows registry on every start2022-11-30T15:19:24ZGeorg KoppenTor Browser is writing to Windows registry on every startI got a report from a cypherpunk:
```
https://gitlab.torproject.org/tpo/applications/tor-browser/-/wikis/Platform-Installation
Firefox is still writing to Windows Registry on every start:
Computer\HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firef...I got a report from a cypherpunk:
```
https://gitlab.torproject.org/tpo/applications/tor-browser/-/wikis/Platform-Installation
Firefox is still writing to Windows Registry on every start:
Computer\HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Launcher
There it stores all the paths TBB was started from.
That also allows an attacker to permanently disable Launcher Process
security feature, and even any hiccup can do/leads to it:
about:support
Launcher Process Disabled due to failure
```Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25916Disable MOZ_DISABLE_CONTENT_SANDBOX2023-07-12T14:12:39ZTom Rittertom@ritter.vgDisable MOZ_DISABLE_CONTENT_SANDBOXMOZ_DISABLE_CONTENT_SANDBOX can be used at runtime to disable the content sandbox. If an attacker can influence this, we're probably already sunk, but just like we disable the "Dump all your TLS Session Keys here please" environment var...MOZ_DISABLE_CONTENT_SANDBOX can be used at runtime to disable the content sandbox. If an attacker can influence this, we're probably already sunk, but just like we disable the "Dump all your TLS Session Keys here please" environment variable, we should disable this one too.Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/23664Deal with UUID for content sandbox temp folder on Windows and Mac2024-01-05T16:08:12ZGeorg KoppenDeal with UUID for content sandbox temp folder on Windows and Maccomment:56:ticket:16010 mentioned:
```
Very important side issue is that the sandboxing feature adds `security.sandbox.content.tempDirSuffix` pref which is a 128-bit GUID that allows to uniquely identify your copy of Tor Browser. It is p...comment:56:ticket:16010 mentioned:
```
Very important side issue is that the sandboxing feature adds `security.sandbox.content.tempDirSuffix` pref which is a 128-bit GUID that allows to uniquely identify your copy of Tor Browser. It is persistent and leaves unique traces on every machine you use in system %TEMP% folder.
```
We should find a good way dealing with that. Maybe a first start is to set the pref, so that every Windows user has the same sandbox temp dir name.Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/23362consider performing network operations in a dedicated process2023-01-05T16:13:48Zcypherpunksconsider performing network operations in a dedicated processESR59 will have approx. 8 processes, excluding content processes. And it makes sense to run them all in strong sandboxes without network access. To achieve this it could be helpful to discuss and coordinate this work with Mozilla in http...ESR59 will have approx. 8 processes, excluding content processes. And it makes sense to run them all in strong sandboxes without network access. To achieve this it could be helpful to discuss and coordinate this work with Mozilla in https://bugzilla.mozilla.org/show_bug.cgi?id=1322426.Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22985Can we simplify and clarify click-to-play of audio/video?2023-01-05T17:37:48ZArthur EdelsteinCan we simplify and clarify click-to-play of audio/video?Right now click-to-play of videos is quite cumbersome and has poor usability. For example on youtube, this is what I observe on Medium Security.
* On first page load, no video or audio is visible -- the video box is gray. A "musical not...Right now click-to-play of videos is quite cumbersome and has poor usability. For example on youtube, this is what I observe on Medium Security.
* On first page load, no video or audio is visible -- the video box is gray. A "musical notes" icon appears in the middle of the video box, and an "orbiting dots" indicator seems to indicate some problem loading. After a few seconds the video box goes black and it says "an error occured." Then after another few seconds the "musical notes" icon reappears.
* If I click on the "musical notes" icon, then a confirmation box appears, that says "Temporarily allow ... [URLs and codec gibberish]". If I click OK, then the whole page reloads. Again I get a gray video box with orbiting dots. This time there is a film canister icon in the middle of the dots.
* If I click on the film canister it says, "Temporarily allow [URL and more codec gibberish]". again I click OK, the page reloads and the video finally plays.
So here, click-to-play required two clicks and two reloads (plus confirmation clicks). Ideally it should require only one reload. The option to click to play the video should be much more clear (it should probably have the text "Click to Play"). The click-to-play button shouldn't disappear when the youtube page tries to re-load the video. If a confirmation prompt is to be shown, then it should clearly explain to the user that video/audio is about to be loaded, and what the security concerns are.Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22584More RWX memory pages for TBB on some Windows versions2022-11-30T16:58:09ZArthur EdelsteinMore RWX memory pages for TBB on some Windows versionsA cypherpunk has reported some RWX memory pages were observed for Tor Browser on Windows 7 and Windows 10. See:
* ticket:21617#comment:4
* ticket:21617#comment:7
* ticket:21617#comment:14A cypherpunk has reported some RWX memory pages were observed for Tor Browser on Windows 7 and Windows 10. See:
* ticket:21617#comment:4
* ticket:21617#comment:7
* ticket:21617#comment:14Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21961should torbrowser enable network.IDN_show_punycode by default?2024-02-07T09:04:16Zcypherpunksshould torbrowser enable network.IDN_show_punycode by default?Firefox and torbrowser do not show punycodes by default.
The attack vector is discussed here, including a demo:
https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/Firefox and torbrowser do not show punycodes by default.
The attack vector is discussed here, including a demo:
https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20955Tor Browser memory hardening2023-01-05T16:23:56ZArthur EdelsteinTor Browser memory hardeningHere's a parent ticket for memory hardening for Tor Browser.
See also notes at [[doc/TorBrowser/Hardening]]Here's a parent ticket for memory hardening for Tor Browser.
See also notes at [[doc/TorBrowser/Hardening]]Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20314Make SVG click-to-play and support fallback2023-01-05T17:03:20ZbugzillaMake SVG click-to-play and support fallbackCurrently TBB uses the worst option: entirely disabled. Even no white rectangle on a white background. It's not fair that videos have CTP, but images haven't. NoScript is most suitable now for this feature.Currently TBB uses the worst option: entirely disabled. Even no white rectangle on a white background. It's not fair that videos have CTP, but images haven't. NoScript is most suitable now for this feature.Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17509Write a patch for additional -ldl needed when compiling Tor Browser with ASan...2023-01-05T16:58:29ZGeorg KoppenWrite a patch for additional -ldl needed when compiling Tor Browser with ASan and GCC 5This is a reminder to investigate and write a patch for https://bugzilla.mozilla.org/show_bug.cgi?id=1213698.This is a reminder to investigate and write a patch for https://bugzilla.mozilla.org/show_bug.cgi?id=1213698.Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42143do something about autoconfig.js / cfg / js?2024-03-18T14:53:47ZThorindo something about autoconfig.js / cfg / js?e.g. https://github.com/mullvad/mullvad-browser/issues/137#issuecomment-1742215179
Things
- tweak about:config interstitial
- lock prefs where appropriate
- do something with user.js?
- do something with userChrome/content? (there is a ...e.g. https://github.com/mullvad/mullvad-browser/issues/137#issuecomment-1742215179
Things
- tweak about:config interstitial
- lock prefs where appropriate
- do something with user.js?
- do something with userChrome/content? (there is a pref we can lock)
- UX stuff (education, remove dead UI)
and now do something with autoconfig.js? I don't think we have an issue for this, so here it is. Maybe we can make this a meta. As for the autoconfig, I think tom had/has an issue on this upstream as a security concern
edit: another example: https://old.reddit.com/r/firefox/comments/16x7qbq/cant_disable_sponsored_shortcuts_on_home_screen/
- do we protect the user here against 3rd party software meddling with settings? - cc: @pierovhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42140disable windows.sizeToContent()2024-01-18T15:10:01ZThorindisable windows.sizeToContent()[1600400](https://bugzilla.mozilla.org/show_bug.cgi?id=1600400) Consider dropping support for Window.sizeToContent()
- unexposed in nightly FF117+
- disabled in FF120+
- `dom.window.sizeToContent.enabled`
from 1600400
> This is a Gecko ...[1600400](https://bugzilla.mozilla.org/show_bug.cgi?id=1600400) Consider dropping support for Window.sizeToContent()
- unexposed in nightly FF117+
- disabled in FF120+
- `dom.window.sizeToContent.enabled`
from 1600400
> This is a Gecko specific API, it is user-hostile (it allows a web page to resize the browser window, potentially allowing for things like hiding the URL bar), it relies on window.opener and the number of tabs in the current window for its functionality, and is currently implemented incorrectly in Fission (in that it is exposed to third-party iframes when running in Fission mode).
easy peasy :surfer:https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41769TTP-02-007 WP1: Missing about: pages in shouldShowTorConnect check (Info)2023-10-19T14:31:53ZrichardTTP-02-007 WP1: Missing about: pages in shouldShowTorConnect check (Info)>>>
## Description:
It was discovered that the `about:welcome`, `about:privatebrowsing`, and `about:home` pages are not redirecting to about:tor when they are accessed by a user who has not connected to Tor yet.
While this behavior does...>>>
## Description:
It was discovered that the `about:welcome`, `about:privatebrowsing`, and `about:home` pages are not redirecting to about:tor when they are accessed by a user who has not connected to Tor yet.
While this behavior does not present any immediate security risk, it can potentially cause confusion or alarm users who may access these pages before being connected to the Tor network. To ensure consistency across all about: pages, it is recommended to deploy relevant changes.
## Affected file:
`browser/base/content/utilityOverlay.js`
## Affected code:
```javascript
if (TorConnect.shouldShowTorConnect) {
if (
url === "about:tor" ||
(url === "about:newtab" &&
Services.prefs.getBoolPref("browser.newtabpage.enabled", false))
) {
url = TorConnect.getRedirectURL(url) ;
}
}
```
In order to reproduce this issue, simply open the Tor Browser, access `about:home` and
note that the page does not perform an automated redirection to `about:tor`.
To mitigate the problem, Cure53 advises including additional checks to validate whether
the URL matches `about:welcome`, `about:privatebrowsing` or about:home. If a match is
found, the page should be redirected to `about:tor`.
>>>henryhenryhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41768TTP-02-005 WP1: Redirect to about:blank hides the new Tor Circuit button (Info)2023-10-19T14:33:23ZrichardTTP-02-005 WP1: Redirect to about:blank hides the new Tor Circuit button (Info)>>>
## Description:
It is possible to hide the **Tor Circuit** button from the address bar for a given tab by listening to the `onbeforeunload` event and redirecting the page to `about:blank` when the event is triggered.
If a user attem...>>>
## Description:
It is possible to hide the **Tor Circuit** button from the address bar for a given tab by listening to the `onbeforeunload` event and redirecting the page to `about:blank` when the event is triggered.
If a user attempts to reset their identity by clicking on the **New Tor circuit for this site** option, the navigation can be hijacked by the attacker's script. A blank page will be displayed as a consequence. If the user attempts to navigate back to the previous page using the Back button, the **Tor Circuit** button will not be displayed in the address bar.
Similarly to [TTP-02-002](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41767), this issue was found not to pose any immediate security risk and is included as **Info** only.
## PoC:
```html
<script>
let status;
onbeforeunload = () => {
status = true;
}
let timer = setInterval(() => {
if (status) {
status = false;
clearInterval (timer) ;
location = "about:blank";
}
}, 1);
</script>
```
# Steps to reproduce:
1. Open the Tor Browser and connect to it.
2. Save the PoC above as an HTML file and open it in the browser.
3. Click on the **Tor Circuit** button and then on the **New Tor circuit for this** site option.
4. The page will be redirected to `about:blank`.
5. Click on the **Back** option and observe that the **Tor Circuit button** is hidden for this page.
To mitigate this issue, Cure53 advises applying the same mitigation as specified in the [TTP-02-002](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41767) ticket. Given these issues seem to be related and they might share the same root cause, it is recommended to consider and address them together.
>>>https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41767TTP-02-002 WP1: Redirect prevents switching to new Tor Circuit (Info)2024-03-12T12:05:59ZrichardTTP-02-002 WP1: Redirect prevents switching to new Tor Circuit (Info)>>>
## Description:
It was discovered that navigation initiated through the new Tor Circuit feature can be hijacked. This can be accomplished by redirecting the current website to a cached page immediately after the Tor Circuit switch st...>>>
## Description:
It was discovered that navigation initiated through the new Tor Circuit feature can be hijacked. This can be accomplished by redirecting the current website to a cached page immediately after the Tor Circuit switch starts. As a result, the attacker-initiated navigation occurs before the Tor Circuit's browser-initiated navigation and, subsequently, the next step is canceled.
An attacker could exploit this vulnerability to prevent users from switching circuits while browsing a malicious webpage. Although this prevents the user from changing their Tor Circuit, it was concluded that this does not pose any immediate security risk, and as such, the severity mark was appropriately set at Info.
## PoC:
```html
<?php header ("cache-control: max-age=604800") ;
header ("Age: 100"); 2>
<html>
<script>
let status = false;
onbeforeunload = () => {
status = true;
}
let timer = setInterval(() => {
if (status) {
status = false;
clearInterval (timer);
location.href = location.href;
}
}, 1);
</script>
</html>
```
## Steps to reproduce:
1. Open the Tor Browser and connect to it.
2. Save the PoC above as a PHP file and serve it through a PHP server.
3. Access the file a few times through the Tor Browser to make sure it gets cached by the browser.
4. Click on the **Tor Circuit** button and then on the** New Tor circuit for this site** option.
5. The page will quickly be reloaded but the Circuit will remain the same.
To mitigate this issue, Cure53 advises forcing the navigation initiated by the new **Tor Circuit** feature to be completed. Cancellation of a user-initiated navigation is ill-advised in this scenario. However, during the testing phase, the team was unable to pinpoint the specific code responsible for this issue. As a result, the mitigation advice provided is currently incomplete.
>>>https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41553Tor Browser requires D-Bus' /etc/machine-id on Arch Linux2023-01-05T14:21:15ZTracTor Browser requires D-Bus' /etc/machine-id on Arch LinuxHello Tor developers,
I have been playing with firejail to harden the Tor Browser on Arch Linux. And I've noticed, that when creating a private /etc folder with only the minimal required files, the file /etc/machine-id is necessary or t...Hello Tor developers,
I have been playing with firejail to harden the Tor Browser on Arch Linux. And I've noticed, that when creating a private /etc folder with only the minimal required files, the file /etc/machine-id is necessary or the Firefox in Tor Browser will segfault.
http://0pointer.de/public/systemd-man/machine-id.html
> The machine ID is usually generated from a random source during system installation and stays constant for all subsequent boots.
This could be a potential issue, when tor browser gets exploited and someone can uniquely identify the host machine with that ID.
Maybe it would be feasible to build Firefox without the D-Bus dependency on Linux to solve this?
Related firejail ticket:
https://github.com/netblue30/firejail/issues/955
Thanks for making Tor!
**Trac**:
**Username**: robotanarchyhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41537Yubikeys do not work for .onion pages2022-12-20T16:20:14ZrichardYubikeys do not work for .onion pagesReported by @lavamind, the fix for this should possible by part of the 'Bug 23247: Communicating security expectations for .onion' patch, or maybe as a standalone for eventual uplift.
`security.webauth.webauthn` needs to be `true` for y...Reported by @lavamind, the fix for this should possible by part of the 'Bug 23247: Communicating security expectations for .onion' patch, or maybe as a standalone for eventual uplift.
`security.webauth.webauthn` needs to be `true` for yubikeys in general to work (see tor-browser#26614)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41235Rate limit gyroscope sampling frequency on FF mobile2022-11-30T14:52:17ZMike PerryRate limit gyroscope sampling frequency on FF mobileBy the time we get around to an official mobile port, we should double-check that Mozilla has reduced the sampling rate of the gyroscope on Android:
http://crypto.stanford.edu/gyrophone/files/gyromic.pdfBy the time we get around to an official mobile port, we should double-check that Mozilla has reduced the sampling rate of the gyroscope on Android:
http://crypto.stanford.edu/gyrophone/files/gyromic.pdfhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41212Fix startup crash in debug build when installing noscript2022-09-01T22:36:57ZAlex CatarineuFix startup crash in debug build when installing noscript```
2020-10-30 16:29:12.038 10759-10759/org.torproject.torbrowser_debug D/StrictMode: StrictMode policy violation; ~duration=175 ms: android.os.strictmode.DiskWriteViolation
at android.os.StrictMode$AndroidBlockGuardPolicy.onWrit...```
2020-10-30 16:29:12.038 10759-10759/org.torproject.torbrowser_debug D/StrictMode: StrictMode policy violation; ~duration=175 ms: android.os.strictmode.DiskWriteViolation
at android.os.StrictMode$AndroidBlockGuardPolicy.onWriteToDisk(StrictMode.java:1552)
at libcore.io.BlockGuardOs.open(BlockGuardOs.java:252)
at libcore.io.ForwardingOs.open(ForwardingOs.java:166)
at android.app.ActivityThread$AndroidOs.open(ActivityThread.java:7542)
at libcore.io.IoBridge.open(IoBridge.java:478)
at java.io.FileOutputStream.<init>(FileOutputStream.java:236)
at java.io.FileOutputStream.<init>(FileOutputStream.java:186)
at org.mozilla.fenix.components.TorBrowserFeatures.installNoScript(TorBrowserFeatures.kt:33)
at org.mozilla.fenix.components.TorBrowserFeatures.install(TorBrowserFeatures.kt:96)
at org.mozilla.fenix.components.Core$engine$2.invoke(Core.kt:121)
at org.mozilla.fenix.components.Core$engine$2.invoke(Core.kt:78)
at kotlin.SynchronizedLazyImpl.getValue(LazyJVM.kt:74)
at org.mozilla.fenix.components.Core.getEngine(Unknown Source:2)
at org.mozilla.fenix.FenixApplication.setupInMainProcessOnly(FenixApplication.kt:150)
at org.mozilla.fenix.FenixApplication.onCreate(FenixApplication.kt:96)
at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1192)
at android.app.ActivityThread.handleBindApplication(ActivityThread.java:6712)
at android.app.ActivityThread.access$1300(ActivityThread.java:237)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1913)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loop(Looper.java:223)
at android.app.ActivityThread.main(ActivityThread.java:7656)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:592)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:947)
2020-10-30 16:29:12.039 10759-10759/org.torproject.torbrowser_debug E/AndroidRuntime: FATAL EXCEPTION: main
Process: org.torproject.torbrowser_debug, PID: 10759
java.lang.RuntimeException: StrictMode ThreadPolicy violation
at android.os.StrictMode$AndroidBlockGuardPolicy.onThreadPolicyViolation(StrictMode.java:1813)
at android.os.StrictMode$AndroidBlockGuardPolicy.lambda$handleViolationWithTimingAttempt$0$StrictMode$AndroidBlockGuardPolicy(StrictMode.java:1727)
at android.os.-$$Lambda$StrictMode$AndroidBlockGuardPolicy$9nBulCQKaMajrWr41SB7f7YRT1I.run(Unknown Source:6)
at android.os.Handler.handleCallback(Handler.java:938)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:223)
at android.app.ActivityThread.main(ActivityThread.java:7656)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:592)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:947)
Caused by: android.os.strictmode.DiskWriteViolation
at android.os.StrictMode$AndroidBlockGuardPolicy.onWriteToDisk(StrictMode.java:1552)
at libcore.io.BlockGuardOs.open(BlockGuardOs.java:252)
at libcore.io.ForwardingOs.open(ForwardingOs.java:166)
at android.app.ActivityThread$AndroidOs.open(ActivityThread.java:7542)
at libcore.io.IoBridge.open(IoBridge.java:478)
at java.io.FileOutputStream.<init>(FileOutputStream.java:236)
at java.io.FileOutputStream.<init>(FileOutputStream.java:186)
at org.mozilla.fenix.components.TorBrowserFeatures.installNoScript(TorBrowserFeatures.kt:33)
at org.mozilla.fenix.components.TorBrowserFeatures.install(TorBrowserFeatures.kt:96)
at org.mozilla.fenix.components.Core$engine$2.invoke(Core.kt:121)
at org.mozilla.fenix.components.Core$engine$2.invoke(Core.kt:78)
at kotlin.SynchronizedLazyImpl.getValue(LazyJVM.kt:74)
at org.mozilla.fenix.components.Core.getEngine(Unknown Source:2)
at org.mozilla.fenix.FenixApplication.setupInMainProcessOnly(FenixApplication.kt:150)
at org.mozilla.fenix.FenixApplication.onCreate(FenixApplication.kt:96)
at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1192)
at android.app.ActivityThread.handleBindApplication(ActivityThread.java:6712)
at android.app.ActivityThread.access$1300(ActivityThread.java:237)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1913)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loop(Looper.java:223)
at android.app.ActivityThread.main(ActivityThread.java:7656)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:592)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:947)
2020-10-30 16:29:12.040 10759-10759/org.torproject.torbrowser_debug E/ExceptionHandler: Uncaught exception handled:
java.lang.RuntimeException: StrictMode ThreadPolicy violation
at android.os.StrictMode$AndroidBlockGuardPolicy.onThreadPolicyViolation(StrictMode.java:1813)
at android.os.StrictMode$AndroidBlockGuardPolicy.lambda$handleViolationWithTimingAttempt$0$StrictMode$AndroidBlockGuardPolicy(StrictMode.java:1727)
at android.os.-$$Lambda$StrictMode$AndroidBlockGuardPolicy$9nBulCQKaMajrWr41SB7f7YRT1I.run(Unknown Source:6)
at android.os.Handler.handleCallback(Handler.java:938)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:223)
at android.app.ActivityThread.main(ActivityThread.java:7656)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:592)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:947)
Caused by: android.os.strictmode.DiskWriteViolation
at android.os.StrictMode$AndroidBlockGuardPolicy.onWriteToDisk(StrictMode.java:1552)
at libcore.io.BlockGuardOs.open(BlockGuardOs.java:252)
at libcore.io.ForwardingOs.open(ForwardingOs.java:166)
at android.app.ActivityThread$AndroidOs.open(ActivityThread.java:7542)
at libcore.io.IoBridge.open(IoBridge.java:478)
at java.io.FileOutputStream.<init>(FileOutputStream.java:236)
at java.io.FileOutputStream.<init>(FileOutputStream.java:186)
at org.mozilla.fenix.components.TorBrowserFeatures.installNoScript(TorBrowserFeatures.kt:33)
at org.mozilla.fenix.components.TorBrowserFeatures.install(TorBrowserFeatures.kt:96)
at org.mozilla.fenix.components.Core$engine$2.invoke(Core.kt:121)
at org.mozilla.fenix.components.Core$engine$2.invoke(Core.kt:78)
at kotlin.SynchronizedLazyImpl.getValue(LazyJVM.kt:74)
at org.mozilla.fenix.components.Core.getEngine(Unknown Source:2)
at org.mozilla.fenix.FenixApplication.setupInMainProcessOnly(FenixApplication.kt:150)
at org.mozilla.fenix.FenixApplication.onCreate(FenixApplication.kt:96)
at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1192)
at android.app.ActivityThread.handleBindApplication(ActivityThread.java:6712)
at android.app.ActivityThread.access$1300(ActivityThread.java:237)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1913)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loop(Looper.java:223)
at android.app.ActivityThread.main(ActivityThread.java:7656)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:592)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:947)
```https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41131Review Mozilla 1738983: Enable Background Update by default on Release starti...2022-12-09T14:40:46ZrichardReview Mozilla 1738983: Enable Background Update by default on Release starting in FX96## https://bugzilla.mozilla.org/show_bug.cgi?id=1738983
Updater changes, odds are you're already aware and handled in the rebase already## https://bugzilla.mozilla.org/show_bug.cgi?id=1738983
Updater changes, odds are you're already aware and handled in the rebase already