Tor Browser issueshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues2023-12-18T13:51:55Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41988Tor Browser history leaked to syslogs via GNOME2023-12-18T13:51:55ZhonortonTor Browser history leaked to syslogs via GNOME### Summary
Tab titles are sometimes logged by GNOME to `/var/log/syslog`, effectively causing browsing habits to persist on the system, even after closing Tor Browser. As Tor Browser does not save history by default, many users will not...### Summary
Tab titles are sometimes logged by GNOME to `/var/log/syslog`, effectively causing browsing habits to persist on the system, even after closing Tor Browser. As Tor Browser does not save history by default, many users will not expect this.
### Steps to reproduce:
1. Open a new Tor Browser window.
2. (optional) "Connect" to the Tor network and navigate to an arbitrary website.
3. Press the Super key (default) to open the GNOME activities menu.
4. Review syslog via `cat /var/log/syslog | grep -i "browser"`
### What is the current bug behavior?
I see results containing Tor Browser tab titles, such as the titles of opened websites.
### What is the expected behavior?
I expect not to see my visited website titles in any system file without my authorization.
More strongly, I don't expect GNOME (which may log all sorts of things) to require access to my visited website titles.
### Environment
- OS Version: Pop! OS 22.04
- GNOME Shell Version: 3.38.6
- Tor Browser Version: 12.5.2
- Tor Browser Installation Method: "Linux" binary from `https://www.torproject.org/download/`
### Relevant logs and/or screenshots
```
[/var/log/syslog]
[snip]
Aug 9 11:23:52 pop-os gnome-shell[2864]: Couldn't find child [0x5558d69f7880 Gjs_ui_windowPreview_WindowPreview ("cute cats at DuckDuckGo — Tor Browser")] in window slots
Aug 9 11:23:53 pop-os gnome-shell[2864]: Couldn't find child [0x5558d69f7880 Gjs_ui_windowPreview_WindowPreview:first-child last-child ("cute cats at DuckDuckGo — Tor Browser")] in window slots
Aug 9 11:27:28 pop-os gnome-shell[2864]: Couldn't find child [0x5558da9ea870 Gjs_ui_windowPreview_WindowPreview:first-child last-child ("[Wayland] [3.38.3] Shell freezes/stops reacting to most input (#3706) · Issues · GNOME / gnome-shell · GitLab — Tor Browser")] in window slots
Aug 9 11:27:31 pop-os gnome-shell[2864]: Couldn't find child [0x5558da9ea870 Gjs_ui_windowPreview_WindowPreview:first-child last-child ("[Wayland] [3.38.3] Shell freezes/stops reacting to most input (#3706) · Issues · GNOME / gnome-shell · GitLab — Tor Browser")] in window slots
[snip]
```Pier Angelo VendramePier Angelo Vendrame2023-11-13https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42418TorBrowser leave trace on the Windows Event Log by default and there is no wa...2024-03-05T13:50:25ZcypherpunksTorBrowser leave trace on the Windows Event Log by default and there is no way to stop this!To be clear, Mozilla Firefox does same thing.
Steps.
1. Launch Tor Browser latest
2. Open "eventvwr.ms" (The event viewer of Windows)
3. Open "Windows Logs/Application"
You'll see tons of:
```
The description for Event ID 5 from sourc...To be clear, Mozilla Firefox does same thing.
Steps.
1. Launch Tor Browser latest
2. Open "eventvwr.ms" (The event viewer of Windows)
3. Open "Windows Logs/Application"
You'll see tons of:
```
The description for Event ID 5 from source Tor Browser Launcher cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
```https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41685macOS can open links in new tabs when set as default browser (despite remotin...2023-03-21T14:30:03ZrichardmacOS can open links in new tabs when set as default browser (despite remoting being disabled)Haven't had a chance to debug too deeply, but the best guess is that the relevant code path is here:
- https://searchfox.org/mozilla-central/source/toolkit/components/remote/nsMacRemoteServer.mm#34
This code should likely be checking fo...Haven't had a chance to debug too deeply, but the best guess is that the relevant code path is here:
- https://searchfox.org/mozilla-central/source/toolkit/components/remote/nsMacRemoteServer.mm#34
This code should likely be checking for the MOZ_NO_REMOTE env variable or something at that entry point and bailing early if it is present. I'm 90% sure this is an upstream bug so we should uplift once we have a patch.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41467compat: always return true for navigator.beacon but disable the API2024-03-19T17:45:33ZThorincompat: always return true for navigator.beacon but disable the APIfrom https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40783#note_2854455
> - [x] `beacon.enabled` **very interesting**
References
- https://developer.mozilla.org/en-US/docs/Web/API/Navigator/sendBeacon
- https://gitla...from https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40783#note_2854455
> - [x] `beacon.enabled` **very interesting**
References
- https://developer.mozilla.org/en-US/docs/Web/API/Navigator/sendBeacon
- https://gitlab.com/librewolf-community/browser/source/-/issues/83 - an example of known site breakage (edit: with beacon disabled)
- https://searchfox.org/mozilla-central/source/dom/base/Navigator.cpp#1138-1179 - where to patch?
@tom seems trivial. Edit: IDK if the above would cause more breakage than it solves (edit: i.e vs just having beacon disabled)
@pierov why is this **very interesting** (I have my own thoughts, want to hear yours)?https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41403Some visited addresses are stored inside notificationstore.json in the profil...2023-01-05T18:05:48Zcypherpunks1Some visited addresses are stored inside notificationstore.json in the profile folderMight be related: https://bugzilla.mozilla.org/show_bug.cgi?id=1095073
The file persists after closing the browser.
Visiting the following address can create one if it doesn't exist:
https://privacycheck.sec.lrz.de/active/fp_fd/fp_fea...Might be related: https://bugzilla.mozilla.org/show_bug.cgi?id=1095073
The file persists after closing the browser.
Visiting the following address can create one if it doesn't exist:
https://privacycheck.sec.lrz.de/active/fp_fd/fp_feature_detection.html
The file will get bigger after each visit. That doesn't seem secure.Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41373subpixels: radiusX and radiusY affected by retina display in synthesized touc...2023-11-04T01:28:33Zrichardsubpixels: radiusX and radiusY affected by retina display in synthesized touch eventsTouch Events on macOS indirectly leak user's screen DPI.
Original discussion: https://gitlab.torproject.org/legacy/trac/-/issues/10286
Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1364969
There has not been any traction upstr...Touch Events on macOS indirectly leak user's screen DPI.
Original discussion: https://gitlab.torproject.org/legacy/trac/-/issues/10286
Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1364969
There has not been any traction upstream for quite awhile, so we should consider fixing this ourselve and upstreaming.Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41362Browser Update Messaging2023-01-05T18:04:44ZGetAfterItBrowser Update MessagingTor Browser 11.5.2 (based on Mozilla Firefox 91.13.0esr) (64-bit), Extended Support Release, MacOS 12.6
I have the Tor Browser automatic connection turned off, so I need to click the "Connect" button each time I open the application.
F...Tor Browser 11.5.2 (based on Mozilla Firefox 91.13.0esr) (64-bit), Extended Support Release, MacOS 12.6
I have the Tor Browser automatic connection turned off, so I need to click the "Connect" button each time I open the application.
For each scenario below, assume I don't know there's an update available.
Scenario 1. I don’t connect to the Tor network, but am connected to the internet. When I check the About Tor Browser section, it appears to automatically check for an update and I get the green check mark “Tor browser is up to date” message.
Scenario 2. I am unknowingly disconnected from the internet (ISP issue, router issue, etc), launch the Tor Browser, and access the About Tor section. Same as above, it appears to automatically check for an update and I get the green check mark “Tor browser is up to date” message.
Scenario 3. I launch Tor Browser, click “Connect”, check the About Tor Browser section, and the automatic update finds the new version, then applies it.
> Question: If an update isn’t actually being requested or the update server is not successfully reached, could the messaging be changed to reflect that?Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41349Reimplement "Bug 40309: Avoid using regional OS locales" in a better way2023-12-11T14:47:14ZPier Angelo VendrameReimplement "Bug 40309: Avoid using regional OS locales" in a better wayOur patch has been accepted by Mozilla, except that another person found possible problems with it after it was accepted: https://bugzilla.mozilla.org/show_bug.cgi?id=1746668#c18.
So, I did not ask to land it, and we should write an imp...Our patch has been accepted by Mozilla, except that another person found possible problems with it after it was accepted: https://bugzilla.mozilla.org/show_bug.cgi?id=1746668#c18.
So, I did not ask to land it, and we should write an improved patch for it.Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41235Rate limit gyroscope sampling frequency on FF mobile2022-11-30T14:52:17ZMike PerryRate limit gyroscope sampling frequency on FF mobileBy the time we get around to an official mobile port, we should double-check that Mozilla has reduced the sampling rate of the gyroscope on Android:
http://crypto.stanford.edu/gyrophone/files/gyromic.pdfBy the time we get around to an official mobile port, we should double-check that Mozilla has reduced the sampling rate of the gyroscope on Android:
http://crypto.stanford.edu/gyrophone/files/gyromic.pdfhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41157Review Mozilla 1765375: GeckoView handling of secondary OS languages [when la...2022-11-29T12:35:04ZThorinReview Mozilla 1765375: GeckoView handling of secondary OS languages [when landed]https://bugzilla.mozilla.org/show_bug.cgi?id=1765375
IIRC, @sysrqb added a patch to return `en-US, en` same as desktop
`Android` label pleasehttps://bugzilla.mozilla.org/show_bug.cgi?id=1765375
IIRC, @sysrqb added a patch to return `en-US, en` same as desktop
`Android` label pleaseSponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41116Review Mozilla 1226042: add support for the new 'system-ui' generic font family2024-03-06T08:59:35ZrichardReview Mozilla 1226042: add support for the new 'system-ui' generic font family## https://bugzilla.mozilla.org/show_bug.cgi?id=1226042
Added a default system-ui font in FF92. We should make sure this doesn't interfere with any of our font-related patches, particularly our patch for tor-browser#41043## https://bugzilla.mozilla.org/show_bug.cgi?id=1226042
Added a default system-ui font in FF92. We should make sure this doesn't interfere with any of our font-related patches, particularly our patch for tor-browser#41043Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41091Segmentation fault on Alpine Linux2022-08-02T14:34:04ZMarek Küthem.k@mk16.deSegmentation fault on Alpine LinuxHello,
I am trying to run the Tor Browser on Alpine Linux in a VM. Unfortunately, the program would not start at the beginning. After installing some packages it worked: `apk add build-base gcompat libc6-compact`
Now the following error...Hello,
I am trying to run the Tor Browser on Alpine Linux in a VM. Unfortunately, the program would not start at the beginning. After installing some packages it worked: `apk add build-base gcompat libc6-compact`
Now the following error message appears:
```
./start-tor-browser --verbose
mozilla::detail::MutexImpl::MutexImpl: pthread_mutexattr_settype failed: Invalid argument
./start-tor-browser: line 362: 4658 Segmentation fault TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" -profile TorBrowser/Data/Browser/profile.default "${@}" < /dev/null
```
How can I start the Tor Browser?https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40943Disable bookmark backups2022-11-30T18:34:03ZcypherpunksDisable bookmark backupsTor browser shouldn't backup bookmarks at all and even when bookmarks are deleted, old backups remain in:
/Browser/TorBrowser/Data/Browser/profile.default/bookmarkbackupsTor browser shouldn't backup bookmarks at all and even when bookmarks are deleted, old backups remain in:
/Browser/TorBrowser/Data/Browser/profile.default/bookmarkbackupshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40904Fix the problems with Geckoview's merge_aars phase2022-07-09T20:39:27ZPier Angelo VendrameFix the problems with Geckoview's merge_aars phaseIn tor-browser-build#40446, we found that Mozilla changed the way they merge the architecture-specific `.aar`.
We opened a [Bugzilla issue](https://bugzilla.mozilla.org/show_bug.cgi?id=1763770) about it.
Mozilla folks are willing to up...In tor-browser-build#40446, we found that Mozilla changed the way they merge the architecture-specific `.aar`.
We opened a [Bugzilla issue](https://bugzilla.mozilla.org/show_bug.cgi?id=1763770) about it.
Mozilla folks are willing to uplift a patch written by us... so we should either create one that is better than our current one, or try to produce local artifacts.
The artifact build system seems not to be compatible with the debugging options (accordingly to Firefox's documentation), but we may introduce architecture-specific builds without the `merge_aars` phase for when we want to create debug builds (tor-browser-build#40116). It is desirable, because:
1. they're much faster to produce
2. and merging AARs that have embedded debug symbols is extremely memory-intensive and time-consuming (my PC has 40GB of memory and I've never managed to complete this step, which took more than 1 hour to fail).https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40789Uplift candidates2024-01-18T17:25:35ZPier Angelo VendrameUplift candidatesWhile working on #40562, we found possible candidates for uplift (see also !242):
| Subject | Status | Hash | Bugzilla link | Other notes |
|--|--|--|--|--|
| Bug 27604: Fix addon issues when moving TB directory | **Stuck**: the review...While working on #40562, we found possible candidates for uplift (see also !242):
| Subject | Status | Hash | Bugzilla link | Other notes |
|--|--|--|--|--|
| Bug 27604: Fix addon issues when moving TB directory | **Stuck**: the review process started, the concern were addressed, but then the reviewer stopped answering; I offered volunteer to continue the process | 171f4c442dc56330701b6739ca67d77f822f157d | https://bugzilla.mozilla.org/show_bug.cgi?id=1429838 | Check if this happens in vanilla Firefox, first (it does in v99, accordingly to one of the comments in Bugzilla) |
| ~~Bug 23104: Add a default line height compensation~~ | Maybe to drop | 16344ab08a14991a847b5e2074ec9402d1a9e34a | https://bugzilla.mozilla.org/show_bug.cgi?id=1397994 | See #40919 |
| Bug 40432: Prevent probing installed applications | Added our patch as a comment, waiting to see if Mozilla does anything about it. | 4eecc98f45123e84613ae114be514bb24cc9dd6d | https://bugzilla.mozilla.org/show_bug.cgi?id=1711084#c15 | The proof of concept has different code for Tor Browser, so Firefox may need a different correction |
| Bug 14631: Improve profile access error messages. | Our patch needs some rework before trying to upstream | b8c165c831d75dda993d0c0014fa0572898516eb | | At the moment it depends on TorStrings |
| Bug 41116: Normalize system fonts. | Sent the first patch, which modified also the chrome. To send the patch after #41356 | (not a complete commit, yet) | https://bugzilla.mozilla.org/show_bug.cgi?id=1787790 | Remove the Arimo part. |
| Bug 40309: Avoid using regional OS locales | Approved, but not landed | 20484f4dd459193ade56d451490738dec35404ff | https://bugzilla.mozilla.org/show_bug.cgi?id=1746668 | See #41349 |
||||||
| Bug 18800: Remove localhost DNS lookup in nsProfileLock.cpp | **Uplifted** :tada: | 535df0bb8a22d0d033cd8e365a25af8b0e999cac | https://bugzilla.mozilla.org/show_bug.cgi?id=1769028 | Possible proxy bypass; the patch code has a comment with its possible disadvantages; the uplift will keep Mozilla's code, but place if in an `ifndef` that checks if proxy bypass protection was requested |
| Bug 32418: Allow updates to be disabled via an enterprise policy. | **Uplifted** :tada: | 893bfa4fe8ed73438232452f2cbe55df23087f14 | https://bugzilla.mozilla.org/show_bug.cgi?id=1769030 | |
| Bug 21830: Copying large text from web console leaks to /tmp | **Uplifted** :tada: | 644050026ea632d273f06f4a0a71e17f69fe7c41 | https://bugzilla.mozilla.org/show_bug.cgi?id=1768907 | Verified with a debugger, still happens without the patch |
| Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots | **Rejected**: basically Moz said "if users change these prefs, the're on their own" | 68d1e9b13e184a515ae8f97828027c1490b91c4a | https://bugzilla.mozilla.org/show_bug.cgi?id=1768899 | Without the 000-tor-browser.js part (that #40562 moves to TB4) |
| ~~Bug 16620: Clear window.name when no referrer sent~~ | **Dropped** by us | fc23a5dda8ec179e81eb2c236e7898932bd0f1c7 |||
| ~~Bug 32220: Improve the letterboxing experience~~ | **Dropped** by us | 18ab13ec8ad309bb6bf0a18ea0ceb1e99af8047c | https://bugzilla.mozilla.org/show_bug.cgi?id=1594455 | We should uplift ma1's great work instead |Sponsor 131 - Phase 5 - Ongoing MaintenancePier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40171Make WebRequest and GeckoWebExecutor First-Party aware2022-11-30T14:43:41ZMatthew FinkelMake WebRequest and GeckoWebExecutor First-Party awareGeckoWebExecutor, and WebRequest, are only aware of the request URL, but they don't have necessary context for setting first-party origin attributes.
https://searchfox.org/mozilla-beta/source/widget/android/WebExecutorSupport.cpp#360
`...GeckoWebExecutor, and WebRequest, are only aware of the request URL, but they don't have necessary context for setting first-party origin attributes.
https://searchfox.org/mozilla-beta/source/widget/android/WebExecutorSupport.cpp#360
```cpp
nsresult WebExecutorSupport::CreateStreamLoader(
java::WebRequest::Param aRequest, int32_t aFlags,
java::GeckoResult::Param aResult) {
const auto req = java::WebRequest::LocalRef(aRequest);
const auto reqBase = java::WebMessage::LocalRef(req.Cast<java::WebMessage>());
nsCOMPtr<nsIURI> uri;
nsresult rv = NS_NewURI(getter_AddRefs(uri), reqBase->Uri()->ToString());
NS_ENSURE_SUCCESS(rv, NS_ERROR_MALFORMED_URI);
nsCOMPtr<nsIChannel> channel;
rv = NS_NewChannel(getter_AddRefs(channel), uri,
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
nsIContentPolicy::TYPE_OTHER);
NS_ENSURE_SUCCESS(rv, rv);
if (aFlags & java::GeckoWebExecutor::FETCH_FLAGS_ANONYMOUS) {
channel->SetLoadFlags(nsIRequest::LOAD_ANONYMOUS);
}
nsCOMPtr<nsICookieJarSettings> cookieJarSettings =
CookieJarSettings::Create();
MOZ_ASSERT(cookieJarSettings);
nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
loadInfo->SetCookieJarSettings(cookieJarSettings);
// setup http/https specific things
nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(channel, &rv));
if (httpChannel) {
rv = SetupHttpChannel(httpChannel, channel, aRequest);
NS_ENSURE_SUCCESS(rv, rv);
}
```
I'll open a bugzilla ticket for this, too.Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40145Investigate alt-svc validation and cache eviction2023-11-27T08:30:55ZMatthew FinkelInvestigate alt-svc validation and cache evictionAfter connecting to a site that sends an alt-svc onion header (such as a site fronted by Cloudflare), Tor Browser receives an alt-svc. When Firefox receives an alt-svc, it establishes a connection with it as verification that it is usefu...After connecting to a site that sends an alt-svc onion header (such as a site fronted by Cloudflare), Tor Browser receives an alt-svc. When Firefox receives an alt-svc, it establishes a connection with it as verification that it is useful and usable. There seems to be a bug in Firefox (or Tor Browser) where this verification continues indefinitely, regardless of whether the original site is still open.
I'm not sure if this is because every response from Cloudflare's IP address site may return a different alt-srv, and Tor Browser connects with the IP address when the alt-srv connection fails or the connection cache is bypassed, therefore Tor Browser creates a very long lists of sites it should contact and verify. Or, maybe Tor Browser enters an infinite loop (or finite but sufficiently large in size) of testing the alt-srv's in its list, and never marks them as valid. I'm not sure why this is happening.
However, the most problematic and concerning result is that Tor Browser continually tries connecting with these sites long after any tabs for that site are closed.Tor Browser: 11.0 Issues with previous releasehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40029Use Windows firefox shortcuts on non-Windows platform2022-11-29T16:02:15ZranyUse Windows firefox shortcuts on non-Windows platformWhen running Tor Browser on non-Windows OSes, websites think that the user is running on Windows (for fingerprinting protection). This has the effect of causing web application's shortcuts to interfere with Firefox's shortcuts.
I think...When running Tor Browser on non-Windows OSes, websites think that the user is running on Windows (for fingerprinting protection). This has the effect of causing web application's shortcuts to interfere with Firefox's shortcuts.
I think this only affects non-Windows OSes.
For example: alt-num should become ctrl-numhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33965Uplift 27604: Fix addon issues when moving TB directory2023-01-05T16:19:24ZAlex CatarineuUplift 27604: Fix addon issues when moving TB directoryThis is https://bugzilla.mozilla.org/show_bug.cgi?id=1429838, which did not get much attention by mozilla. But we can try attaching our patch and see if there's some progress.This is https://bugzilla.mozilla.org/show_bug.cgi?id=1429838, which did not get much attention by mozilla. But we can try attaching our patch and see if there's some progress.Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33961Uplift patch for "21830: Copying large text from web console leaks to /tmp"2022-11-30T16:59:16ZAlex CatarineuUplift patch for "21830: Copying large text from web console leaks to /tmp"Bugzilla is https://bugzilla.mozilla.org/show_bug.cgi?id=1433030. We can somehow try to make progress on that.Bugzilla is https://bugzilla.mozilla.org/show_bug.cgi?id=1433030. We can somehow try to make progress on that.