Tor Browser issueshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues2020-07-23T22:09:15Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40041Writing bridge settings is broken in esr78-based Tor Browser2020-07-23T22:09:15ZGeorg KoppenWriting bridge settings is broken in esr78-based Tor BrowserWhen trying to select bridges on `about:preferences#tor` I get
```
JavaScript error: chrome://browser/content/torpreferences/torPane.js,
line 666: TypeError: bridgeSettings is null
```
and the the respective bridge selection drop-down bo...When trying to select bridges on `about:preferences#tor` I get
```
JavaScript error: chrome://browser/content/torpreferences/torPane.js,
line 666: TypeError: bridgeSettings is null
```
and the the respective bridge selection drop-down box/button gets greyed
out.
@acat: I assume this is a rebase error and I'll therefore mark this
ticket as a child of #33533.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40042decide if we need a watershed update prior to our esr78-based Tor Browser2020-08-03T16:13:21ZMark Smithdecide if we need a watershed update prior to our esr78-based Tor BrowserFirefox 72.0.2 was a watershed release: all users of older versions are first updated to 72.0.2 before getting an update to the current release. Why? Because Mozilla removed the code that knew how to migrate from key3.db to key4.db. Sho...Firefox 72.0.2 was a watershed release: all users of older versions are first updated to 72.0.2 before getting an update to the current release. Why? Because Mozilla removed the code that knew how to migrate from key3.db to key4.db. Should we force all Tor Browser users to update to our last esr68-based Tor Browser so they have key4.db the first time they run an esr78-based Tor Browser? I am not 100% sure, but I think key3.db was only used for storing passwords (and maybe only the master NSS password?)Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40047Backport 1450853 - MediaError message property leaks cross-origin response st...2020-08-07T13:41:25ZMatthew FinkelBackport 1450853 - MediaError message property leaks cross-origin response statushttps://bugzilla.mozilla.org/show_bug.cgi?id=1450853https://bugzilla.mozilla.org/show_bug.cgi?id=1450853Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40048Disable various ESR78 features via prefs2022-11-09T11:02:31ZKathleen BradeDisable various ESR78 features via prefsFrom #33534:
- browser.region.network.scan --> false
- browser.region.network.url --> ""
- Obtain WiFi location information from a Mozilla server.
- browser.tabs.remote.separatedMozillaDomains --> ""
- This is a list of mozilla d...From #33534:
- browser.region.network.scan --> false
- browser.region.network.url --> ""
- Obtain WiFi location information from a Mozilla server.
- browser.tabs.remote.separatedMozillaDomains --> ""
- This is a list of mozilla domains which are allowed to be loaded in a privileged process.
- browser.urlbar.dnsResolveSingleWordsAfterSearch --> false
- DNS look up is done for single word terms after a search fails.
- browser.urlbar.suggest.topsites --> false
- browser.urlbar.update1.interventions --> false
- browser.urlbar.update1.searchTips --> false
- corroborator.enabled --> false
- Triggers detection of corruption (e.g. in omni.ja) and reporting via telemetry. Avoid doing wasted work.
- device.storage.enabled --> false (Android)
- dom.push.enabled --> false
- dom.w3c_pointer_events.multiprocess.android.enabled --> false (Android)
- messaging-system.rsexperimentloader.enabled --> false (about:newtab)
- network.trr.resolvers --> ""
- part of DoH; "defense in depth"
- privacy.socialtracking.block_cookies.enabled --> false
- part of tracking protection
- security.pki.crlite_mode --> 0
- This is 1 by default which is a non-enforcing mode focused on collecting telemetry. We should set it to 0 to avoid downloading data from Mozilla.
- signon.management.page.breach-alerts.enabled --> false
- Firefox displays critical alerts in the Lockwise password manager when a website is breached.
- signon.management.page.mobileAndroidURL --> ""
- signon.management.page.mobileAppleURL --> ""
- about:logins page to redirect users to Google Play and Apple's App Store for obtaining Mozilla's LockWise mobile apps.
- trailhead.firstrun.branches --> ""
- For Firefox developers to enable experiments.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40052disable new Top Sites feature2020-08-11T15:45:02ZMark Smithdisable new Top Sites featureFrom #33534: Firefox 73 added a Top Sites provider. Richard said "seems like it offers site suggestions or tracks your browsing or something." Do we need to disable this? Maybe it is already disabled in Tor Browser?
https://bugzilla.moz...From #33534: Firefox 73 added a Top Sites provider. Richard said "seems like it offers site suggestions or tracks your browsing or something." Do we need to disable this? Maybe it is already disabled in Tor Browser?
https://bugzilla.mozilla.org/show_bug.cgi?id=1604932 \
"Implement a Top Sites provider"Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40059verify that our external helper apps patch is still effective2020-08-11T14:18:27ZMark Smithverify that our external helper apps patch is still effectiveFrom #33534: Attempts to navigate to an unknown protocol using methods such as location.href or <meta http-equiv="refresh"> are now blocked. We should verify that our patch for #19273 and related bugs is still effective and that the new ...From #33534: Attempts to navigate to an unknown protocol using methods such as location.href or <meta http-equiv="refresh"> are now blocked. We should verify that our patch for #19273 and related bugs is still effective and that the new behavior does not allow web pages to more easily detect whether a protocol handler is installed.
https://bugzilla.mozilla.org/show_bug.cgi?id=1528305 \
"Behavior on meta and location.href redirects to an unknown protocol can break pages."
https://www.fxsitecompat.dev/en-CA/docs/2020/navigation-to-unknown-protocol-will-be-blocked/Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40061ensure that Windows default browser agent is omitted2020-08-13T08:57:02ZMark Smithensure that Windows default browser agent is omittedFrom #33534: Firefox 76 added a controversial agent (system service?) on Windows that reports info about the default browser to Mozilla even if Firefox is never opened. We should set `default-browser-agent.enabled` to false and/or ensure...From #33534: Firefox 76 added a controversial agent (system service?) on Windows that reports info about the default browser to Mozilla even if Firefox is never opened. We should set `default-browser-agent.enabled` to false and/or ensure that the agent is not included in Tor Browser.
https://bugzilla.mozilla.org/show_bug.cgi?id=1624047 \
"Default browser agent not being packaged"Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40066Update existing prefs for ESR782020-08-07T20:48:00ZKathleen BradeUpdate existing prefs for ESR78A few of our existing prefs have been removed or renamed.
Remove:
- browser.cache.frecency_experiment (removed in https://bugzilla.mozilla.org/show_bug.cgi?id=1573887)
- browser.casting.enabled (removed in https://bugzilla.mozilla.org/s...A few of our existing prefs have been removed or renamed.
Remove:
- browser.cache.frecency_experiment (removed in https://bugzilla.mozilla.org/show_bug.cgi?id=1573887)
- browser.casting.enabled (removed in https://bugzilla.mozilla.org/show_bug.cgi?id=1393582)
- device.camera.enabled (removed in https://bugzilla.mozilla.org/show_bug.cgi?id=1408957)
- general.useragent.updates.enabled (removed in https://bugzilla.mozilla.org/show_bug.cgi?id=1513574)
- general.useragent.updates.url (removed in https://bugzilla.mozilla.org/show_bug.cgi?id=1513574)
- services.blocklist.update_enabled (removed in https://bugzilla.mozilla.org/show_bug.cgi?id=1458917)
- experiments.enabled (removed in https://bugzilla.mozilla.org/show_bug.cgi?id=1420908)
- browser.syncPromoViewsLeftMap (removed in https://bugzilla.mozilla.org/show_bug.cgi?id=1279224)
Rename:
- geo.wifi.uri --> geo.provider.network.url (renamed in https://bugzilla.mozilla.org/show_bug.cgi?id=1613627)Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40069Add helpers for message passing with extensions2020-08-17T13:13:22ZAlex CatarineuAdd helpers for message passing with extensionsIn Tor Browser, we need to communicate with NoScript and HTTPSEverywhere extensions via message passing. Currently, we do it in a way that the background script of those extensions will receive the message via `browser.runtime.onMessage`...In Tor Browser, we need to communicate with NoScript and HTTPSEverywhere extensions via message passing. Currently, we do it in a way that the background script of those extensions will receive the message via `browser.runtime.onMessage` as if those messages came from some page of the same webextension.
In https://bugzilla.mozilla.org/show_bug.cgi?id=1583484 (79) the underlying message passing mechanism changed, which means we need to fix our code too. I think it's a good opportunity to refactor the code into a single place that is used both for `noscript` (torbutton) and `https-everywhere` (onion alias patch) message passing.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40073Consider disabling remote Public Suffix List fetching2022-06-09T08:28:20ZAlex CatarineuConsider disabling remote Public Suffix List fetchingIn https://bugzilla.mozilla.org/show_bug.cgi?id=1563246 Firefox started fetching the PSL via `RemoteSettings` and replacing the default one at runtime. AFAIK this would override our changes in `effective_tld_names.dat` from #28005, so we...In https://bugzilla.mozilla.org/show_bug.cgi?id=1563246 Firefox started fetching the PSL via `RemoteSettings` and replacing the default one at runtime. AFAIK this would override our changes in `effective_tld_names.dat` from #28005, so we should consider a patch to disable this.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40082Safest security level - Javascript cannot be temporarily enabled, NoScript "O...2020-08-21T10:51:59ZwesinatorSafest security level - Javascript cannot be temporarily enabled, NoScript "Override Tor Browser Security Level preset" does not work```
macOS 10.14.6
TorBrowser 9.5.3 clean install via brew cask
```
It seems Javascript cannot be enabled at all from NoScript under Safest security level, even when NoScript "Override Tor Browser Security Level preset" is checked, and t...```
macOS 10.14.6
TorBrowser 9.5.3 clean install via brew cask
```
It seems Javascript cannot be enabled at all from NoScript under Safest security level, even when NoScript "Override Tor Browser Security Level preset" is checked, and the NoScript host setting is set to temporarily trusted.
To reproduce:
- Site that requires Javascript, like https://www.virustotal.com/gui/home
- Temporarily trust hosts under NoScript
Javascript is not enabled at all despite NoScript trusted settings and override
Many sites require javascript at some point to be functional, such as sites that use Cloudflare or other CDNs with captcha pages
possibly related to PDFs not rendering ? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33721Tor Browser: 10.0Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40088Moat "Submit" button does not work2020-08-20T13:23:11ZMark SmithMoat "Submit" button does not workWhen interacting with Moat via [about:preferences#tor](about:preferences#tor), clicking the `Submit` button has no effect. Pressing the `Enter` key does work.
@brade and I first noticed this while working on https://gitlab.torproject.or...When interacting with Moat via [about:preferences#tor](about:preferences#tor), clicking the `Submit` button has no effect. Pressing the `Enter` key does work.
@brade and I first noticed this while working on https://gitlab.torproject.org/tpo/applications/tor-launcher/-/issues/40002, but this bug is also present in the 10.0a5 candidate builds as well (on macOS at least).Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40090Disable v3 extension blocklist for 10.0a62020-09-09T15:44:35ZGeorg KoppenDisable v3 extension blocklist for 10.0a6https://bugzilla.mozilla.org/show_bug.cgi?id=1631018 landed and is
enabling the v3 extension blocklist mechanism.
We are not sure how this effects our HTTPS-Everywhere extension. So, we
disable that mechanism for now.https://bugzilla.mozilla.org/show_bug.cgi?id=1631018 landed and is
enabling the v3 extension blocklist mechanism.
We are not sure how this effects our HTTPS-Everywhere extension. So, we
disable that mechanism for now.Tor Browser: 10.0Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40091Move HTTPS Everywhere into omni.ja2020-09-11T09:57:31ZGeorg KoppenMove HTTPS Everywhere into omni.jaAt best it is brittle having our HTTPS Everywhere signature exception
along with the desired v3 add-on blocklist mechanism. At worst HTTPS
Everywhere is broken or disabled.
So, Mozilla engineers recommended putting HTTPS Everywhere into...At best it is brittle having our HTTPS Everywhere signature exception
along with the desired v3 add-on blocklist mechanism. At worst HTTPS
Everywhere is broken or disabled.
So, Mozilla engineers recommended putting HTTPS Everywhere into the
omni.ja making it a system extension which does not need to be signed.
That's essentially the same path we took for Torbutton and Tor Launcher.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40093Youtube videos on safer produce error in 10.0a52020-09-24T09:51:10ZMatthew FinkelYoutube videos on safer produce error in 10.0a5Instead of playing the video, the following message is shown:
```
An error occurred. Please try again later. (Playback ID: fd-mqZ59PTD71txh)
Learn More
```
The following error is logged
```
JavaScript error: moz-extension://372e0e08-1f0...Instead of playing the video, the following message is shown:
```
An error occurred. Please try again later. (Playback ID: fd-mqZ59PTD71txh)
Learn More
```
The following error is logged
```
JavaScript error: moz-extension://372e0e08-1f07-49be-b2cf-b74b5be0f081/content/media.js, line 62: Error: audio/webm; codecs="opus" (MSE) blocked by NoScript
```
The webconsole doesn't contain any useful information.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40095Review Mozilla developer notes for 79-81 (including)2020-09-17T10:47:04ZGeorg KoppenReview Mozilla developer notes for 79-81 (including)For mobile we need to review the Mozilla developer notes between 79-81
(including) watching out for proxy, linkability, and fingerprinting issues.
(There will be an own ticket for proxy bypass audit, though)For mobile we need to review the Mozilla developer notes between 79-81
(including) watching out for proxy, linkability, and fingerprinting issues.
(There will be an own ticket for proxy bypass audit, though)Tor Browser: 10.0Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40096Review closed Mozilla bugs between 79-81 (inclusive) for GeckoView2020-10-11T20:34:02ZGeorg KoppenReview closed Mozilla bugs between 79-81 (inclusive) for GeckoViewWe need to review close Mozilla bugs between 79-81 (inclusive) for newly
landed features/fixed bugs that are affecting GeckoView. (Thus, we might
be able to skip the Firefox part in this ticket to save some time)We need to review close Mozilla bugs between 79-81 (inclusive) for newly
landed features/fixed bugs that are affecting GeckoView. (Thus, we might
be able to skip the Firefox part in this ticket to save some time)Tor Browser: 10.0Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40097Rebase browser patches to 81.0b12020-08-27T19:20:33ZGeorg KoppenRebase browser patches to 81.0b1Our monthly rebase to the first new Mozilla beta.
- [x] torbutton#40006Our monthly rebase to the first new Mozilla beta.
- [x] torbutton#40006Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40098Initialize torbutton for Geckoview and make sure its features work as expecte...2020-09-01T11:25:09ZAlex CatarineuInitialize torbutton for Geckoview and make sure its features work as expected in FenixTor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40101Fix new identity for 812020-08-27T07:11:44ZAlex CatarineuFix new identity for 81It seems the two elements torbutton tries to disable in new identity are not present because of https://bugzilla.mozilla.org/show_bug.cgi?id=1634030. I think instead of disabling these elements we can just keep track of whether a new ide...It seems the two elements torbutton tries to disable in new identity are not present because of https://bugzilla.mozilla.org/show_bug.cgi?id=1634030. I think instead of disabling these elements we can just keep track of whether a new identity is in progress and ignore subsequent new identity requests meanwhile.Tor Browser: 10.0Georg KoppenGeorg Koppen