Tor Browser issueshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues2022-10-04T19:36:46Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40037Rebase the branch used for our nightly builds to 78.1.0esr2022-10-04T19:36:46ZGeorg KoppenRebase the branch used for our nightly builds to 78.1.0esrMight be worth having an extra issue tracking the rebase of our esr78 branches until we move on to our "normal" workflow.Might be worth having an extra issue tracking the rebase of our esr78 branches until we move on to our "normal" workflow.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40036remove product version and update channel portions of #13379 mar tool patch2020-07-22T09:29:55ZMark Smithremove product version and update channel portions of #13379 mar tool patchIn https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40026#note_2694584, gk pointed out that we should remove the portion of the #13379 mar tool patch that overrides the product version and update channel.In https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40026#note_2694584, gk pointed out that we should remove the portion of the #13379 mar tool patch that overrides the product version and update channel.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40035Fix TorStrings rebase mistake2020-07-22T09:46:21ZAlex CatarineuFix TorStrings rebase mistakeI missed a `SecurityLevelStrings` -> `TorString` while addressing a previous rebase issue.
This was pointed out in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33533#note_2688080.I missed a `SecurityLevelStrings` -> `TorString` while addressing a previous rebase issue.
This was pointed out in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33533#note_2688080.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40025Revert add-on install permissions introduced in Mozilla's 15600592022-11-16T15:26:24ZGeorg KoppenRevert add-on install permissions introduced in Mozilla's 1560059We should revert https://bugzilla.mozilla.org/show_bug.cgi?id=1560059 to make it harder to accidentally install extensions in Tor Browser.We should revert https://bugzilla.mozilla.org/show_bug.cgi?id=1560059 to make it harder to accidentally install extensions in Tor Browser.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40023Rebase Tor Browser esr78 patches onto 80 beta2021-09-02T11:44:38ZAlex CatarineuRebase Tor Browser esr78 patches onto 80 beta- [x] #40069
- [x] torbutton#40002
- [x] torbutton#40003
- [x] torbutton#40004
- [x] torbutton#40005
- [x] #40074
- [x] #40076
- [x] #40084- [x] #40069
- [x] torbutton#40002
- [x] torbutton#40003
- [x] torbutton#40004
- [x] torbutton#40005
- [x] #40074
- [x] #40076
- [x] #40084Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40002Consider disabling about:pioneer2022-01-13T10:15:45ZMark SmithConsider disabling about:pioneerWe probably want to remove about:pioneer from Tor Browser. Some background info can be found here:\
https://bugzilla.mozilla.org/show_bug.cgi?id=1634552#c0We probably want to remove about:pioneer from Tor Browser. Some background info can be found here:\
https://bugzilla.mozilla.org/show_bug.cgi?id=1634552#c0Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/34411Failed .onion gets rewritten/redirected to https in Firefox 782020-08-24T07:25:01ZAlex CatarineuFailed .onion gets rewritten/redirected to https in Firefox 78In current Firefox 78 beta, when loading a random (wrong) .onion URL (e.g. foobar.onion) it gets redirected and/or rewritten to https://. In Browser Console, both requests (http:// and then https://) appear.
This happens in 78 beta, set...In current Firefox 78 beta, when loading a random (wrong) .onion URL (e.g. foobar.onion) it gets redirected and/or rewritten to https://. In Browser Console, both requests (http:// and then https://) appear.
This happens in 78 beta, setting a Tor SOCKS5 proxy + enabling DNS proxying, so it does not seem caused by one of our patches.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33954Consider different approach for "2176: Rebrand Firefox to TorBrowser "2020-09-28T15:51:23ZAlex CatarineuConsider different approach for "2176: Rebrand Firefox to TorBrowser "The current patch replaces all occurrences of `branding/brand.ftl` with `branding/tor-browser-brand.ftl`. This means that many files are touched by the patch (increasing chances of rebase conflict), and whenever Firefox adds new instance...The current patch replaces all occurrences of `branding/brand.ftl` with `branding/tor-browser-brand.ftl`. This means that many files are touched by the patch (increasing chances of rebase conflict), and whenever Firefox adds new instances of `branding/brand.ftl` we need to modify the patch to also cover those.
I think we should try a different approach to keep all instances of `branding/brand.ftl` untouched, and do the `branding/brand.ftl` -> `branding/tor-browser-brand.ftl` remapping somewhere else, and just in a single place.
One way would be to force the Fluent `FileSource` that we register in torbutton to take precedence over any other source and rename `tor-browser-brand.ftl` to `brand.ftl`, to override Firefox one (including langpacks).
We probably would need to do this in [L10nRegistry.js](https://searchfox.org/mozilla-central/rev/3446310d6cc5c85cde16a82eccf560e9b71a3d44/intl/l10n/L10nRegistry.jsm#141), but I would need to investigate a bit more.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33856Set browser.privatebrowsing.forceMediaMemoryCache=true2020-10-07T09:23:52ZrichardSet browser.privatebrowsing.forceMediaMemoryCache=trueNew pref added to disable disk caching of video in private browsing mode.
Relevant ticket:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1532486New pref added to disable disk caching of video in private browsing mode.
Relevant ticket:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1532486Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33855Don't use site's icon as window icon in Windows when in private browsing mode2020-07-31T15:39:16ZrichardDon't use site's icon as window icon in Windows when in private browsing modeWhen the browser is in site-specific browser mode the app browser icon is set to the website's favicon. This icon presumably is cached somewhere by the operating system, so we should not expose the icon in this fashion when in private br...When the browser is in site-specific browser mode the app browser icon is set to the website's favicon. This icon presumably is cached somewhere by the operating system, so we should not expose the icon in this fashion when in private browsing mode.
This mode can be accessed when:
- browser.ssb.enabled = true
Relevant ticket:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1602194Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33848Disable Enhanced Tracking Protection (assuming we want it disabled)2020-07-23T13:19:03ZrichardDisable Enhanced Tracking Protection (assuming we want it disabled)There doesn't seem to be a single pref that disables everything, here's the prefs we need to set to disable the functionality:
- network.cookie.cookieBehavior = 0
- privacy.trackingprotection.enabled = false
- privacy.trackingprotect...There doesn't seem to be a single pref that disables everything, here's the prefs we need to set to disable the functionality:
- network.cookie.cookieBehavior = 0
- privacy.trackingprotection.enabled = false
- privacy.trackingprotection.pbmode.enabled = false
- privacy.trackingprotection.socialtracking.enabled = false
- privacy.trackingprotection.cryptomining.enabled = false
- privacy.trackingprotection.fingerprinting.enabled = false
We would need to some code to remove the ETP UI from about:preferences, the urlbar, etc.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33737Fix aboutDialog.js error for Firefox nightlies2020-08-07T14:08:34ZAlex CatarineuFix aboutDialog.js error for Firefox nightliesWhen opening the about dialog, there's a `TypeError: can't access property "hidden", document.getElementById(...) is null ... aboutDialog.js:56:14`
error which also prevents checking for updates (`gAppUpdater` is not initialized). It's l...When opening the about dialog, there's a `TypeError: can't access property "hidden", document.getElementById(...) is null ... aboutDialog.js:56:14`
error which also prevents checking for updates (`gAppUpdater` is not initialized). It's looking for an element with id `communityDesc`, which was removed in patch
```
Bug 10760: Integrate TorButton to TorBrowser core
Bug 26321: New Circuit and New Identity menu items
```
This path is only hit with Firefox versions that match `/a\d+$/`, so we see this now in legacy/trac#33533 because of `mozilla-central`.
Maybe a fixup for the patch hiding `communityDesc` instead of removing would be enough for this.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33697Investigate new Search Engine configuration2020-08-24T07:21:19ZAlex CatarineuInvestigate new Search Engine configurationWhile working on legacy/trac#33533 I noticed that the engines configured in `list.json` were being ignored, and had to set the `browser.search.modernConfig = false` for them to work.
I believe this is because of a new Search Engine conf...While working on legacy/trac#33533 I noticed that the engines configured in `list.json` were being ignored, and had to set the `browser.search.modernConfig = false` for them to work.
I believe this is because of a new Search Engine configuration that has been enabled by default in nightly recently, this is the meta ticket is https://bugzilla.mozilla.org/show_bug.cgi?id=1542235.
We should investigate this and see whether it's enough to flip that pref to get the behaviour we want.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/30682Adapt Intermediate Preloading for Tor Browser2022-11-09T16:43:54ZcypherpunksAdapt Intermediate Preloading for Tor BrowserCan we turn https://wiki.mozilla.org/Security/CryptoEngineering/Intermediate_Preloading into something useful for ESR68?Can we turn https://wiki.mozilla.org/Security/CryptoEngineering/Intermediate_Preloading into something useful for ESR68?Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/30605accept-language header leaks browser localization2020-10-23T18:07:13ZMatthew Finkelaccept-language header leaks browser localizationA [blog user](https://blog.torproject.org/comment/281830#comment-281830) mentions each request includes the chosen browser language. Do we normalize this on desktop such that we only send `en-US` regardless of the browser's localization?...A [blog user](https://blog.torproject.org/comment/281830#comment-281830) mentions each request includes the chosen browser language. Do we normalize this on desktop such that we only send `en-US` regardless of the browser's localization?
Using https://wtfismyip.com/headers
With `en-US` as the browser locale:
```
host: wtfismyip.com
connection: close
user-agent: Mozilla/5.0 (Android 6.0; Mobile; rv:60.0) Gecko/20100101 Firefox/60.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
upgrade-insecure-requests: 1
```
With `ru-RU` as the browser locale:
```
host: wtfismyip.com
connection: close
user-agent: Mozilla/5.0 (Android 6.0; Mobile; rv:60.0) Gecko/20100101 Firefox/60.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
accept-language: ru,ru-RU;q=0.8,en-US;q=0.5,en;q=0.3
accept-encoding: gzip, deflate, br
upgrade-insecure-requests: 1
```Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/30017Search engines on mobile Tor Browser don't match the desktop ones2020-09-21T17:56:55ZGeorg KoppenSearch engines on mobile Tor Browser don't match the desktop onesIn particular we don't have a DuckDuckGo .onion search engine installed.In particular we don't have a DuckDuckGo .onion search engine installed.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27614Check TCP FastOpen for potential proxy bypass2021-03-23T21:18:03ZGeorg KoppenCheck TCP FastOpen for potential proxy bypassIn https://bugzilla.mozilla.org/show_bug.cgi?id=1188435 (and child bugs) support for TCP FastOpen got implemented. It got disabled on the release track in https://bugzilla.mozilla.org/show_bug.cgi?id=1431738. We should double-check wheth...In https://bugzilla.mozilla.org/show_bug.cgi?id=1188435 (and child bugs) support for TCP FastOpen got implemented. It got disabled on the release track in https://bugzilla.mozilla.org/show_bug.cgi?id=1431738. We should double-check whether we find any proxy bypass issues once this gets enabled.Tor Browser: 10.0