Tor Browser issueshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues2021-03-23T21:18:03Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27614Check TCP FastOpen for potential proxy bypass2021-03-23T21:18:03ZGeorg KoppenCheck TCP FastOpen for potential proxy bypassIn https://bugzilla.mozilla.org/show_bug.cgi?id=1188435 (and child bugs) support for TCP FastOpen got implemented. It got disabled on the release track in https://bugzilla.mozilla.org/show_bug.cgi?id=1431738. We should double-check wheth...In https://bugzilla.mozilla.org/show_bug.cgi?id=1188435 (and child bugs) support for TCP FastOpen got implemented. It got disabled on the release track in https://bugzilla.mozilla.org/show_bug.cgi?id=1431738. We should double-check whether we find any proxy bypass issues once this gets enabled.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/401132020 EOY Campaign2021-08-13T23:08:02ZAntonelaantonela@torproject.org2020 EOY CampaignThis ticket aims to track the implementation of the end of year campaign in the Tor Browser's `about:tor`. Assets are attached.
https://use-tor.glitch.me/This ticket aims to track the implementation of the end of year campaign in the Tor Browser's `about:tor`. Assets are attached.
https://use-tor.glitch.me/Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40237Review developer notes for Firefox 842020-12-11T22:35:05ZGeorg KoppenReview developer notes for Firefox 84Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40240Review closed mozilla84 bugs2020-12-11T22:46:52ZGeorg KoppenReview closed mozilla84 bugsTor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40236Rebase tor-browser patches to 84.0b12020-12-02T13:48:53ZGeorg KoppenRebase tor-browser patches to 84.0b1Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40023Rebase Tor Browser esr78 patches onto 80 beta2021-09-02T11:44:38ZAlex CatarineuRebase Tor Browser esr78 patches onto 80 beta- [x] #40069
- [x] torbutton#40002
- [x] torbutton#40003
- [x] torbutton#40004
- [x] torbutton#40005
- [x] #40074
- [x] #40076
- [x] #40084- [x] #40069
- [x] torbutton#40002
- [x] torbutton#40003
- [x] torbutton#40004
- [x] torbutton#40005
- [x] #40074
- [x] #40076
- [x] #40084Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33954Consider different approach for "2176: Rebrand Firefox to TorBrowser "2020-09-28T15:51:23ZAlex CatarineuConsider different approach for "2176: Rebrand Firefox to TorBrowser "The current patch replaces all occurrences of `branding/brand.ftl` with `branding/tor-browser-brand.ftl`. This means that many files are touched by the patch (increasing chances of rebase conflict), and whenever Firefox adds new instance...The current patch replaces all occurrences of `branding/brand.ftl` with `branding/tor-browser-brand.ftl`. This means that many files are touched by the patch (increasing chances of rebase conflict), and whenever Firefox adds new instances of `branding/brand.ftl` we need to modify the patch to also cover those.
I think we should try a different approach to keep all instances of `branding/brand.ftl` untouched, and do the `branding/brand.ftl` -> `branding/tor-browser-brand.ftl` remapping somewhere else, and just in a single place.
One way would be to force the Fluent `FileSource` that we register in torbutton to take precedence over any other source and rename `tor-browser-brand.ftl` to `brand.ftl`, to override Firefox one (including langpacks).
We probably would need to do this in [L10nRegistry.js](https://searchfox.org/mozilla-central/rev/3446310d6cc5c85cde16a82eccf560e9b71a3d44/intl/l10n/L10nRegistry.jsm#141), but I would need to investigate a bit more.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40091Move HTTPS Everywhere into omni.ja2020-09-11T09:57:31ZGeorg KoppenMove HTTPS Everywhere into omni.jaAt best it is brittle having our HTTPS Everywhere signature exception
along with the desired v3 add-on blocklist mechanism. At worst HTTPS
Everywhere is broken or disabled.
So, Mozilla engineers recommended putting HTTPS Everywhere into...At best it is brittle having our HTTPS Everywhere signature exception
along with the desired v3 add-on blocklist mechanism. At worst HTTPS
Everywhere is broken or disabled.
So, Mozilla engineers recommended putting HTTPS Everywhere into the
omni.ja making it a system extension which does not need to be signed.
That's essentially the same path we took for Torbutton and Tor Launcher.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40133Rebase tor-browser patches to 82.0b12021-01-08T19:36:12ZGeorg KoppenRebase tor-browser patches to 82.0b1Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40239Review GeckoView Changelog for gv842020-12-16T03:46:37ZGeorg KoppenReview GeckoView Changelog for gv84Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40249Remove EOY 2020 Campaign2021-01-20T18:41:31ZAntonelaantonela@torproject.orgRemove EOY 2020 CampaignLet's roll back to our regular purple `about:tor` both in desktop and mobile when the EOY campaign ends. Thanks!Let's roll back to our regular purple `about:tor` both in desktop and mobile when the EOY campaign ends. Thanks!Tor Browser: 10.02021-01-08https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40097Rebase browser patches to 81.0b12020-08-27T19:20:33ZGeorg KoppenRebase browser patches to 81.0b1Our monthly rebase to the first new Mozilla beta.
- [x] torbutton#40006Our monthly rebase to the first new Mozilla beta.
- [x] torbutton#40006Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40098Initialize torbutton for Geckoview and make sure its features work as expecte...2020-09-01T11:25:09ZAlex CatarineuInitialize torbutton for Geckoview and make sure its features work as expected in FenixTor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40189Rebase tor-browser patches to 83.0b12020-10-25T12:25:35ZGeorg KoppenRebase tor-browser patches to 83.0b1Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/30017Search engines on mobile Tor Browser don't match the desktop ones2020-09-21T17:56:55ZGeorg KoppenSearch engines on mobile Tor Browser don't match the desktop onesIn particular we don't have a DuckDuckGo .onion search engine installed.In particular we don't have a DuckDuckGo .onion search engine installed.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/30682Adapt Intermediate Preloading for Tor Browser2022-11-09T16:43:54ZcypherpunksAdapt Intermediate Preloading for Tor BrowserCan we turn https://wiki.mozilla.org/Security/CryptoEngineering/Intermediate_Preloading into something useful for ESR68?Can we turn https://wiki.mozilla.org/Security/CryptoEngineering/Intermediate_Preloading into something useful for ESR68?Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33697Investigate new Search Engine configuration2020-08-24T07:21:19ZAlex CatarineuInvestigate new Search Engine configurationWhile working on legacy/trac#33533 I noticed that the engines configured in `list.json` were being ignored, and had to set the `browser.search.modernConfig = false` for them to work.
I believe this is because of a new Search Engine conf...While working on legacy/trac#33533 I noticed that the engines configured in `list.json` were being ignored, and had to set the `browser.search.modernConfig = false` for them to work.
I believe this is because of a new Search Engine configuration that has been enabled by default in nightly recently, this is the meta ticket is https://bugzilla.mozilla.org/show_bug.cgi?id=1542235.
We should investigate this and see whether it's enough to flip that pref to get the behaviour we want.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33737Fix aboutDialog.js error for Firefox nightlies2020-08-07T14:08:34ZAlex CatarineuFix aboutDialog.js error for Firefox nightliesWhen opening the about dialog, there's a `TypeError: can't access property "hidden", document.getElementById(...) is null ... aboutDialog.js:56:14`
error which also prevents checking for updates (`gAppUpdater` is not initialized). It's l...When opening the about dialog, there's a `TypeError: can't access property "hidden", document.getElementById(...) is null ... aboutDialog.js:56:14`
error which also prevents checking for updates (`gAppUpdater` is not initialized). It's looking for an element with id `communityDesc`, which was removed in patch
```
Bug 10760: Integrate TorButton to TorBrowser core
Bug 26321: New Circuit and New Identity menu items
```
This path is only hit with Firefox versions that match `/a\d+$/`, so we see this now in legacy/trac#33533 because of `mozilla-central`.
Maybe a fixup for the patch hiding `communityDesc` instead of removing would be enough for this.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33848Disable Enhanced Tracking Protection (assuming we want it disabled)2020-07-23T13:19:03ZrichardDisable Enhanced Tracking Protection (assuming we want it disabled)There doesn't seem to be a single pref that disables everything, here's the prefs we need to set to disable the functionality:
- network.cookie.cookieBehavior = 0
- privacy.trackingprotection.enabled = false
- privacy.trackingprotect...There doesn't seem to be a single pref that disables everything, here's the prefs we need to set to disable the functionality:
- network.cookie.cookieBehavior = 0
- privacy.trackingprotection.enabled = false
- privacy.trackingprotection.pbmode.enabled = false
- privacy.trackingprotection.socialtracking.enabled = false
- privacy.trackingprotection.cryptomining.enabled = false
- privacy.trackingprotection.fingerprinting.enabled = false
We would need to some code to remove the ETP UI from about:preferences, the urlbar, etc.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33855Don't use site's icon as window icon in Windows when in private browsing mode2020-07-31T15:39:16ZrichardDon't use site's icon as window icon in Windows when in private browsing modeWhen the browser is in site-specific browser mode the app browser icon is set to the website's favicon. This icon presumably is cached somewhere by the operating system, so we should not expose the icon in this fashion when in private br...When the browser is in site-specific browser mode the app browser icon is set to the website's favicon. This icon presumably is cached somewhere by the operating system, so we should not expose the icon in this fashion when in private browsing mode.
This mode can be accessed when:
- browser.ssb.enabled = true
Relevant ticket:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1602194Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33856Set browser.privatebrowsing.forceMediaMemoryCache=true2020-10-07T09:23:52ZrichardSet browser.privatebrowsing.forceMediaMemoryCache=trueNew pref added to disable disk caching of video in private browsing mode.
Relevant ticket:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1532486New pref added to disable disk caching of video in private browsing mode.
Relevant ticket:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1532486Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40187Review developer notes for Firefox 832020-10-29T21:00:30ZGeorg KoppenReview developer notes for Firefox 83Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40190Review closed mozilla83 bugs2020-11-13T19:55:48ZGeorg KoppenReview closed mozilla83 bugsTor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/30605accept-language header leaks browser localization2020-10-23T18:07:13ZMatthew Finkelaccept-language header leaks browser localizationA [blog user](https://blog.torproject.org/comment/281830#comment-281830) mentions each request includes the chosen browser language. Do we normalize this on desktop such that we only send `en-US` regardless of the browser's localization?...A [blog user](https://blog.torproject.org/comment/281830#comment-281830) mentions each request includes the chosen browser language. Do we normalize this on desktop such that we only send `en-US` regardless of the browser's localization?
Using https://wtfismyip.com/headers
With `en-US` as the browser locale:
```
host: wtfismyip.com
connection: close
user-agent: Mozilla/5.0 (Android 6.0; Mobile; rv:60.0) Gecko/20100101 Firefox/60.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
upgrade-insecure-requests: 1
```
With `ru-RU` as the browser locale:
```
host: wtfismyip.com
connection: close
user-agent: Mozilla/5.0 (Android 6.0; Mobile; rv:60.0) Gecko/20100101 Firefox/60.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
accept-language: ru,ru-RU;q=0.8,en-US;q=0.5,en;q=0.3
accept-encoding: gzip, deflate, br
upgrade-insecure-requests: 1
```Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40199Avoid using system locale for intl.accept_languages in GeckoView2020-10-23T18:06:56ZAlex CatarineuAvoid using system locale for intl.accept_languages in GeckoViewIn order to limit the amount of possible buckets that user can be put in when not spoofing locale, we should try not to include system locale when calculating `intl.accept_languages`. I think a decent strategy is to only calculate `intl....In order to limit the amount of possible buckets that user can be put in when not spoofing locale, we should try not to include system locale when calculating `intl.accept_languages`. I think a decent strategy is to only calculate `intl.accept_languages` based on the first (default) locale choice of the app.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/34411Failed .onion gets rewritten/redirected to https in Firefox 782020-08-24T07:25:01ZAlex CatarineuFailed .onion gets rewritten/redirected to https in Firefox 78In current Firefox 78 beta, when loading a random (wrong) .onion URL (e.g. foobar.onion) it gets redirected and/or rewritten to https://. In Browser Console, both requests (http:// and then https://) appear.
This happens in 78 beta, set...In current Firefox 78 beta, when loading a random (wrong) .onion URL (e.g. foobar.onion) it gets redirected and/or rewritten to https://. In Browser Console, both requests (http:// and then https://) appear.
This happens in 78 beta, setting a Tor SOCKS5 proxy + enabling DNS proxying, so it does not seem caused by one of our patches.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40002Consider disabling about:pioneer2022-01-13T10:15:45ZMark SmithConsider disabling about:pioneerWe probably want to remove about:pioneer from Tor Browser. Some background info can be found here:\
https://bugzilla.mozilla.org/show_bug.cgi?id=1634552#c0We probably want to remove about:pioneer from Tor Browser. Some background info can be found here:\
https://bugzilla.mozilla.org/show_bug.cgi?id=1634552#c0Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40025Revert add-on install permissions introduced in Mozilla's 15600592022-11-16T15:26:24ZGeorg KoppenRevert add-on install permissions introduced in Mozilla's 1560059We should revert https://bugzilla.mozilla.org/show_bug.cgi?id=1560059 to make it harder to accidentally install extensions in Tor Browser.We should revert https://bugzilla.mozilla.org/show_bug.cgi?id=1560059 to make it harder to accidentally install extensions in Tor Browser.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40035Fix TorStrings rebase mistake2020-07-22T09:46:21ZAlex CatarineuFix TorStrings rebase mistakeI missed a `SecurityLevelStrings` -> `TorString` while addressing a previous rebase issue.
This was pointed out in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33533#note_2688080.I missed a `SecurityLevelStrings` -> `TorString` while addressing a previous rebase issue.
This was pointed out in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33533#note_2688080.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40036remove product version and update channel portions of #13379 mar tool patch2020-07-22T09:29:55ZMark Smithremove product version and update channel portions of #13379 mar tool patchIn https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40026#note_2694584, gk pointed out that we should remove the portion of the #13379 mar tool patch that overrides the product version and update channel.In https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40026#note_2694584, gk pointed out that we should remove the portion of the #13379 mar tool patch that overrides the product version and update channel.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40037Rebase the branch used for our nightly builds to 78.1.0esr2022-10-04T19:36:46ZGeorg KoppenRebase the branch used for our nightly builds to 78.1.0esrMight be worth having an extra issue tracking the rebase of our esr78 branches until we move on to our "normal" workflow.Might be worth having an extra issue tracking the rebase of our esr78 branches until we move on to our "normal" workflow.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40038Review RemoteSettings for ESR782020-08-25T10:35:19ZAlex CatarineuReview RemoteSettings for ESR78We should revisit #31740 for ESR78. In a first inspection I could see requests to `url-classifier-skip-urls`, which the current patch should have removed.
We could also use the opportunity to simplify the patch a bit, for example trying...We should revisit #31740 for ESR78. In a first inspection I could see requests to `url-classifier-skip-urls`, which the current patch should have removed.
We could also use the opportunity to simplify the patch a bit, for example trying to make all the changes in a single place (e.g. something like a blacklist of bucket/collection somewhere in the RemoteSettings client code).Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40039esr78 updater regressions2020-07-23T22:12:02ZMark Smithesr78 updater regressionsKathy and I found a few updater-related regressions when running some tests on macOS with the tor-browser-78.0.1esr-10.0-1 branch. Specifically:
- The build date is displayed in the about box.
- The `visit our website` link on the about...Kathy and I found a few updater-related regressions when running some tests on macOS with the tor-browser-78.0.1esr-10.0-1 branch. Specifically:
- The build date is displayed in the about box.
- The `visit our website` link on the about:tbupdate page does not pick up the URL from the applied update.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40040fix error: 'downloading' is an invalid string label2020-07-31T15:20:31ZMark Smithfix error: 'downloading' is an invalid string label@brade and I noticed the following message on the browser console during while testing esr78-based updates:
```
'downloading' is an invalid string label
```
This error is familiar to us because we fixed the cause already while uplifting ...@brade and I noticed the following message on the browser console during while testing esr78-based updates:
```
'downloading' is an invalid string label
```
This error is familiar to us because we fixed the cause already while uplifting the `downloading` patches (see [Bugzilla 1642404](https://bugzilla.mozilla.org/show_bug.cgi?id=1642404)). We should backport the missing portion of the patch that is now in Firefox. Alternatively, we could remove the #28885 parts of our #4234 patch and backport all of the uplifted code from [Bugzilla 1642404](https://bugzilla.mozilla.org/show_bug.cgi?id=1642404) and [Bugzilla 1642754](https://bugzilla.mozilla.org/show_bug.cgi?id=1642754). Those fixes are included in Firefox 79.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40041Writing bridge settings is broken in esr78-based Tor Browser2020-07-23T22:09:15ZGeorg KoppenWriting bridge settings is broken in esr78-based Tor BrowserWhen trying to select bridges on `about:preferences#tor` I get
```
JavaScript error: chrome://browser/content/torpreferences/torPane.js,
line 666: TypeError: bridgeSettings is null
```
and the the respective bridge selection drop-down bo...When trying to select bridges on `about:preferences#tor` I get
```
JavaScript error: chrome://browser/content/torpreferences/torPane.js,
line 666: TypeError: bridgeSettings is null
```
and the the respective bridge selection drop-down box/button gets greyed
out.
@acat: I assume this is a rebase error and I'll therefore mark this
ticket as a child of #33533.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40042decide if we need a watershed update prior to our esr78-based Tor Browser2020-08-03T16:13:21ZMark Smithdecide if we need a watershed update prior to our esr78-based Tor BrowserFirefox 72.0.2 was a watershed release: all users of older versions are first updated to 72.0.2 before getting an update to the current release. Why? Because Mozilla removed the code that knew how to migrate from key3.db to key4.db. Sho...Firefox 72.0.2 was a watershed release: all users of older versions are first updated to 72.0.2 before getting an update to the current release. Why? Because Mozilla removed the code that knew how to migrate from key3.db to key4.db. Should we force all Tor Browser users to update to our last esr68-based Tor Browser so they have key4.db the first time they run an esr78-based Tor Browser? I am not 100% sure, but I think key3.db was only used for storing passwords (and maybe only the master NSS password?)Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40047Backport 1450853 - MediaError message property leaks cross-origin response st...2020-08-07T13:41:25ZMatthew FinkelBackport 1450853 - MediaError message property leaks cross-origin response statushttps://bugzilla.mozilla.org/show_bug.cgi?id=1450853https://bugzilla.mozilla.org/show_bug.cgi?id=1450853Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40048Disable various ESR78 features via prefs2022-11-09T11:02:31ZKathleen BradeDisable various ESR78 features via prefsFrom #33534:
- browser.region.network.scan --> false
- browser.region.network.url --> ""
- Obtain WiFi location information from a Mozilla server.
- browser.tabs.remote.separatedMozillaDomains --> ""
- This is a list of mozilla d...From #33534:
- browser.region.network.scan --> false
- browser.region.network.url --> ""
- Obtain WiFi location information from a Mozilla server.
- browser.tabs.remote.separatedMozillaDomains --> ""
- This is a list of mozilla domains which are allowed to be loaded in a privileged process.
- browser.urlbar.dnsResolveSingleWordsAfterSearch --> false
- DNS look up is done for single word terms after a search fails.
- browser.urlbar.suggest.topsites --> false
- browser.urlbar.update1.interventions --> false
- browser.urlbar.update1.searchTips --> false
- corroborator.enabled --> false
- Triggers detection of corruption (e.g. in omni.ja) and reporting via telemetry. Avoid doing wasted work.
- device.storage.enabled --> false (Android)
- dom.push.enabled --> false
- dom.w3c_pointer_events.multiprocess.android.enabled --> false (Android)
- messaging-system.rsexperimentloader.enabled --> false (about:newtab)
- network.trr.resolvers --> ""
- part of DoH; "defense in depth"
- privacy.socialtracking.block_cookies.enabled --> false
- part of tracking protection
- security.pki.crlite_mode --> 0
- This is 1 by default which is a non-enforcing mode focused on collecting telemetry. We should set it to 0 to avoid downloading data from Mozilla.
- signon.management.page.breach-alerts.enabled --> false
- Firefox displays critical alerts in the Lockwise password manager when a website is breached.
- signon.management.page.mobileAndroidURL --> ""
- signon.management.page.mobileAppleURL --> ""
- about:logins page to redirect users to Google Play and Apple's App Store for obtaining Mozilla's LockWise mobile apps.
- trailhead.firstrun.branches --> ""
- For Firefox developers to enable experiments.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40052disable new Top Sites feature2020-08-11T15:45:02ZMark Smithdisable new Top Sites featureFrom #33534: Firefox 73 added a Top Sites provider. Richard said "seems like it offers site suggestions or tracks your browsing or something." Do we need to disable this? Maybe it is already disabled in Tor Browser?
https://bugzilla.moz...From #33534: Firefox 73 added a Top Sites provider. Richard said "seems like it offers site suggestions or tracks your browsing or something." Do we need to disable this? Maybe it is already disabled in Tor Browser?
https://bugzilla.mozilla.org/show_bug.cgi?id=1604932 \
"Implement a Top Sites provider"Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40198Expose privacy.spoof_english pref in GeckoView2020-10-23T19:05:56ZAlex CatarineuExpose privacy.spoof_english pref in GeckoViewThis is needed for fenix#40087This is needed for fenix#40087Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40059verify that our external helper apps patch is still effective2020-08-11T14:18:27ZMark Smithverify that our external helper apps patch is still effectiveFrom #33534: Attempts to navigate to an unknown protocol using methods such as location.href or <meta http-equiv="refresh"> are now blocked. We should verify that our patch for #19273 and related bugs is still effective and that the new ...From #33534: Attempts to navigate to an unknown protocol using methods such as location.href or <meta http-equiv="refresh"> are now blocked. We should verify that our patch for #19273 and related bugs is still effective and that the new behavior does not allow web pages to more easily detect whether a protocol handler is installed.
https://bugzilla.mozilla.org/show_bug.cgi?id=1528305 \
"Behavior on meta and location.href redirects to an unknown protocol can break pages."
https://www.fxsitecompat.dev/en-CA/docs/2020/navigation-to-unknown-protocol-will-be-blocked/Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40061ensure that Windows default browser agent is omitted2020-08-13T08:57:02ZMark Smithensure that Windows default browser agent is omittedFrom #33534: Firefox 76 added a controversial agent (system service?) on Windows that reports info about the default browser to Mozilla even if Firefox is never opened. We should set `default-browser-agent.enabled` to false and/or ensure...From #33534: Firefox 76 added a controversial agent (system service?) on Windows that reports info about the default browser to Mozilla even if Firefox is never opened. We should set `default-browser-agent.enabled` to false and/or ensure that the agent is not included in Tor Browser.
https://bugzilla.mozilla.org/show_bug.cgi?id=1624047 \
"Default browser agent not being packaged"Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40066Update existing prefs for ESR782020-08-07T20:48:00ZKathleen BradeUpdate existing prefs for ESR78A few of our existing prefs have been removed or renamed.
Remove:
- browser.cache.frecency_experiment (removed in https://bugzilla.mozilla.org/show_bug.cgi?id=1573887)
- browser.casting.enabled (removed in https://bugzilla.mozilla.org/s...A few of our existing prefs have been removed or renamed.
Remove:
- browser.cache.frecency_experiment (removed in https://bugzilla.mozilla.org/show_bug.cgi?id=1573887)
- browser.casting.enabled (removed in https://bugzilla.mozilla.org/show_bug.cgi?id=1393582)
- device.camera.enabled (removed in https://bugzilla.mozilla.org/show_bug.cgi?id=1408957)
- general.useragent.updates.enabled (removed in https://bugzilla.mozilla.org/show_bug.cgi?id=1513574)
- general.useragent.updates.url (removed in https://bugzilla.mozilla.org/show_bug.cgi?id=1513574)
- services.blocklist.update_enabled (removed in https://bugzilla.mozilla.org/show_bug.cgi?id=1458917)
- experiments.enabled (removed in https://bugzilla.mozilla.org/show_bug.cgi?id=1420908)
- browser.syncPromoViewsLeftMap (removed in https://bugzilla.mozilla.org/show_bug.cgi?id=1279224)
Rename:
- geo.wifi.uri --> geo.provider.network.url (renamed in https://bugzilla.mozilla.org/show_bug.cgi?id=1613627)Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40069Add helpers for message passing with extensions2020-08-17T13:13:22ZAlex CatarineuAdd helpers for message passing with extensionsIn Tor Browser, we need to communicate with NoScript and HTTPSEverywhere extensions via message passing. Currently, we do it in a way that the background script of those extensions will receive the message via `browser.runtime.onMessage`...In Tor Browser, we need to communicate with NoScript and HTTPSEverywhere extensions via message passing. Currently, we do it in a way that the background script of those extensions will receive the message via `browser.runtime.onMessage` as if those messages came from some page of the same webextension.
In https://bugzilla.mozilla.org/show_bug.cgi?id=1583484 (79) the underlying message passing mechanism changed, which means we need to fix our code too. I think it's a good opportunity to refactor the code into a single place that is used both for `noscript` (torbutton) and `https-everywhere` (onion alias patch) message passing.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40073Consider disabling remote Public Suffix List fetching2022-06-09T08:28:20ZAlex CatarineuConsider disabling remote Public Suffix List fetchingIn https://bugzilla.mozilla.org/show_bug.cgi?id=1563246 Firefox started fetching the PSL via `RemoteSettings` and replacing the default one at runtime. AFAIK this would override our changes in `effective_tld_names.dat` from #28005, so we...In https://bugzilla.mozilla.org/show_bug.cgi?id=1563246 Firefox started fetching the PSL via `RemoteSettings` and replacing the default one at runtime. AFAIK this would override our changes in `effective_tld_names.dat` from #28005, so we should consider a patch to disable this.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40082Safest security level - Javascript cannot be temporarily enabled, NoScript "O...2020-08-21T10:51:59ZwesinatorSafest security level - Javascript cannot be temporarily enabled, NoScript "Override Tor Browser Security Level preset" does not work```
macOS 10.14.6
TorBrowser 9.5.3 clean install via brew cask
```
It seems Javascript cannot be enabled at all from NoScript under Safest security level, even when NoScript "Override Tor Browser Security Level preset" is checked, and t...```
macOS 10.14.6
TorBrowser 9.5.3 clean install via brew cask
```
It seems Javascript cannot be enabled at all from NoScript under Safest security level, even when NoScript "Override Tor Browser Security Level preset" is checked, and the NoScript host setting is set to temporarily trusted.
To reproduce:
- Site that requires Javascript, like https://www.virustotal.com/gui/home
- Temporarily trust hosts under NoScript
Javascript is not enabled at all despite NoScript trusted settings and override
Many sites require javascript at some point to be functional, such as sites that use Cloudflare or other CDNs with captcha pages
possibly related to PDFs not rendering ? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33721Tor Browser: 10.0Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40088Moat "Submit" button does not work2020-08-20T13:23:11ZMark SmithMoat "Submit" button does not workWhen interacting with Moat via [about:preferences#tor](about:preferences#tor), clicking the `Submit` button has no effect. Pressing the `Enter` key does work.
@brade and I first noticed this while working on https://gitlab.torproject.or...When interacting with Moat via [about:preferences#tor](about:preferences#tor), clicking the `Submit` button has no effect. Pressing the `Enter` key does work.
@brade and I first noticed this while working on https://gitlab.torproject.org/tpo/applications/tor-launcher/-/issues/40002, but this bug is also present in the 10.0a5 candidate builds as well (on macOS at least).Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40090Disable v3 extension blocklist for 10.0a62020-09-09T15:44:35ZGeorg KoppenDisable v3 extension blocklist for 10.0a6https://bugzilla.mozilla.org/show_bug.cgi?id=1631018 landed and is
enabling the v3 extension blocklist mechanism.
We are not sure how this effects our HTTPS-Everywhere extension. So, we
disable that mechanism for now.https://bugzilla.mozilla.org/show_bug.cgi?id=1631018 landed and is
enabling the v3 extension blocklist mechanism.
We are not sure how this effects our HTTPS-Everywhere extension. So, we
disable that mechanism for now.Tor Browser: 10.0Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40093Youtube videos on safer produce error in 10.0a52020-09-24T09:51:10ZMatthew FinkelYoutube videos on safer produce error in 10.0a5Instead of playing the video, the following message is shown:
```
An error occurred. Please try again later. (Playback ID: fd-mqZ59PTD71txh)
Learn More
```
The following error is logged
```
JavaScript error: moz-extension://372e0e08-1f0...Instead of playing the video, the following message is shown:
```
An error occurred. Please try again later. (Playback ID: fd-mqZ59PTD71txh)
Learn More
```
The following error is logged
```
JavaScript error: moz-extension://372e0e08-1f07-49be-b2cf-b74b5be0f081/content/media.js, line 62: Error: audio/webm; codecs="opus" (MSE) blocked by NoScript
```
The webconsole doesn't contain any useful information.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40095Review Mozilla developer notes for 79-81 (including)2020-09-17T10:47:04ZGeorg KoppenReview Mozilla developer notes for 79-81 (including)For mobile we need to review the Mozilla developer notes between 79-81
(including) watching out for proxy, linkability, and fingerprinting issues.
(There will be an own ticket for proxy bypass audit, though)For mobile we need to review the Mozilla developer notes between 79-81
(including) watching out for proxy, linkability, and fingerprinting issues.
(There will be an own ticket for proxy bypass audit, though)Tor Browser: 10.0Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40096Review closed Mozilla bugs between 79-81 (inclusive) for GeckoView2020-10-11T20:34:02ZGeorg KoppenReview closed Mozilla bugs between 79-81 (inclusive) for GeckoViewWe need to review close Mozilla bugs between 79-81 (inclusive) for newly
landed features/fixed bugs that are affecting GeckoView. (Thus, we might
be able to skip the Firefox part in this ticket to save some time)We need to review close Mozilla bugs between 79-81 (inclusive) for newly
landed features/fixed bugs that are affecting GeckoView. (Thus, we might
be able to skip the Firefox part in this ticket to save some time)Tor Browser: 10.0Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40101Fix new identity for 812020-08-27T07:11:44ZAlex CatarineuFix new identity for 81It seems the two elements torbutton tries to disable in new identity are not present because of https://bugzilla.mozilla.org/show_bug.cgi?id=1634030. I think instead of disabling these elements we can just keep track of whether a new ide...It seems the two elements torbutton tries to disable in new identity are not present because of https://bugzilla.mozilla.org/show_bug.cgi?id=1634030. I think instead of disabling these elements we can just keep track of whether a new identity is in progress and ignore subsequent new identity requests meanwhile.Tor Browser: 10.0Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40107Adapt .mozconfig-asan for ESR 782020-09-01T18:41:09ZGeorg KoppenAdapt .mozconfig-asan for ESR 78We need to update the `.mozconfig-asan` file in our tree so it is usable
for ESR 78We need to update the `.mozconfig-asan` file in our tree so it is usable
for ESR 78Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40109Playing videos breaks after reloading pages in ESR 78-based builds2020-10-07T09:23:52ZGeorg KoppenPlaying videos breaks after reloading pages in ESR 78-based buildsWe set `browser.privatebrowsing.forceMediaMemoryCache` to `true` in
#33856. It turns out that this caused a
[regression](https://bugzilla.mozilla.org/show_bug.cgi?id=1650281) which
lead to videos breaking if one re-loads pages (see [comm...We set `browser.privatebrowsing.forceMediaMemoryCache` to `true` in
#33856. It turns out that this caused a
[regression](https://bugzilla.mozilla.org/show_bug.cgi?id=1650281) which
lead to videos breaking if one re-loads pages (see [comment
3](https://bugzilla.mozilla.org/show_bug.cgi?id=1650281#c3) for steps to
reproduce).
Lucklily, this is already fixed in Firefox 80 and the patches are small.
We should backport them.Tor Browser: 10.0Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40112Check that caching stylesheets per document group adheres to FPI2020-09-11T12:26:37ZGeorg KoppenCheck that caching stylesheets per document group adheres to FPIFirefox 80 comes with [caching stylesheets per document
group](https://bugzilla.mozilla.org/show_bug.cgi?id=1599160). Mozilla
thinks that
[needs](https://bugzilla.mozilla.org/show_bug.cgi?id=1646640)
[partitioning](https://bugzilla.mozil...Firefox 80 comes with [caching stylesheets per document
group](https://bugzilla.mozilla.org/show_bug.cgi?id=1599160). Mozilla
thinks that
[needs](https://bugzilla.mozilla.org/show_bug.cgi?id=1646640)
[partitioning](https://bugzilla.mozilla.org/show_bug.cgi?id=1645987) for
their [top-level site
partitioning](https://bugzilla.mozilla.org/show_bug.cgi?id=1590107),
which is roughly equivalent to first-party isolation. The relevant check
implemented is
```
nsIPrincipal* Loader::PartitionedPrincipal() const {
if (mDocument && StaticPrefs::privacy_partition_network_state()) {
return mDocument->PartitionedPrincipal();
}
return LoaderPrincipal();
}
```
which is not checking the FPI pref. So, I guess we need to investigate
what the FPI story is.Tor Browser: 10.0Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40116Investigate LOAD_FLAGS_BYPASS_PROXY usage2020-09-09T07:34:27ZGeorg KoppenInvestigate LOAD_FLAGS_BYPASS_PROXY usageMike flagged `LOAD_FLAGS_BYPASS_PROXY` usage in his [proxy
audit](https://gitlab.torproject.org/tpo/applications/fenix/-/issues/34177),
so we should look at it closer.
I _think_ this is just a way to indicate that proxy caches should be...Mike flagged `LOAD_FLAGS_BYPASS_PROXY` usage in his [proxy
audit](https://gitlab.torproject.org/tpo/applications/fenix/-/issues/34177),
so we should look at it closer.
I _think_ this is just a way to indicate that proxy caches should be
bypassed and does not mean that suddenly connections bypass the network
proxy settings, see the
[MDN](https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIWebNavigation)
explanation of that flag:
```
This flag specifies that any intermediate proxy caches should be
bypassed (That is, that the content should be loaded from the origin
server).
```
We'll see whether my basic understanding is right here...Tor Browser: 10.0Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40124Implement Network settings2020-09-12T22:10:24ZMatthew FinkelImplement Network settingsImplement #34402Implement #34402Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40125Geckoview: Expose security level interface2020-10-03T03:24:42ZMatthew FinkelGeckoview: Expose security level interfaceThe easiest way is providing (indirect) access to the `extensions.torbutton.security_slider` pref. Torbutton already observes pref changes, so any changes will go into immediate affect.
Closes #40125The easiest way is providing (indirect) access to the `extensions.torbutton.security_slider` pref. Torbutton already observes pref changes, so any changes will go into immediate affect.
Closes #40125Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40127Rebase browser patches to 81.0b92020-09-15T15:16:40ZAlex CatarineuRebase browser patches to 81.0b9Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40128Re-add addons-bloomfilters JSON dumps2020-09-17T08:15:40ZAlex CatarineuRe-add addons-bloomfilters JSON dumpsIn #40119 we enabled v3 addon blocklisting again. We should have also re-added the `addons-bloomfilters` JSON dumps, so creating this ticket for that.In #40119 we enabled v3 addon blocklisting again. We should have also re-added the `addons-bloomfilters` JSON dumps, so creating this ticket for that.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40130Prepare switch to mozilla82 for mobile2020-10-25T12:33:19ZGeorg KoppenPrepare switch to mozilla82 for mobileThis is the parent ticket for organizing all the work we need to do before
releasing Tor Browser for Android based on Fenix 82.x.
- [x] tor-browser-bundle-testsuite#40008
- [x] android-components#40017
- [x] fenix#40049
- [x] fenix#4005...This is the parent ticket for organizing all the work we need to do before
releasing Tor Browser for Android based on Fenix 82.x.
- [x] tor-browser-bundle-testsuite#40008
- [x] android-components#40017
- [x] fenix#40049
- [x] fenix#40050
- [x] tor-browser-build#40097
- [x] tor-browser-build#40115
- [x] #40131
- [x] #40132
- [x] #40133
- [x] #40134Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40131Review developer notes for Firefox 822020-10-09T17:00:18ZGeorg KoppenReview developer notes for Firefox 82https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/82 are
the notes to look athttps://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/82 are
the notes to look atTor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40134Review closed mozilla82 bugs2020-10-20T18:27:00ZGeorg KoppenReview closed mozilla82 bugshttps://bugzilla.mozilla.org/buglist.cgi?product=Core&query_format=advanced&resolution=FIXED&target_milestone=82%20Branch&order=priority%2Cbug_severity&limit=0
and
https://bugzilla.mozilla.org/buglist.cgi?resolution=---&query_format=ad...https://bugzilla.mozilla.org/buglist.cgi?product=Core&query_format=advanced&resolution=FIXED&target_milestone=82%20Branch&order=priority%2Cbug_severity&limit=0
and
https://bugzilla.mozilla.org/buglist.cgi?resolution=---&query_format=advanced&product=Core&target_milestone=82%20Branch
seem to be the relevant links.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40163New certificate storage does not obey `security.nocertdb`2020-10-14T08:04:12ZGeorg KoppenNew certificate storage does not obey `security.nocertdb`As mentioned in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33534#note_2683533 there is a new certificate storage mechanism
where data is stored under `profiledir/security_state/` which is not
disabled by Tor Brow...As mentioned in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33534#note_2683533 there is a new certificate storage mechanism
where data is stored under `profiledir/security_state/` which is not
disabled by Tor Browser setting `security.nocertdb` = `true`.
Thanks to a cypherpunk for the reminder to file the ticket.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40132Proxy bypass audit for GeckoView 822020-10-23T08:08:42ZGeorg KoppenProxy bypass audit for GeckoView 82Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40139Update Onboarding icon for 10.02020-10-08T12:59:52ZMatthew FinkelUpdate Onboarding icon for 10.0The Onboarding onion icon should link to the tor browser 10.0 release notes.The Onboarding onion icon should link to the tor browser 10.0 release notes.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40140YouTube videos stop working after TB 10 update2022-05-16T17:11:00ZGusYouTube videos stop working after TB 10 updateAfter the last release, Tor Browser 10.0, some users are reporting issues to watch YouTube videos:
### User 1
When I try to select and play a YouTube video, the following message shows up.
![youtube-1](/uploads/0592c7271a42634ad49e9ae...After the last release, Tor Browser 10.0, some users are reporting issues to watch YouTube videos:
### User 1
When I try to select and play a YouTube video, the following message shows up.
![youtube-1](/uploads/0592c7271a42634ad49e9ae199ee624d/youtube-1.jpeg)
As I'm concerned that by signing in, YouTube would start surveilling my web activities, I choose [NO THANKS] and turn off all of the cookie setting. Then, I always get the following error message, i.e., I can't play the video.
![youtube-2](/uploads/818840a853722f1fcb18a91e656d5db1/youtube-2.jpeg)
### User 2
With your new update, YouTube.com does not work. While the basic site works, the videos cannot load.
Tor with Brave continues to work with youtube but please fix this problem.Tor Browser: 10.0Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40156SEC_ERROR_LIBRARY_FAILURE in Tor Browser 102021-03-23T21:25:03ZMatthew FinkelSEC_ERROR_LIBRARY_FAILURE in Tor Browser 10Users are reporting issues loading some HTTPS websites:
- https://support.torproject.org: https://twitter.com/mistercourt/status/1309486809353785344
- https://duckduckgo.com: https://www.reddit.com/r/TOR/comments/izan94/just_got_the_ne...Users are reporting issues loading some HTTPS websites:
- https://support.torproject.org: https://twitter.com/mistercourt/status/1309486809353785344
- https://duckduckgo.com: https://www.reddit.com/r/TOR/comments/izan94/just_got_the_new_update_and_now_tor_wont_index/
where they receive an `about:neterror` page with `Error code: SEC_ERROR_LIBRARY_FAILURE`. This error code is used for many reasons. We'll need some specific information about a failed connection using increased logging.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40172Security UI not updated for non-https .onion pages in Fenix2020-10-04T09:52:59ZAlex CatarineuSecurity UI not updated for non-https .onion pages in FenixTor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40173Initialize security_slider in GV at 42020-10-04T01:41:05ZMatthew FinkelInitialize security_slider in GV at 4We never explicitly initialize the security level and we set the default value as `0` in #40125. Unfortunately, I misread the geckoview code and the "default value" does not mean "we use this value only if the pref does not exist", it me...We never explicitly initialize the security level and we set the default value as `0` in #40125. Unfortunately, I misread the geckoview code and the "default value" does not mean "we use this value only if the pref does not exist", it means "we use this value until we're told we should use a different value" - this is despite the pref being set in `000-tor-browser.js`. In any case, here we are. We should explicitly set the the default as Standard (4).Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/4019378.4.0esr-based build is busted on Linux2021-02-11T20:15:20ZGeorg Koppen78.4.0esr-based build is busted on Linux```
17:59.53
/var/tmp/build/firefox-9633b5c7e832/security/sandbox/linux/SandboxFilter.cpp:247:36:
error: use of undeclared identifier 'AT_EMPTY_PATH'
17:59.53 if (fd != AT_FDCWD && (flags & AT_EMPTY_PATH) != 0 &&
17:59.53 ...```
17:59.53
/var/tmp/build/firefox-9633b5c7e832/security/sandbox/linux/SandboxFilter.cpp:247:36:
error: use of undeclared identifier 'AT_EMPTY_PATH'
17:59.53 if (fd != AT_FDCWD && (flags & AT_EMPTY_PATH) != 0 &&
17:59.53 ^
```
Wheezy comes with glibc 2.13 but `AT_EMPTY_PATH` showed up in 2.14 first.Tor Browser: 10.0Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40178Flip ExtensionStorageIDB.enabled in GeckoView, too2020-10-07T13:31:07ZMatthew FinkelFlip ExtensionStorageIDB.enabled in GeckoView, tooLet's make the same change in tor-browser#40137 so we avoid the underlying bug.Let's make the same change in tor-browser#40137 so we avoid the underlying bug.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40182Audit Media Session API2020-10-19T12:12:25ZAlex CatarineuAudit Media Session APIThe [API](https://developer.mozilla.org/en-US/docs/Web/API/Media_Session_API) was enabled by default in 82, by flipping the pref ` dom.media.mediasession.enabled` (https://bugzilla.mozilla.org/show_bug.cgi?id=1665496).
From the spec htt...The [API](https://developer.mozilla.org/en-US/docs/Web/API/Media_Session_API) was enabled by default in 82, by flipping the pref ` dom.media.mediasession.enabled` (https://bugzilla.mozilla.org/show_bug.cgi?id=1665496).
From the spec https://w3c.github.io/mediasession:
```
This specification enables web developers to show customized media metadata on platform UI, customize available platform
media controls, and access platform media keys such as hardware keys found on keyboards, headsets, remote controls,
and software keys found in notification areas and on lock screens of mobile devices.
```
and from the privacy considerations section:
```
Media session actions expose a new input layer to the web platform. User agents should make sure users are aware that their
actions might be routed to the website with the active media session. Especially, when the actions are coming from remote
devices such as a headset or other remote device. It is recommended for the user agent to follow the platform conventions
when listening to these inputs in order to facilitate the user understanding.
```
```
For privacy purposes, when in incognito mode, the user agent should be careful when sharing the information from
MediaMetadata with the system and make sure they will not be used in a way that would harm the user. Displaying
this information in a way that is very visible would be against the user’s intent of browsing in incognito mode.
When available, the UI elements should be advertized as private to the platform.
```
We should investigate whether this API adds new fingerprinting vectors and/or results in data being persisted (e.g. because of the `MediaMetadata` info being shared with the system).Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40186Prepare switch to mozilla83 for mobile2020-11-16T00:49:38ZGeorg KoppenPrepare switch to mozilla83 for mobileThis is the parent ticket for organizing all the work we need to do before
releasing Tor Browser for Android based on Fenix 83.x.
- [x] tor-browser-bundle-testsuite#40009
- [x] android-components#40018
- [x] fenix#40080
- [x] fenix#4008...This is the parent ticket for organizing all the work we need to do before
releasing Tor Browser for Android based on Fenix 83.x.
- [x] tor-browser-bundle-testsuite#40009
- [x] android-components#40018
- [x] fenix#40080
- [x] fenix#40081
- [x] tor-browser-build#40126
- [x] tor-browser-build#40127
- [x] #40187
- [x] #40188
- [x] #40189
- [x] #40190
- [x] #40215
- [x] tor-browser-spec#40006
- [x] #40233
- [x] fenix#40113
- [x] android-components#40026Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40219Backport 16759052022-04-22T10:05:32ZMatthew FinkelBackport 1675905https://hg.mozilla.org/releases/mozilla-esr78/rev/22b8bef3c436a4d36b586804f342928e1ab11e51https://hg.mozilla.org/releases/mozilla-esr78/rev/22b8bef3c436a4d36b586804f342928e1ab11e51Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40223Consider disabling webauthn2022-11-22T10:15:43ZMatthew FinkelConsider disabling webauthnFenix uses Google's fido library from Google Play. It is **probably** okay, but we should only intentionally use it.Fenix uses Google's fido library from Google Play. It is **probably** okay, but we should only intentionally use it.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40188Proxy bypass audit for GeckoView 832020-11-13T14:47:55ZGeorg KoppenProxy bypass audit for GeckoView 83Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40192Backport Mozilla Bug 16588812020-10-16T08:01:48ZMatthew FinkelBackport Mozilla Bug 1658881Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40204Enable SVG in about: pages even when disabled via pref2020-10-25T13:59:27ZAlex CatarineuEnable SVG in about: pages even when disabled via prefRelevant: https://gitlab.torproject.org/tpo/applications/torbutton/-/issues/40020#note_2713344.Relevant: https://gitlab.torproject.org/tpo/applications/torbutton/-/issues/40020#note_2713344.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40211Downgrade geckoview build-tools version to 29.0.22021-04-05T23:57:08ZGeorg KoppenDowngrade geckoview build-tools version to 29.0.2In order to have less churn in our Android toolchain we downgrade the
GeckoView build-tools version from 29.0.3 to 29.0.2. See:
tor-browser-build#40126 for context.In order to have less churn in our Android toolchain we downgrade the
GeckoView build-tools version from 29.0.3 to 29.0.2. See:
tor-browser-build#40126 for context.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40217Disable SafeBrowser in GeckoView2020-11-11T04:25:39ZMatthew FinkelDisable SafeBrowser in GeckoViewTor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40226Tor Browser 10.0.4 Web Content always crashes on Fedora Workstation Rawhide G...2020-12-17T08:55:55ZMattiLinnanvuoriTor Browser 10.0.4 Web Content always crashes on Fedora Workstation Rawhide GNOMETor Browser 10.0.4 Web Content always crashes on Fedora Workstation Rawhide GNOME[coredump.gz](/uploads/7628d2027ab5bf73593868ae5e3b296d/coredump.gz).
```
PID: 4105 (Web Content)
UID: 1000 (mattilinnanvuori)
...Tor Browser 10.0.4 Web Content always crashes on Fedora Workstation Rawhide GNOME[coredump.gz](/uploads/7628d2027ab5bf73593868ae5e3b296d/coredump.gz).
```
PID: 4105 (Web Content)
UID: 1000 (mattilinnanvuori)
GID: 1000 (mattilinnanvuori)
Signal: 11 (SEGV)
Timestamp: Thu 2020-11-12 18:16:39 EET (20min ago)
Command Line: /home/mattilinnanvuori/Downloads/tor-browser_en-US/Browser/firefox.real -contentproc -childID 3 -isForBrowser -prefsLen 1073 -prefMapSize 256419 -parentBuildID 20200502050101 -appdir /home/mattilinnanvuori/Downloads/tor-browser_en-US/Browser/browser 3964 tab
Executable: /home/mattilinnanvuori/Downloads/tor-browser_en-US/Browser/firefox.real
Control Group: /user.slice/user-1000.slice/user@1000.service/app.slice/app-org.gnome.Terminal.slice/vte-spawn-0d070051-985a-4377-93e0-a93869ce1539.scope
Unit: user@1000.service
User Unit: vte-spawn-0d070051-985a-4377-93e0-a93869ce1539.scope
Slice: user-1000.slice
Owner UID: 1000 (mattilinnanvuori)
Boot ID: 5a950a665e8b4baf90b15e7ecce6d7aa
Machine ID: 946fcb0094414c2eb8d731245de958d6
Hostname: localhost.localdomain
Storage: /var/lib/systemd/coredump/core.Web\x20Content.1000.5a950a665e8b4baf90b15e7ecce6d7aa.4105.1605197799000000.zst
Message: Process 4105 (Web Content) of user 1000 dumped core.
Stack trace of thread 4105:
#0 0x00007f2061ae0bfb n/a (/home/mattilinnanvuori/Downloads/tor-browser_en-US/Browser/libxul.so + 0x14e1bfb)
#1 0x6120646e6966206f n/a (n/a + 0x0)
```Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40227Rebase Tor Browser onto 78.5.0esr2020-11-12T20:55:29ZMatthew FinkelRebase Tor Browser onto 78.5.0esrTor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40238Proxy bypass audit for GeckoView 842020-12-01T21:24:02ZGeorg KoppenProxy bypass audit for GeckoView 84Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40261Creating new Buster container is busted2020-12-04T15:34:33ZMatthew FinkelCreating new Buster container is bustedWe don't update the cache, so we try fetching an old (non-existant) package:
```
Starting build: Fri Dec 4 13:52:13 2020
Reading package lists...
Building dependency tree...
The following additional packages will be installed:
ca-cer...We don't update the cache, so we try fetching an old (non-existant) package:
```
Starting build: Fri Dec 4 13:52:13 2020
Reading package lists...
Building dependency tree...
The following additional packages will be installed:
ca-certificates dbus default-jre-headless fontconfig-config
fonts-dejavu-core java-common krb5-locales libasound2 libasound2-data
libavahi-client3 libavahi-common-data libavahi-common3 libcups2 libdbus-1-3
libexpat1 libfontconfig1 libfreetype6 libgssapi-krb5-2 libjpeg62-turbo
libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 liblcms2-2 libnspr4
libnss3 libpcre2-8-0 libpcsclite1 libpng16-16 libpsl5 libsqlite3-0 libx11-6
libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxi6 libxrender1 libxtst6
openjdk-11-jre-headless openssl publicsuffix ucf x11-common
Suggested packages:
default-dbus-session-bus | dbus-session-bus default-jre libasound2-plugins
alsa-utils cups-common krb5-doc krb5-user liblcms2-utils pcscd libnss-mdns
fonts-dejavu-extra fonts-ipafont-gothic fonts-ipafont-mincho
fonts-wqy-microhei | fonts-wqy-zenhei fonts-indic
The following NEW packages will be installed:
ca-certificates ca-certificates-java dbus default-jre-headless
fontconfig-config fonts-dejavu-core java-common krb5-locales libasound2
libasound2-data libavahi-client3 libavahi-common-data libavahi-common3
libcups2 libdbus-1-3 libexpat1 libfontconfig1 libfreetype6 libgssapi-krb5-2
libjpeg62-turbo libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0
liblcms2-2 libnspr4 libnss3 libpcre2-8-0 libpcsclite1 libpng16-16 libpsl5
libsqlite3-0 libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxi6
libxrender1 libxtst6 openjdk-11-jre-headless openssl publicsuffix ucf wget
x11-common
0 upgraded, 47 newly installed, 0 to remove and 0 not upgraded.
Need to get 48.4 MB of archives.
After this operation, 200 MB of additional disk space will be used.
[snip]
Err:37 http://deb.debian.org/debian buster/main amd64 libx11-data all 2:1.6.7-1
404 Not Found [IP: 151.101.122.132 80]
Get:38 http://deb.debian.org/debian buster/main amd64 libx11-6 amd64 2:1.6.7-1 [754 kB]
Get:39 http://deb.debian.org/debian buster/main amd64 libxext6 amd64 2:1.3.3-1+b2 [52.5 kB]
Get:40 http://deb.debian.org/debian buster/main amd64 libxi6 amd64 2:1.7.9-1 [82.6 kB]
Get:41 http://deb.debian.org/debian buster/main amd64 libxrender1 amd64 1:0.9.10-1 [33.0 kB]
Get:42 http://deb.debian.org/debian buster/main amd64 x11-common all 1:7.7+19 [251 kB]
Get:43 http://deb.debian.org/debian buster/main amd64 libxtst6 amd64 2:1.2.3-1 [27.8 kB]
Err:44 http://deb.debian.org/debian buster/main amd64 openjdk-11-jre-headless amd64 11.0.6+10-1~deb10u1
404 Not Found [IP: 151.101.122.132 80]
Get:45 http://deb.debian.org/debian buster/main amd64 default-jre-headless amd64 2:1.11-71 [10.9 kB]
Get:46 http://deb.debian.org/debian buster/main amd64 ca-certificates-java all 20190405 [15.7 kB]
Get:47 http://deb.debian.org/debian buster/main amd64 publicsuffix all 20190415.1030-1 [116 kB]
Fetched 10.8 MB in 0s (49.8 MB/s)
```Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40262Browser tabs crashing on the new Macbooks with the M1 chip2021-01-16T16:15:29Zchampionquizzerchampionquizzer@torproject.orgBrowser tabs crashing on the new Macbooks with the M1 chipThere are recurring reports from users on the frontdesk that the latest version of Tor Browser (10.0.5) and Tor Browser Alpha (10.5a4) for the MacOS on the new Macbooks with the M1 chip, keeps crashing with the error message "Gah. Your t...There are recurring reports from users on the frontdesk that the latest version of Tor Browser (10.0.5) and Tor Browser Alpha (10.5a4) for the MacOS on the new Macbooks with the M1 chip, keeps crashing with the error message "Gah. Your tab just crashed"Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40265Rebase 10.0 onto 78.6.0esr2020-12-09T18:17:59ZMatthew FinkelRebase 10.0 onto 78.6.0esrbe42732ba32e91120a5de0d97672af80fad4fa9fbe42732ba32e91120a5de0d97672af80fad4fa9fTor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40267Rebase 10.0 onto 84.02020-12-11T18:31:42ZMatthew FinkelRebase 10.0 onto 84.011898884c81cd84cfaec46dffe1dbf42517e830111898884c81cd84cfaec46dffe1dbf42517e8301Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40312Review developer notes for Firefox 862021-02-17T12:42:35ZMatthew FinkelReview developer notes for Firefox 86Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40315Review closed mozilla86 bugs2021-02-17T21:44:10ZMatthew FinkelReview closed mozilla86 bugsTor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40285Rebase GeckoView onto 84.0.22021-01-08T16:15:46ZMatthew FinkelRebase GeckoView onto 84.0.2Unfortunately we do not actually use the 84.0.2 Firefox tag because some GV patches landed after the desktop release tag. We rebase onto 2a47450172493d64c311336281c1860802b3c9fc, instead.Unfortunately we do not actually use the 84.0.2 Firefox tag because some GV patches landed after the desktop release tag. We rebase onto 2a47450172493d64c311336281c1860802b3c9fc, instead.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40286Rebase onto 78.6.1esr2021-01-08T15:42:47ZMatthew FinkelRebase onto 78.6.1esrBase 0b024105bfcb2304529100c159eda55374dceec3 (FIREFOX_ESR_78_6_X_RELBRANCH)Base 0b024105bfcb2304529100c159eda55374dceec3 (FIREFOX_ESR_78_6_X_RELBRANCH)Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40288Fix search engine order2021-01-12T09:10:26ZAlex CatarineuFix search engine orderThis is a regression from the 82 rebase (#40133). We need to specify the engine order in the urlbar via `orderHint` (see https://searchfox.org/mozilla-central/rev/c59d9181cbcd8356ce9271723e31be11641e7010/toolkit/components/search/docs/Se...This is a regression from the 82 rebase (#40133). We need to specify the engine order in the urlbar via `orderHint` (see https://searchfox.org/mozilla-central/rev/c59d9181cbcd8356ce9271723e31be11641e7010/toolkit/components/search/docs/SearchConfigurationSchema.rst#449)Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40304Rebase 10.0 patches onto 85.02021-01-22T19:15:46ZMatthew FinkelRebase 10.0 patches onto 85.0Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40308Set `privacy.partition.network_state = false` until we evaluate dFPI2023-09-21T16:37:47ZAlex CatarineuSet `privacy.partition.network_state = false` until we evaluate dFPIEven though `privacy.partition.network_state.connection_with_proxy` is still `false` there are code paths checking `privacy.partition.network_state` but not `privacy.partition.network_state.connection_with_proxy`. I think we should disab...Even though `privacy.partition.network_state.connection_with_proxy` is still `false` there are code paths checking `privacy.partition.network_state` but not `privacy.partition.network_state.connection_with_proxy`. I think we should disable `privacy.partition.network_state` until we make sure we're good with `privacy.partition.network_state.connection_with_proxy`, or investigate #40123.Tor Browser: 10.0Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40309Avoid using regional OS locales2024-01-08T09:06:41ZAlex CatarineuAvoid using regional OS localesFrom https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40280#note_2723329.
[MozIntl](https://bugzilla.mozilla.org/show_bug.cgi?id=1635561) switched from `AppLocale` to `RegionalPrefLocales` in `xpc_LocalizeRuntime` (ht...From https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40280#note_2723329.
[MozIntl](https://bugzilla.mozilla.org/show_bug.cgi?id=1635561) switched from `AppLocale` to `RegionalPrefLocales` in `xpc_LocalizeRuntime` (https://hg.mozilla.org/integration/autoland/rev/05b8c9d0b50d). This is obtained from `https://hg.mozilla.org/integration/autoland/rev/05b8c9d0b50d`. In that function, when `intl.regional_prefs.use_os_locales = false` (the default), the os regional locale will still be used if the language subtag matches the app locale (e.g. en-CA and en-US). We may want to change this and only use OS locale if `intl.regional_prefs.use_os_locales = true`.Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40310Prepare switch to mozilla862021-03-01T14:58:11ZMatthew FinkelPrepare switch to mozilla86- [x] #40311
- [x] #40312
- [x] #40314
- [x] #40315
- [x] #40320
- [x] android-components#40039
- [x] android-components#40040
- [x] android-components#40041
- [x] fenix#40142
- [x] fenix#40146
- [x] tor-browser-build#40217
- [ ] tor-br...- [x] #40311
- [x] #40312
- [x] #40314
- [x] #40315
- [x] #40320
- [x] android-components#40039
- [x] android-components#40040
- [x] android-components#40041
- [x] fenix#40142
- [x] fenix#40146
- [x] tor-browser-build#40217
- [ ] tor-browser-bundle-testsuite#40017
- [x] tor-browser-spec#40013Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40313Proxy bypass audit for GeckoView 862021-01-26T23:54:24ZMatthew FinkelProxy bypass audit for GeckoView 86Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40360Prepare switch to mozilla872021-06-07T15:05:17ZMatthew FinkelPrepare switch to mozilla87- [x] #40361 (Rebase tor-browser patches to 87.0b4)
- [x] tor-browser-build#40241 (Update components for switch to mozilla87-based Fenix)
- [x] #40362 (Review developer notes for Firefox 87)
- [x] #40363 (Review GeckoView Changelog for g...- [x] #40361 (Rebase tor-browser patches to 87.0b4)
- [x] tor-browser-build#40241 (Update components for switch to mozilla87-based Fenix)
- [x] #40362 (Review developer notes for Firefox 87)
- [x] #40363 (Review GeckoView Changelog for gv87)
- [x] #40364 (Review closed mozilla87 bug)
- [x] #40365 (Rebase 10.5 patches on 87.0)
- [x] android-components#40043 (Rebase android-components patches for Fenix 87 beta X builds)
- [x] android-components#40044 (Review MozAC Changelog for Fenix87)
- [x] fenix#40150 (Rebase Fenix patches to Fenix 87 beta 2)
- [x] tor-browser-spec#40016 (FF87 network audit)
- [ ] tor-browser-bundle-testsuite#40019 (Update tests when switching to Fenix 87)
- [x] fenix#40152 (Review changes for Fenix87)Tor Browser: 10.0https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40384Prepare switch to mozilla882021-06-07T15:06:22ZMatthew FinkelPrepare switch to mozilla88- [x] #40392 (Rebase tor-browser patches to 88.0b4)
- [x] tor-browser-build#40266 (Make the list of components updates for switch to mozilla88-based Fenix)
- [x] tor-browser-build#40259 (Update components for switch to mozilla88-based Fe...- [x] #40392 (Rebase tor-browser patches to 88.0b4)
- [x] tor-browser-build#40266 (Make the list of components updates for switch to mozilla88-based Fenix)
- [x] tor-browser-build#40259 (Update components for switch to mozilla88-based Fenix)
- [x] #40396 (Review developer notes for Firefox 88)
- [x] #40397 (Review GeckoView Changelog for gv88)
- [ ] #40398 (Review closed mozilla88 bug)
- [x] #40399 (Rebase 10.5 patches on 88.0)
- [x] android-components#40048 (Rebase android-components patches for Fenix 88 beta X builds)
- [x] android-components#40050 (Rebase android-components patches for Fenix 88)
- [ ] android-components#40049 (Review MozAC Changelog for Fenix88)
- [x] fenix#40154 (Rebase Fenix patches to Fenix 88 beta 4)
- [x] fenix#40157 (Rebase Fenix patches to Fenix 88.1.0)
- [x] tor-browser-spec#40017 (FF88 network audit)
- [ ] tor-browser-bundle-testsuite#40022 (Update tests when switching to Fenix 88)
- [x] fenix#40155 (Review changes for Fenix88)
- [ ] #40406Tor Browser: 10.0