[tor-commits] [Git][tpo/applications/tor-browser-spec][main] Bug 40056: FF109 Audit
richard (@richard)
git at gitlab.torproject.org
Wed Sep 27 22:13:50 UTC 2023
richard pushed to branch main at The Tor Project / Applications / tor-browser-spec
Commits:
651d6cff by Richard Pospesel at 2023-09-27T22:13:38+00:00
Bug 40056: FF109 Audit
- - - - -
1 changed file:
- + audits/FF109_AUDIT
Changes:
=====================================
audits/FF109_AUDIT
=====================================
@@ -0,0 +1,76 @@
+# General
+
+The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
+
+The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.
+
+`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
+
+## Firefox: https://github.com/mozilla/gecko-dev.git
+
+- Start: `0ae93a27c796bea7836d4b0885c8a1f2c4c18284` ( `FIREFOX_108_0_2_RELEASE` )
+- End: `b89c6dedbd57992efe751d1b585116f2eaa34481` ( `FIREFOX_109_0_1_RELEASE` )
+
+### Languages:
+- [x] java
+- [x] cpp
+- [x] js
+- [x] rust
+
+Nothing of interest (using `code_audit.sh`)
+
+---
+
+## Application Services: https://github.com/mozilla/application-services.git
+
+- Start: `d8b5a386936aa156f4c6d93e6645a6d2188aa788` ( `v96.2.1` )
+- End: `102fa0de36a21b1b2f561ba6de557e20d05b7380` ( `v96.3.0` )
+
+### Languages:
+- [x] java
+- [x] cpp
+- [x] js
+- [x] rust
+
+Nothing of interest (using `code_audit.sh`)
+
+## Firefox Android: https://github.com/mozilla-mobile/firefox-android.git
+
+- Start: `55d34bf82ad051e25f15c0d1ef5fb8b3a32a7522`
+- End: `a7e03da7c26d76bea2fb9c77efce9d841d81f4e0`
+
+### Languages:
+- [x] java
+- [x] cpp
+- [x] js
+- [x] rust
+
+Nothing of interest (using `code_audit.sh`)
+
+## Fenix: https://github.com/mozilla-mobile/fenix.git
+
+- Start: `dc08c68a6cd7932dad599d0713bb3bd3b9f72b57` ( `v109.0b1` )
+- End: `a66807eeb0ff39f96a41a60ac950bd9f31ecf5bd` ( `v109.2.0` )
+
+### Languages:
+- [x] java
+- [x] cpp
+- [x] js
+- [x] rust
+
+Nothing of interest (using `code_audit.sh`)
+
+## Ticket Review ##
+
+Bugzilla Query: `https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolution=FIXED&target_milestone=109%20Branch&order=priority%2Cbug_severity&limit=0`
+
+#### Problematic Tickets
+
+- **Re-enable pingsender2** https://bugzilla.mozilla.org/show_bug.cgi?id=1746983
+ - https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41969
+ - **RESOLUTION** our existing patches are sufficient to keep pingsender away
+- **WebRTC bypasses Network settings & proxy.onRequest** https://bugzilla.mozilla.org/show_bug.cgi?id=1790270
+ - https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41970
+ - **RESOLUTION** nothing to do here, the upstream bug fix is good for us and fixes some proxy leak
+## Export
+- [ ] Export Report and save to `tor-browser-spec/audits`
\ No newline at end of file
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/commit/651d6cffbb205d12dc438e0e0c27cee551466e2c
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/commit/651d6cffbb205d12dc438e0e0c27cee551466e2c
You're receiving this email because of your account on gitlab.torproject.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-commits/attachments/20230927/a0f7571a/attachment-0001.htm>
More information about the tor-commits
mailing list