- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser-update-responses][main] Fix 13.5.6 update
by boklm (＠boklm) 03 Oct '24

03 Oct '24

boklm pushed to branch main at The Tor Project / Applications / Tor Browser update responses Commits: e6568d28 by Nicolas Vigier at 2024-10-03T15:17:16+02:00 Fix 13.5.6 update https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… - - - - - 8 changed files: - update_3/release/13.5.3-13.5.6-macos-ALL.xml - update_3/release/13.5.4-13.5.6-macos-ALL.xml - update_3/release/13.5.5-13.5.6-macos-ALL.xml - update_3/release/13.5.6-macos-ALL.xml - update_3/release/download-android-aarch64.json - update_3/release/download-android-armv7.json - update_3/release/download-android-x86.json - update_3/release/download-android-x86_64.json Changes: ===================================== update_3/release/13.5.3-13.5.6-macos-ALL.xml ===================================== @@ -1,2 +1,2 @@ <?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="3812e78c7002ed4b8fe4ab326dd6f665b7948513d95dc1539eb3dd427122f35edd23a80601bca3ec1bcb3a6d1e2186c4f73afa5158fd2804c9c3ab3cb129803f" size="169711162" type="complete"></patch><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos--13.5.3…" hashFunction="SHA512" hashValue="0e1f434b7a7cb2b05299ca20c909242401e486b04816b22338820530069822e95f352ef4010b60c8663d5870064410dcb9878cacd9d82e50560776a245992a3a" size="9024392" type="partial"></patch></update></updates> +<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="1e5b00a0e4d078647f8e04c967703e1d0e5ae8171108f2012ca36106c7bf76a41bb50766b79de6e4eabb1d1454f70754d731d1048ad96a20046221ed06677fce" size="169713986" type="complete"></patch><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos--13.5.3…" hashFunction="SHA512" hashValue="10252334829fa21b7ec10154606cd1079482ef2cc65db6c41dd1ff293a06012b8321f53accb50876f9d53771f16ec666404088d8c42ee43b5ccbec14b76f99bb" size="9029180" type="partial"></patch></update></updates> ===================================== update_3/release/13.5.4-13.5.6-macos-ALL.xml ===================================== @@ -1,2 +1,2 @@ <?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="3812e78c7002ed4b8fe4ab326dd6f665b7948513d95dc1539eb3dd427122f35edd23a80601bca3ec1bcb3a6d1e2186c4f73afa5158fd2804c9c3ab3cb129803f" size="169711162" type="complete"></patch><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos--13.5.4…" hashFunction="SHA512" hashValue="bb89e1aacae8732d0e8a5f5e9ca78d089871edbad9dc7e6f73e1ba5dfdf2ee09e483833fcfa31c25ab38549b0753c95bd77c78180ba3b2a6de579943fa3e1638" size="8537264" type="partial"></patch></update></updates> +<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="1e5b00a0e4d078647f8e04c967703e1d0e5ae8171108f2012ca36106c7bf76a41bb50766b79de6e4eabb1d1454f70754d731d1048ad96a20046221ed06677fce" size="169713986" type="complete"></patch><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos--13.5.4…" hashFunction="SHA512" hashValue="bb7d500f431022b5ce5b1b7385ef3db44217681b992ba4fc790b9db0c52ee797c6f54a3d47cb43b8e5d8879330dcc6bbd5e10d6c522563717b74fd50fd55cdaf" size="8534004" type="partial"></patch></update></updates> ===================================== update_3/release/13.5.5-13.5.6-macos-ALL.xml ===================================== @@ -1,2 +1,2 @@ <?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="3812e78c7002ed4b8fe4ab326dd6f665b7948513d95dc1539eb3dd427122f35edd23a80601bca3ec1bcb3a6d1e2186c4f73afa5158fd2804c9c3ab3cb129803f" size="169711162" type="complete"></patch><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos--13.5.5…" hashFunction="SHA512" hashValue="e4b7087c41afe1fd942f0e439e2ce7b175d10c4dc6c027af81e90204edcf8811b19bda84ee2eed70a1fe09c117303c8ba0d196b263965c2d7c6af01e6852f919" size="8476716" type="partial"></patch></update></updates> +<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="1e5b00a0e4d078647f8e04c967703e1d0e5ae8171108f2012ca36106c7bf76a41bb50766b79de6e4eabb1d1454f70754d731d1048ad96a20046221ed06677fce" size="169713986" type="complete"></patch><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos--13.5.5…" hashFunction="SHA512" hashValue="d0848e8628a720a24c837dd2f53f93c9805083bd5aa1988bbb3d01cc8c52584bad06975b062e4ce14ab67dd7884a31c7453f4840243f750394733eaa2097662d" size="8478964" type="partial"></patch></update></updates> ===================================== update_3/release/13.5.6-macos-ALL.xml ===================================== @@ -1,2 +1,2 @@ <?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="3812e78c7002ed4b8fe4ab326dd6f665b7948513d95dc1539eb3dd427122f35edd23a80601bca3ec1bcb3a6d1e2186c4f73afa5158fd2804c9c3ab3cb129803f" size="169711162" type="complete"></patch></update></updates> +<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="1e5b00a0e4d078647f8e04c967703e1d0e5ae8171108f2012ca36106c7bf76a41bb50766b79de6e4eabb1d1454f70754d731d1048ad96a20046221ed06677fce" size="169713986" type="complete"></patch></update></updates> ===================================== update_3/release/download-android-aarch64.json ===================================== @@ -1 +1 @@ -{"binary":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-aarch64-1…","git_tag":"tbb-13.5.4-build1","sig":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-aarch64-1…","version":"13.5.4"} \ No newline at end of file +{"binary":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-aarch64-1…","git_tag":"tbb-13.5.6-build1","sig":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-aarch64-1…","version":"13.5.6"} \ No newline at end of file ===================================== update_3/release/download-android-armv7.json ===================================== @@ -1 +1 @@ -{"binary":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-armv7-13.…","git_tag":"tbb-13.5.4-build1","sig":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-armv7-13.…","version":"13.5.4"} \ No newline at end of file +{"binary":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-armv7-13.…","git_tag":"tbb-13.5.6-build1","sig":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-armv7-13.…","version":"13.5.6"} \ No newline at end of file ===================================== update_3/release/download-android-x86.json ===================================== @@ -1 +1 @@ -{"binary":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-x86-13.5.…","git_tag":"tbb-13.5.4-build1","sig":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-x86-13.5.…","version":"13.5.4"} \ No newline at end of file +{"binary":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-x86-13.5.…","git_tag":"tbb-13.5.6-build1","sig":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-x86-13.5.…","version":"13.5.6"} \ No newline at end of file ===================================== update_3/release/download-android-x86_64.json ===================================== @@ -1 +1 @@ -{"binary":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-x86_64-13…","git_tag":"tbb-13.5.4-build1","sig":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-x86_64-13…","version":"13.5.4"} \ No newline at end of file +{"binary":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-x86_64-13…","git_tag":"tbb-13.5.6-build1","sig":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-x86_64-13…","version":"13.5.6"} \ No newline at end of file View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.3.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch mullvad-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 8523387b by Pier Angelo Vendrame at 2024-10-02T19:53:07+00:00 fixup! Firefox preference overrides. Bug 42054: ESR128: investigate - thorin's list. Set or remove some preferences as suggested by Thorin. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -101,6 +101,12 @@ pref("browser.pagethumbnails.capturing_disabled", true); // pref("privacy.exposeContentTitleInWindow", false); // pref("privacy.exposeContentTitleInWindow.pbm", false); +// tor-browser#42054: Opt-out from any built-in backup system, even though +// local, as it might be a violation of our standalone mode. +// Users can still opt-in if they wish. +pref("browser.backup.enabled", false); +pref("browser.backup.scheduled.enabled", false); + // Empty clipboard content from private windows on exit (tor-browser#42154) pref("browser.privatebrowsing.preserveClipboard", false); @@ -251,6 +257,9 @@ pref("privacy.trackingprotection.fingerprinting.enabled", false); pref("privacy.trackingprotection.socialtracking.enabled", false); pref("privacy.socialtracking.block_cookies.enabled", false); pref("privacy.annotate_channels.strict_list.enabled", false); +// tor-browser#43178: for defense-in-depth, avoid remote overrides to FPP. +// Notice that it should not apply to RFP anyway... +pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false); // Disable the Pocket extension (Bug #18886 and #31602) pref("extensions.pocket.enabled", false); @@ -284,6 +293,9 @@ pref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiment // Disable fetching asrouter.ftl and related console errors (tor-browser#40763). pref("browser.newtabpage.activity-stream.asrouter.useRemoteL10n", false); +// tor-browser#42054: make sure search result telemetry is disabled. +pref("browser.search.serpEventTelemetryCategorization.enabled", false); + // tor-browser#42872, #42555: Disable translations. // Translation have a bad UX in 128 (and with our config). Maybe we will // re-enable after auditing and fixing the UX. @@ -444,9 +456,6 @@ pref("pdfjs.disabled", false, locked); #endif // Bug 40057: Ensure system colors are not used for CSS4 colors pref("browser.display.use_system_colors", false); -// Enforce non-native widget theme (true by default, defense in depth). -// Provides a uniform look and feel across platforms. Added with tor-browser#41496. -pref("widget.non-native-theme.enabled", true); // tor-browser#41676: Set the TZ environment variable as a defense-in-depth. // TODO: Remove this in ESR-128, as it has been removed in 116 with Bug 1837582. pref("privacy.resistFingerprinting.testing.setTZtoUTC", true); @@ -524,7 +533,9 @@ pref("network.http.http2.websockets", true, locked); pref("network.http.http2.enable-hpack-dump", false, locked); // tor-browser#23044: Make sure we don't have any GIO supported protocols -// (defense in depth measure) +// (defense in depth measure). +// As of Firefox 118 (Bug 1843763), upstream does not add any protocol by +// default, but setting it to blank seems a good idea (tor-browser#42054). pref("network.gio.supported-protocols", ""); // Mullvad Browser enables WebRTC by default, meaning that there the following prefs // are first-line defense, rather than "in depth" (mullvad-browser#40) @@ -627,9 +638,6 @@ pref("security.cert_pinning.enforcement_level", 2); // Don't load OS client certs. pref("security.osclientcerts.autoload", false); -// Don't allow MitM via Microsoft Family Safety, see bug 21686 -pref("security.family_safety.mode", 0); - // Don't allow MitM via enterprise roots, see bug 30681 pref("security.enterprise_roots.enabled", false); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/852… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/852… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.3.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch base-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: b8610ea4 by Pier Angelo Vendrame at 2024-10-02T19:52:38+00:00 fixup! Firefox preference overrides. Bug 42054: ESR128: investigate - thorin's list. Set or remove some preferences as suggested by Thorin. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -101,6 +101,12 @@ pref("browser.pagethumbnails.capturing_disabled", true); // pref("privacy.exposeContentTitleInWindow", false); // pref("privacy.exposeContentTitleInWindow.pbm", false); +// tor-browser#42054: Opt-out from any built-in backup system, even though +// local, as it might be a violation of our standalone mode. +// Users can still opt-in if they wish. +pref("browser.backup.enabled", false); +pref("browser.backup.scheduled.enabled", false); + // Empty clipboard content from private windows on exit (tor-browser#42154) pref("browser.privatebrowsing.preserveClipboard", false); @@ -251,6 +257,9 @@ pref("privacy.trackingprotection.fingerprinting.enabled", false); pref("privacy.trackingprotection.socialtracking.enabled", false); pref("privacy.socialtracking.block_cookies.enabled", false); pref("privacy.annotate_channels.strict_list.enabled", false); +// tor-browser#43178: for defense-in-depth, avoid remote overrides to FPP. +// Notice that it should not apply to RFP anyway... +pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false); // Disable the Pocket extension (Bug #18886 and #31602) pref("extensions.pocket.enabled", false); @@ -284,6 +293,9 @@ pref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiment // Disable fetching asrouter.ftl and related console errors (tor-browser#40763). pref("browser.newtabpage.activity-stream.asrouter.useRemoteL10n", false); +// tor-browser#42054: make sure search result telemetry is disabled. +pref("browser.search.serpEventTelemetryCategorization.enabled", false); + // tor-browser#42872, #42555: Disable translations. // Translation have a bad UX in 128 (and with our config). Maybe we will // re-enable after auditing and fixing the UX. @@ -444,9 +456,6 @@ pref("pdfjs.disabled", false, locked); #endif // Bug 40057: Ensure system colors are not used for CSS4 colors pref("browser.display.use_system_colors", false); -// Enforce non-native widget theme (true by default, defense in depth). -// Provides a uniform look and feel across platforms. Added with tor-browser#41496. -pref("widget.non-native-theme.enabled", true); // tor-browser#41676: Set the TZ environment variable as a defense-in-depth. // TODO: Remove this in ESR-128, as it has been removed in 116 with Bug 1837582. pref("privacy.resistFingerprinting.testing.setTZtoUTC", true); @@ -524,7 +533,9 @@ pref("network.http.http2.websockets", true, locked); pref("network.http.http2.enable-hpack-dump", false, locked); // tor-browser#23044: Make sure we don't have any GIO supported protocols -// (defense in depth measure) +// (defense in depth measure). +// As of Firefox 118 (Bug 1843763), upstream does not add any protocol by +// default, but setting it to blank seems a good idea (tor-browser#42054). pref("network.gio.supported-protocols", ""); pref("media.peerconnection.enabled", false); // Disable WebRTC interfaces // Mullvad Browser enables WebRTC by default, meaning that there the following prefs @@ -631,9 +642,6 @@ pref("security.cert_pinning.enforcement_level", 2); // Don't load OS client certs. pref("security.osclientcerts.autoload", false); -// Don't allow MitM via Microsoft Family Safety, see bug 21686 -pref("security.family_safety.mode", 0); - // Don't allow MitM via enterprise roots, see bug 30681 pref("security.enterprise_roots.enabled", false); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/b8610ea… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/b8610ea… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 816dae39 by Pier Angelo Vendrame at 2024-10-02T19:32:59+00:00 fixup! Firefox preference overrides. Bug 42054: ESR128: investigate - thorin's list. Set or remove some preferences as suggested by Thorin. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -101,6 +101,12 @@ pref("browser.pagethumbnails.capturing_disabled", true); // pref("privacy.exposeContentTitleInWindow", false); // pref("privacy.exposeContentTitleInWindow.pbm", false); +// tor-browser#42054: Opt-out from any built-in backup system, even though +// local, as it might be a violation of our standalone mode. +// Users can still opt-in if they wish. +pref("browser.backup.enabled", false); +pref("browser.backup.scheduled.enabled", false); + // Empty clipboard content from private windows on exit (tor-browser#42154) pref("browser.privatebrowsing.preserveClipboard", false); @@ -251,6 +257,9 @@ pref("privacy.trackingprotection.fingerprinting.enabled", false); pref("privacy.trackingprotection.socialtracking.enabled", false); pref("privacy.socialtracking.block_cookies.enabled", false); pref("privacy.annotate_channels.strict_list.enabled", false); +// tor-browser#43178: for defense-in-depth, avoid remote overrides to FPP. +// Notice that it should not apply to RFP anyway... +pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false); // Disable the Pocket extension (Bug #18886 and #31602) pref("extensions.pocket.enabled", false); @@ -284,6 +293,9 @@ pref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiment // Disable fetching asrouter.ftl and related console errors (tor-browser#40763). pref("browser.newtabpage.activity-stream.asrouter.useRemoteL10n", false); +// tor-browser#42054: make sure search result telemetry is disabled. +pref("browser.search.serpEventTelemetryCategorization.enabled", false); + // tor-browser#42872, #42555: Disable translations. // Translation have a bad UX in 128 (and with our config). Maybe we will // re-enable after auditing and fixing the UX. @@ -444,9 +456,6 @@ pref("pdfjs.disabled", false, locked); #endif // Bug 40057: Ensure system colors are not used for CSS4 colors pref("browser.display.use_system_colors", false); -// Enforce non-native widget theme (true by default, defense in depth). -// Provides a uniform look and feel across platforms. Added with tor-browser#41496. -pref("widget.non-native-theme.enabled", true); // tor-browser#41676: Set the TZ environment variable as a defense-in-depth. // TODO: Remove this in ESR-128, as it has been removed in 116 with Bug 1837582. pref("privacy.resistFingerprinting.testing.setTZtoUTC", true); @@ -524,7 +533,9 @@ pref("network.http.http2.websockets", true, locked); pref("network.http.http2.enable-hpack-dump", false, locked); // tor-browser#23044: Make sure we don't have any GIO supported protocols -// (defense in depth measure) +// (defense in depth measure). +// As of Firefox 118 (Bug 1843763), upstream does not add any protocol by +// default, but setting it to blank seems a good idea (tor-browser#42054). pref("network.gio.supported-protocols", ""); pref("media.peerconnection.enabled", false); // Disable WebRTC interfaces // Mullvad Browser enables WebRTC by default, meaning that there the following prefs @@ -631,9 +642,6 @@ pref("security.cert_pinning.enforcement_level", 2); // Don't load OS client certs. pref("security.osclientcerts.autoload", false); -// Don't allow MitM via Microsoft Family Safety, see bug 21686 -pref("security.family_safety.mode", 0); - // Don't allow MitM via enterprise roots, see bug 30681 pref("security.enterprise_roots.enabled", false); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/816dae3… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/816dae3… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.3.0esr-14.0-1] 2 commits: Bug 1607032: Spoof screen orientation and angle to primary values. r=tjr, geckoview-reviewers, owlish
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch mullvad-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 0c49d19c by Fatih at 2024-10-02T19:27:24+00:00 Bug 1607032: Spoof screen orientation and angle to primary values. r=tjr,geckoview-reviewers,owlish Differential Revision: https://phabricator.services.mozilla.com/D220904 - - - - - 0fb83408 by Fatih at 2024-10-02T19:27:24+00:00 Bug 1918202: Spoof orientation based on screen size. r=tjr Differential Revision: https://phabricator.services.mozilla.com/D221863 - - - - - 6 changed files: - dom/base/ScreenOrientation.cpp - dom/base/nsGlobalWindowInner.cpp - dom/base/test/chrome/bug418986-1.js - hal/android/AndroidHal.cpp - toolkit/components/resistfingerprinting/nsRFPService.cpp - toolkit/components/resistfingerprinting/nsRFPService.h Changes: ===================================== dom/base/ScreenOrientation.cpp ===================================== @@ -626,7 +626,13 @@ void ScreenOrientation::CleanupFullscreenListener() { OrientationType ScreenOrientation::DeviceType(CallerType aCallerType) const { if (nsContentUtils::ShouldResistFingerprinting( aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return OrientationType::Landscape_primary; + Document* doc = GetResponsibleDocument(); + BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; + if (!bc) { + return nsRFPService::GetDefaultOrientationType(); + } + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToOrientationType(size.width, size.height); } return mType; } @@ -634,18 +640,19 @@ OrientationType ScreenOrientation::DeviceType(CallerType aCallerType) const { uint16_t ScreenOrientation::DeviceAngle(CallerType aCallerType) const { if (nsContentUtils::ShouldResistFingerprinting( aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return 0; + Document* doc = GetResponsibleDocument(); + BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; + if (!bc) { + return 0; + } + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToAngle(size.width, size.height); } return mAngle; } OrientationType ScreenOrientation::GetType(CallerType aCallerType, ErrorResult& aRv) const { - if (nsContentUtils::ShouldResistFingerprinting( - aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return OrientationType::Landscape_primary; - } - Document* doc = GetResponsibleDocument(); BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; if (!bc) { @@ -653,16 +660,17 @@ OrientationType ScreenOrientation::GetType(CallerType aCallerType, return OrientationType::Portrait_primary; } - return bc->GetCurrentOrientationType(); -} - -uint16_t ScreenOrientation::GetAngle(CallerType aCallerType, - ErrorResult& aRv) const { + OrientationType orientation = bc->GetCurrentOrientationType(); if (nsContentUtils::ShouldResistFingerprinting( aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return 0; + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToOrientationType(size.width, size.height); } + return orientation; +} +uint16_t ScreenOrientation::GetAngle(CallerType aCallerType, + ErrorResult& aRv) const { Document* doc = GetResponsibleDocument(); BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; if (!bc) { @@ -670,7 +678,13 @@ uint16_t ScreenOrientation::GetAngle(CallerType aCallerType, return 0; } - return bc->GetCurrentOrientationAngle(); + uint16_t angle = static_cast<uint16_t>(bc->GetCurrentOrientationAngle()); + if (nsContentUtils::ShouldResistFingerprinting( + aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToAngle(size.width, size.height); + } + return angle; } ScreenOrientation::LockPermission ===================================== dom/base/nsGlobalWindowInner.cpp ===================================== @@ -7306,11 +7306,13 @@ void nsGlobalWindowInner::InitWasOffline() { mWasOffline = NS_IsOffline(); } int16_t nsGlobalWindowInner::Orientation(CallerType aCallerType) { // GetOrientationAngle() returns 0, 90, 180 or 270. // window.orientation returns -90, 0, 90 or 180. + uint16_t screenAngle = Screen()->GetOrientationAngle(); if (nsIGlobalObject::ShouldResistFingerprinting( aCallerType, RFPTarget::ScreenOrientation)) { - return 0; + CSSIntSize size = mBrowsingContext->GetTopInnerSizeForRFP(); + screenAngle = nsRFPService::ViewportSizeToAngle(size.width, size.height); } - int16_t angle = AssertedCast<int16_t>(Screen()->GetOrientationAngle()); + int16_t angle = AssertedCast<int16_t>(screenAngle); return angle <= 180 ? angle : angle - 360; } ===================================== dom/base/test/chrome/bug418986-1.js ===================================== @@ -32,9 +32,6 @@ var test = function (isContent) { ["screen.availTop", 0], ["screen.width", "outerWidth"], ["screen.height", "outerHeight"], - ["screen.orientation.type", "'landscape-primary'"], - ["screen.orientation.angle", 0], - ["screen.mozOrientation", "'landscape-primary'"], ["devicePixelRatio", 2], ]; ===================================== hal/android/AndroidHal.cpp ===================================== @@ -79,19 +79,20 @@ void GetCurrentNetworkInformation(hal::NetworkInformation* aNetworkInfo) { static bool IsSupportedScreenOrientation(hal::ScreenOrientation aOrientation) { // The Android backend only supports these orientations. - static constexpr ScreenOrientation kSupportedOrientations[] = { - ScreenOrientation::PortraitPrimary, - ScreenOrientation::PortraitSecondary, - ScreenOrientation::PortraitPrimary | ScreenOrientation::PortraitSecondary, - ScreenOrientation::LandscapePrimary, - ScreenOrientation::LandscapeSecondary, - ScreenOrientation::LandscapePrimary | - ScreenOrientation::LandscapeSecondary, - ScreenOrientation::PortraitPrimary | - ScreenOrientation::PortraitSecondary | - ScreenOrientation::LandscapePrimary | - ScreenOrientation::LandscapeSecondary, - ScreenOrientation::Default, + static constexpr hal::ScreenOrientation kSupportedOrientations[] = { + hal::ScreenOrientation::PortraitPrimary, + hal::ScreenOrientation::PortraitSecondary, + hal::ScreenOrientation::PortraitPrimary | + hal::ScreenOrientation::PortraitSecondary, + hal::ScreenOrientation::LandscapePrimary, + hal::ScreenOrientation::LandscapeSecondary, + hal::ScreenOrientation::LandscapePrimary | + hal::ScreenOrientation::LandscapeSecondary, + hal::ScreenOrientation::PortraitPrimary | + hal::ScreenOrientation::PortraitSecondary | + hal::ScreenOrientation::LandscapePrimary | + hal::ScreenOrientation::LandscapeSecondary, + hal::ScreenOrientation::Default, }; for (auto supportedOrientation : kSupportedOrientations) { if (aOrientation == supportedOrientation) { ===================================== toolkit/components/resistfingerprinting/nsRFPService.cpp ===================================== @@ -2284,3 +2284,34 @@ Maybe<RFPTarget> nsRFPService::GetOverriddenFingerprintingSettingsForURI( return result; } + +/* static */ +uint16_t nsRFPService::ViewportSizeToAngle(int32_t aWidth, int32_t aHeight) { +#ifdef MOZ_WIDGET_ANDROID + bool neutral = aHeight >= aWidth; +#else + bool neutral = aWidth >= aHeight; +#endif + if (neutral) { + return 0; + } + return 90; +} + +/* static */ +dom::OrientationType nsRFPService::ViewportSizeToOrientationType( + int32_t aWidth, int32_t aHeight) { + if (aWidth >= aHeight) { + return dom::OrientationType::Landscape_primary; + } + return dom::OrientationType::Portrait_primary; +} + +/* static */ +dom::OrientationType nsRFPService::GetDefaultOrientationType() { +#ifdef MOZ_WIDGET_ANDROID + return dom::OrientationType::Portrait_primary; +#else + return dom::OrientationType::Landscape_primary; +#endif +} ===================================== toolkit/components/resistfingerprinting/nsRFPService.h ===================================== @@ -14,6 +14,7 @@ #include "mozilla/ContentBlockingLog.h" #include "mozilla/gfx/Types.h" #include "mozilla/TypedEnumBits.h" +#include "mozilla/dom/ScreenOrientationBinding.h" #include "js/RealmOptions.h" #include "nsHashtablesFwd.h" #include "nsICookieJarSettings.h" @@ -368,6 +369,16 @@ class nsRFPService final : public nsIObserver, public nsIRFPService { static bool CheckSuspiciousFingerprintingActivity( nsTArray<ContentBlockingLog::LogEntry>& aLogs); + // Converts the viewport size to the angle. + static uint16_t ViewportSizeToAngle(int32_t aWidth, int32_t aHeight); + + // Converts the viewport size to the orientation type. + static dom::OrientationType ViewportSizeToOrientationType(int32_t aWidth, + int32_t aHeight); + + // Returns the default orientation type for the given platform. + static dom::OrientationType GetDefaultOrientationType(); + private: nsresult Init(); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/92… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/92… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.3.0esr-14.0-1] 2 commits: Bug 1607032: Spoof screen orientation and angle to primary values. r=tjr, geckoview-reviewers, owlish
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch base-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 9f066a06 by Fatih at 2024-10-02T19:25:48+00:00 Bug 1607032: Spoof screen orientation and angle to primary values. r=tjr,geckoview-reviewers,owlish Differential Revision: https://phabricator.services.mozilla.com/D220904 - - - - - 6112a1c3 by Fatih at 2024-10-02T19:25:48+00:00 Bug 1918202: Spoof orientation based on screen size. r=tjr Differential Revision: https://phabricator.services.mozilla.com/D221863 - - - - - 6 changed files: - dom/base/ScreenOrientation.cpp - dom/base/nsGlobalWindowInner.cpp - dom/base/test/chrome/bug418986-1.js - hal/android/AndroidHal.cpp - toolkit/components/resistfingerprinting/nsRFPService.cpp - toolkit/components/resistfingerprinting/nsRFPService.h Changes: ===================================== dom/base/ScreenOrientation.cpp ===================================== @@ -626,7 +626,13 @@ void ScreenOrientation::CleanupFullscreenListener() { OrientationType ScreenOrientation::DeviceType(CallerType aCallerType) const { if (nsContentUtils::ShouldResistFingerprinting( aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return OrientationType::Landscape_primary; + Document* doc = GetResponsibleDocument(); + BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; + if (!bc) { + return nsRFPService::GetDefaultOrientationType(); + } + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToOrientationType(size.width, size.height); } return mType; } @@ -634,18 +640,19 @@ OrientationType ScreenOrientation::DeviceType(CallerType aCallerType) const { uint16_t ScreenOrientation::DeviceAngle(CallerType aCallerType) const { if (nsContentUtils::ShouldResistFingerprinting( aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return 0; + Document* doc = GetResponsibleDocument(); + BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; + if (!bc) { + return 0; + } + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToAngle(size.width, size.height); } return mAngle; } OrientationType ScreenOrientation::GetType(CallerType aCallerType, ErrorResult& aRv) const { - if (nsContentUtils::ShouldResistFingerprinting( - aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return OrientationType::Landscape_primary; - } - Document* doc = GetResponsibleDocument(); BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; if (!bc) { @@ -653,16 +660,17 @@ OrientationType ScreenOrientation::GetType(CallerType aCallerType, return OrientationType::Portrait_primary; } - return bc->GetCurrentOrientationType(); -} - -uint16_t ScreenOrientation::GetAngle(CallerType aCallerType, - ErrorResult& aRv) const { + OrientationType orientation = bc->GetCurrentOrientationType(); if (nsContentUtils::ShouldResistFingerprinting( aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return 0; + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToOrientationType(size.width, size.height); } + return orientation; +} +uint16_t ScreenOrientation::GetAngle(CallerType aCallerType, + ErrorResult& aRv) const { Document* doc = GetResponsibleDocument(); BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; if (!bc) { @@ -670,7 +678,13 @@ uint16_t ScreenOrientation::GetAngle(CallerType aCallerType, return 0; } - return bc->GetCurrentOrientationAngle(); + uint16_t angle = static_cast<uint16_t>(bc->GetCurrentOrientationAngle()); + if (nsContentUtils::ShouldResistFingerprinting( + aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToAngle(size.width, size.height); + } + return angle; } ScreenOrientation::LockPermission ===================================== dom/base/nsGlobalWindowInner.cpp ===================================== @@ -7306,11 +7306,13 @@ void nsGlobalWindowInner::InitWasOffline() { mWasOffline = NS_IsOffline(); } int16_t nsGlobalWindowInner::Orientation(CallerType aCallerType) { // GetOrientationAngle() returns 0, 90, 180 or 270. // window.orientation returns -90, 0, 90 or 180. + uint16_t screenAngle = Screen()->GetOrientationAngle(); if (nsIGlobalObject::ShouldResistFingerprinting( aCallerType, RFPTarget::ScreenOrientation)) { - return 0; + CSSIntSize size = mBrowsingContext->GetTopInnerSizeForRFP(); + screenAngle = nsRFPService::ViewportSizeToAngle(size.width, size.height); } - int16_t angle = AssertedCast<int16_t>(Screen()->GetOrientationAngle()); + int16_t angle = AssertedCast<int16_t>(screenAngle); return angle <= 180 ? angle : angle - 360; } ===================================== dom/base/test/chrome/bug418986-1.js ===================================== @@ -32,9 +32,6 @@ var test = function (isContent) { ["screen.availTop", 0], ["screen.width", "outerWidth"], ["screen.height", "outerHeight"], - ["screen.orientation.type", "'landscape-primary'"], - ["screen.orientation.angle", 0], - ["screen.mozOrientation", "'landscape-primary'"], ["devicePixelRatio", 2], ]; ===================================== hal/android/AndroidHal.cpp ===================================== @@ -79,19 +79,20 @@ void GetCurrentNetworkInformation(hal::NetworkInformation* aNetworkInfo) { static bool IsSupportedScreenOrientation(hal::ScreenOrientation aOrientation) { // The Android backend only supports these orientations. - static constexpr ScreenOrientation kSupportedOrientations[] = { - ScreenOrientation::PortraitPrimary, - ScreenOrientation::PortraitSecondary, - ScreenOrientation::PortraitPrimary | ScreenOrientation::PortraitSecondary, - ScreenOrientation::LandscapePrimary, - ScreenOrientation::LandscapeSecondary, - ScreenOrientation::LandscapePrimary | - ScreenOrientation::LandscapeSecondary, - ScreenOrientation::PortraitPrimary | - ScreenOrientation::PortraitSecondary | - ScreenOrientation::LandscapePrimary | - ScreenOrientation::LandscapeSecondary, - ScreenOrientation::Default, + static constexpr hal::ScreenOrientation kSupportedOrientations[] = { + hal::ScreenOrientation::PortraitPrimary, + hal::ScreenOrientation::PortraitSecondary, + hal::ScreenOrientation::PortraitPrimary | + hal::ScreenOrientation::PortraitSecondary, + hal::ScreenOrientation::LandscapePrimary, + hal::ScreenOrientation::LandscapeSecondary, + hal::ScreenOrientation::LandscapePrimary | + hal::ScreenOrientation::LandscapeSecondary, + hal::ScreenOrientation::PortraitPrimary | + hal::ScreenOrientation::PortraitSecondary | + hal::ScreenOrientation::LandscapePrimary | + hal::ScreenOrientation::LandscapeSecondary, + hal::ScreenOrientation::Default, }; for (auto supportedOrientation : kSupportedOrientations) { if (aOrientation == supportedOrientation) { ===================================== toolkit/components/resistfingerprinting/nsRFPService.cpp ===================================== @@ -2284,3 +2284,34 @@ Maybe<RFPTarget> nsRFPService::GetOverriddenFingerprintingSettingsForURI( return result; } + +/* static */ +uint16_t nsRFPService::ViewportSizeToAngle(int32_t aWidth, int32_t aHeight) { +#ifdef MOZ_WIDGET_ANDROID + bool neutral = aHeight >= aWidth; +#else + bool neutral = aWidth >= aHeight; +#endif + if (neutral) { + return 0; + } + return 90; +} + +/* static */ +dom::OrientationType nsRFPService::ViewportSizeToOrientationType( + int32_t aWidth, int32_t aHeight) { + if (aWidth >= aHeight) { + return dom::OrientationType::Landscape_primary; + } + return dom::OrientationType::Portrait_primary; +} + +/* static */ +dom::OrientationType nsRFPService::GetDefaultOrientationType() { +#ifdef MOZ_WIDGET_ANDROID + return dom::OrientationType::Portrait_primary; +#else + return dom::OrientationType::Landscape_primary; +#endif +} ===================================== toolkit/components/resistfingerprinting/nsRFPService.h ===================================== @@ -14,6 +14,7 @@ #include "mozilla/ContentBlockingLog.h" #include "mozilla/gfx/Types.h" #include "mozilla/TypedEnumBits.h" +#include "mozilla/dom/ScreenOrientationBinding.h" #include "js/RealmOptions.h" #include "nsHashtablesFwd.h" #include "nsICookieJarSettings.h" @@ -368,6 +369,16 @@ class nsRFPService final : public nsIObserver, public nsIRFPService { static bool CheckSuspiciousFingerprintingActivity( nsTArray<ContentBlockingLog::LogEntry>& aLogs); + // Converts the viewport size to the angle. + static uint16_t ViewportSizeToAngle(int32_t aWidth, int32_t aHeight); + + // Converts the viewport size to the orientation type. + static dom::OrientationType ViewportSizeToOrientationType(int32_t aWidth, + int32_t aHeight); + + // Returns the default orientation type for the given platform. + static dom::OrientationType GetDefaultOrientationType(); + private: nsresult Init(); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/dbdddf… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/dbdddf… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] 2 commits: Bug 1607032: Spoof screen orientation and angle to primary values. r=tjr, geckoview-reviewers, owlish
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 89b45eb4 by Fatih at 2024-10-02T18:59:01+00:00 Bug 1607032: Spoof screen orientation and angle to primary values. r=tjr,geckoview-reviewers,owlish Differential Revision: https://phabricator.services.mozilla.com/D220904 - - - - - 084cb5b9 by Fatih at 2024-10-02T18:59:01+00:00 Bug 1918202: Spoof orientation based on screen size. r=tjr Differential Revision: https://phabricator.services.mozilla.com/D221863 - - - - - 6 changed files: - dom/base/ScreenOrientation.cpp - dom/base/nsGlobalWindowInner.cpp - dom/base/test/chrome/bug418986-1.js - hal/android/AndroidHal.cpp - toolkit/components/resistfingerprinting/nsRFPService.cpp - toolkit/components/resistfingerprinting/nsRFPService.h Changes: ===================================== dom/base/ScreenOrientation.cpp ===================================== @@ -626,7 +626,13 @@ void ScreenOrientation::CleanupFullscreenListener() { OrientationType ScreenOrientation::DeviceType(CallerType aCallerType) const { if (nsContentUtils::ShouldResistFingerprinting( aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return OrientationType::Landscape_primary; + Document* doc = GetResponsibleDocument(); + BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; + if (!bc) { + return nsRFPService::GetDefaultOrientationType(); + } + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToOrientationType(size.width, size.height); } return mType; } @@ -634,18 +640,19 @@ OrientationType ScreenOrientation::DeviceType(CallerType aCallerType) const { uint16_t ScreenOrientation::DeviceAngle(CallerType aCallerType) const { if (nsContentUtils::ShouldResistFingerprinting( aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return 0; + Document* doc = GetResponsibleDocument(); + BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; + if (!bc) { + return 0; + } + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToAngle(size.width, size.height); } return mAngle; } OrientationType ScreenOrientation::GetType(CallerType aCallerType, ErrorResult& aRv) const { - if (nsContentUtils::ShouldResistFingerprinting( - aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return OrientationType::Landscape_primary; - } - Document* doc = GetResponsibleDocument(); BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; if (!bc) { @@ -653,16 +660,17 @@ OrientationType ScreenOrientation::GetType(CallerType aCallerType, return OrientationType::Portrait_primary; } - return bc->GetCurrentOrientationType(); -} - -uint16_t ScreenOrientation::GetAngle(CallerType aCallerType, - ErrorResult& aRv) const { + OrientationType orientation = bc->GetCurrentOrientationType(); if (nsContentUtils::ShouldResistFingerprinting( aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return 0; + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToOrientationType(size.width, size.height); } + return orientation; +} +uint16_t ScreenOrientation::GetAngle(CallerType aCallerType, + ErrorResult& aRv) const { Document* doc = GetResponsibleDocument(); BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; if (!bc) { @@ -670,7 +678,13 @@ uint16_t ScreenOrientation::GetAngle(CallerType aCallerType, return 0; } - return bc->GetCurrentOrientationAngle(); + uint16_t angle = static_cast<uint16_t>(bc->GetCurrentOrientationAngle()); + if (nsContentUtils::ShouldResistFingerprinting( + aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToAngle(size.width, size.height); + } + return angle; } ScreenOrientation::LockPermission ===================================== dom/base/nsGlobalWindowInner.cpp ===================================== @@ -7306,11 +7306,13 @@ void nsGlobalWindowInner::InitWasOffline() { mWasOffline = NS_IsOffline(); } int16_t nsGlobalWindowInner::Orientation(CallerType aCallerType) { // GetOrientationAngle() returns 0, 90, 180 or 270. // window.orientation returns -90, 0, 90 or 180. + uint16_t screenAngle = Screen()->GetOrientationAngle(); if (nsIGlobalObject::ShouldResistFingerprinting( aCallerType, RFPTarget::ScreenOrientation)) { - return 0; + CSSIntSize size = mBrowsingContext->GetTopInnerSizeForRFP(); + screenAngle = nsRFPService::ViewportSizeToAngle(size.width, size.height); } - int16_t angle = AssertedCast<int16_t>(Screen()->GetOrientationAngle()); + int16_t angle = AssertedCast<int16_t>(screenAngle); return angle <= 180 ? angle : angle - 360; } ===================================== dom/base/test/chrome/bug418986-1.js ===================================== @@ -32,9 +32,6 @@ var test = function (isContent) { ["screen.availTop", 0], ["screen.width", "outerWidth"], ["screen.height", "outerHeight"], - ["screen.orientation.type", "'landscape-primary'"], - ["screen.orientation.angle", 0], - ["screen.mozOrientation", "'landscape-primary'"], ["devicePixelRatio", 2], ]; ===================================== hal/android/AndroidHal.cpp ===================================== @@ -79,19 +79,20 @@ void GetCurrentNetworkInformation(hal::NetworkInformation* aNetworkInfo) { static bool IsSupportedScreenOrientation(hal::ScreenOrientation aOrientation) { // The Android backend only supports these orientations. - static constexpr ScreenOrientation kSupportedOrientations[] = { - ScreenOrientation::PortraitPrimary, - ScreenOrientation::PortraitSecondary, - ScreenOrientation::PortraitPrimary | ScreenOrientation::PortraitSecondary, - ScreenOrientation::LandscapePrimary, - ScreenOrientation::LandscapeSecondary, - ScreenOrientation::LandscapePrimary | - ScreenOrientation::LandscapeSecondary, - ScreenOrientation::PortraitPrimary | - ScreenOrientation::PortraitSecondary | - ScreenOrientation::LandscapePrimary | - ScreenOrientation::LandscapeSecondary, - ScreenOrientation::Default, + static constexpr hal::ScreenOrientation kSupportedOrientations[] = { + hal::ScreenOrientation::PortraitPrimary, + hal::ScreenOrientation::PortraitSecondary, + hal::ScreenOrientation::PortraitPrimary | + hal::ScreenOrientation::PortraitSecondary, + hal::ScreenOrientation::LandscapePrimary, + hal::ScreenOrientation::LandscapeSecondary, + hal::ScreenOrientation::LandscapePrimary | + hal::ScreenOrientation::LandscapeSecondary, + hal::ScreenOrientation::PortraitPrimary | + hal::ScreenOrientation::PortraitSecondary | + hal::ScreenOrientation::LandscapePrimary | + hal::ScreenOrientation::LandscapeSecondary, + hal::ScreenOrientation::Default, }; for (auto supportedOrientation : kSupportedOrientations) { if (aOrientation == supportedOrientation) { ===================================== toolkit/components/resistfingerprinting/nsRFPService.cpp ===================================== @@ -2284,3 +2284,34 @@ Maybe<RFPTarget> nsRFPService::GetOverriddenFingerprintingSettingsForURI( return result; } + +/* static */ +uint16_t nsRFPService::ViewportSizeToAngle(int32_t aWidth, int32_t aHeight) { +#ifdef MOZ_WIDGET_ANDROID + bool neutral = aHeight >= aWidth; +#else + bool neutral = aWidth >= aHeight; +#endif + if (neutral) { + return 0; + } + return 90; +} + +/* static */ +dom::OrientationType nsRFPService::ViewportSizeToOrientationType( + int32_t aWidth, int32_t aHeight) { + if (aWidth >= aHeight) { + return dom::OrientationType::Landscape_primary; + } + return dom::OrientationType::Portrait_primary; +} + +/* static */ +dom::OrientationType nsRFPService::GetDefaultOrientationType() { +#ifdef MOZ_WIDGET_ANDROID + return dom::OrientationType::Portrait_primary; +#else + return dom::OrientationType::Landscape_primary; +#endif +} ===================================== toolkit/components/resistfingerprinting/nsRFPService.h ===================================== @@ -14,6 +14,7 @@ #include "mozilla/ContentBlockingLog.h" #include "mozilla/gfx/Types.h" #include "mozilla/TypedEnumBits.h" +#include "mozilla/dom/ScreenOrientationBinding.h" #include "js/RealmOptions.h" #include "nsHashtablesFwd.h" #include "nsICookieJarSettings.h" @@ -368,6 +369,16 @@ class nsRFPService final : public nsIObserver, public nsIRFPService { static bool CheckSuspiciousFingerprintingActivity( nsTArray<ContentBlockingLog::LogEntry>& aLogs); + // Converts the viewport size to the angle. + static uint16_t ViewportSizeToAngle(int32_t aWidth, int32_t aHeight); + + // Converts the viewport size to the orientation type. + static dom::OrientationType ViewportSizeToOrientationType(int32_t aWidth, + int32_t aHeight); + + // Returns the default orientation type for the given platform. + static dom::OrientationType GetDefaultOrientationType(); + private: nsresult Init(); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/c4c73e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/c4c73e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.3.0esr-14.0-1] Bug 1918009 - Fix the RFP-spoofed User-Agent header. r=tjr
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch mullvad-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 92d9fad9 by Pier Angelo Vendrame at 2024-10-02T18:50:03+00:00 Bug 1918009 - Fix the RFP-spoofed User-Agent header. r=tjr The spoofed value of the HTTP user-agent header is not consistent with the value of navigator.userAgent on Windows, and this can lead to compatibility issues. Differential Revision: https://phabricator.services.mozilla.com/D223745 - - - - - 3 changed files: - browser/components/resistfingerprinting/test/browser/browser_navigator.js - browser/components/resistfingerprinting/test/browser/browser_navigator_iframes.js - toolkit/components/resistfingerprinting/nsRFPService.h Changes: ===================================== browser/components/resistfingerprinting/test/browser/browser_navigator.js ===================================== @@ -115,11 +115,11 @@ const SPOOFED_UA_NAVIGATOR_OS = { other: "X11; Linux x86_64", }; const SPOOFED_UA_HTTPHEADER_OS = { - linux: "Windows NT 10.0", - win: "Windows NT 10.0", - macosx: "Windows NT 10.0", + linux: "Windows NT 10.0; Win64; x64", + win: "Windows NT 10.0; Win64; x64", + macosx: "Windows NT 10.0; Win64; x64", android: "Android 10; Mobile", - other: "Windows NT 10.0", + other: "Windows NT 10.0; Win64; x64", }; const SPOOFED_HW_CONCURRENCY = 2; ===================================== browser/components/resistfingerprinting/test/browser/browser_navigator_iframes.js ===================================== @@ -130,11 +130,11 @@ const SPOOFED_UA_NAVIGATOR_OS = { other: "X11; Linux x86_64", }; const SPOOFED_UA_HTTPHEADER_OS = { - linux: "Windows NT 10.0", - win: "Windows NT 10.0", - macosx: "Windows NT 10.0", + linux: "Windows NT 10.0; Win64; x64", + win: "Windows NT 10.0; Win64; x64", + macosx: "Windows NT 10.0; Win64; x64", android: "Android 10; Mobile", - other: "Windows NT 10.0", + other: "Windows NT 10.0; Win64; x64", }; const SPOOFED_HW_CONCURRENCY = 2; ===================================== toolkit/components/resistfingerprinting/nsRFPService.h ===================================== @@ -63,7 +63,7 @@ #if defined(MOZ_WIDGET_ANDROID) # define SPOOFED_HTTP_UA_OS "Android 10; Mobile" #else -# define SPOOFED_HTTP_UA_OS "Windows NT 10.0" +# define SPOOFED_HTTP_UA_OS "Windows NT 10.0; Win64; x64" #endif struct JSContext; View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/92d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/92d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.3.0esr-14.0-1] Bug 1918009 - Fix the RFP-spoofed User-Agent header. r=tjr
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch base-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: dbdddf48 by Pier Angelo Vendrame at 2024-10-02T18:49:35+00:00 Bug 1918009 - Fix the RFP-spoofed User-Agent header. r=tjr The spoofed value of the HTTP user-agent header is not consistent with the value of navigator.userAgent on Windows, and this can lead to compatibility issues. Differential Revision: https://phabricator.services.mozilla.com/D223745 - - - - - 3 changed files: - browser/components/resistfingerprinting/test/browser/browser_navigator.js - browser/components/resistfingerprinting/test/browser/browser_navigator_iframes.js - toolkit/components/resistfingerprinting/nsRFPService.h Changes: ===================================== browser/components/resistfingerprinting/test/browser/browser_navigator.js ===================================== @@ -115,11 +115,11 @@ const SPOOFED_UA_NAVIGATOR_OS = { other: "X11; Linux x86_64", }; const SPOOFED_UA_HTTPHEADER_OS = { - linux: "Windows NT 10.0", - win: "Windows NT 10.0", - macosx: "Windows NT 10.0", + linux: "Windows NT 10.0; Win64; x64", + win: "Windows NT 10.0; Win64; x64", + macosx: "Windows NT 10.0; Win64; x64", android: "Android 10; Mobile", - other: "Windows NT 10.0", + other: "Windows NT 10.0; Win64; x64", }; const SPOOFED_HW_CONCURRENCY = 2; ===================================== browser/components/resistfingerprinting/test/browser/browser_navigator_iframes.js ===================================== @@ -130,11 +130,11 @@ const SPOOFED_UA_NAVIGATOR_OS = { other: "X11; Linux x86_64", }; const SPOOFED_UA_HTTPHEADER_OS = { - linux: "Windows NT 10.0", - win: "Windows NT 10.0", - macosx: "Windows NT 10.0", + linux: "Windows NT 10.0; Win64; x64", + win: "Windows NT 10.0; Win64; x64", + macosx: "Windows NT 10.0; Win64; x64", android: "Android 10; Mobile", - other: "Windows NT 10.0", + other: "Windows NT 10.0; Win64; x64", }; const SPOOFED_HW_CONCURRENCY = 2; ===================================== toolkit/components/resistfingerprinting/nsRFPService.h ===================================== @@ -63,7 +63,7 @@ #if defined(MOZ_WIDGET_ANDROID) # define SPOOFED_HTTP_UA_OS "Android 10; Mobile" #else -# define SPOOFED_HTTP_UA_OS "Windows NT 10.0" +# define SPOOFED_HTTP_UA_OS "Windows NT 10.0; Win64; x64" #endif struct JSContext; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/dbdddf4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/dbdddf4… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] Bug 1918009 - Fix the RFP-spoofed User-Agent header. r=tjr
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: c4c73ea4 by Pier Angelo Vendrame at 2024-10-02T18:31:19+00:00 Bug 1918009 - Fix the RFP-spoofed User-Agent header. r=tjr The spoofed value of the HTTP user-agent header is not consistent with the value of navigator.userAgent on Windows, and this can lead to compatibility issues. Differential Revision: https://phabricator.services.mozilla.com/D223745 - - - - - 3 changed files: - browser/components/resistfingerprinting/test/browser/browser_navigator.js - browser/components/resistfingerprinting/test/browser/browser_navigator_iframes.js - toolkit/components/resistfingerprinting/nsRFPService.h Changes: ===================================== browser/components/resistfingerprinting/test/browser/browser_navigator.js ===================================== @@ -115,11 +115,11 @@ const SPOOFED_UA_NAVIGATOR_OS = { other: "X11; Linux x86_64", }; const SPOOFED_UA_HTTPHEADER_OS = { - linux: "Windows NT 10.0", - win: "Windows NT 10.0", - macosx: "Windows NT 10.0", + linux: "Windows NT 10.0; Win64; x64", + win: "Windows NT 10.0; Win64; x64", + macosx: "Windows NT 10.0; Win64; x64", android: "Android 10; Mobile", - other: "Windows NT 10.0", + other: "Windows NT 10.0; Win64; x64", }; const SPOOFED_HW_CONCURRENCY = 2; ===================================== browser/components/resistfingerprinting/test/browser/browser_navigator_iframes.js ===================================== @@ -130,11 +130,11 @@ const SPOOFED_UA_NAVIGATOR_OS = { other: "X11; Linux x86_64", }; const SPOOFED_UA_HTTPHEADER_OS = { - linux: "Windows NT 10.0", - win: "Windows NT 10.0", - macosx: "Windows NT 10.0", + linux: "Windows NT 10.0; Win64; x64", + win: "Windows NT 10.0; Win64; x64", + macosx: "Windows NT 10.0; Win64; x64", android: "Android 10; Mobile", - other: "Windows NT 10.0", + other: "Windows NT 10.0; Win64; x64", }; const SPOOFED_HW_CONCURRENCY = 2; ===================================== toolkit/components/resistfingerprinting/nsRFPService.h ===================================== @@ -63,7 +63,7 @@ #if defined(MOZ_WIDGET_ANDROID) # define SPOOFED_HTTP_UA_OS "Android 10; Mobile" #else -# define SPOOFED_HTTP_UA_OS "Windows NT 10.0" +# define SPOOFED_HTTP_UA_OS "Windows NT 10.0; Win64; x64" #endif struct JSContext; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c4c73ea… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c4c73ea… You're receiving this email because of your account on gitlab.torproject.org.

1 0