richard pushed to branch tor-browser-115.2.0esr-13.0-1 at The Tor Project / Applications / Tor Browser

Commits:

1 changed file:

Changes:

  • browser/app/profile/001-base-profile.js
    ... ... @@ -381,12 +381,17 @@ pref("network.http.http2.enable-hpack-dump", false, locked);
    381 381
     // (defense in depth measure)
    
    382 382
     pref("network.gio.supported-protocols", "");
    
    383 383
     pref("media.peerconnection.enabled", false); // Disable WebRTC interfaces
    
    384
    -// Mullvad browser enables WebRTC by default, therefore the following 2 prefs
    
    384
    +// Mullvad Browser enables WebRTC by default, meaning that there the following prefs
    
    385 385
     // are first-line defense, rather than "in depth" (mullvad-browser#40)
    
    386 386
     // tor-browser#41667 - Defense in depth: use mDNS to avoid local IP leaks on Android too if user enables WebRTC
    
    387 387
     pref("media.peerconnection.ice.obfuscate_host_addresses", true);
    
    388 388
     // tor-browser#41671 - Defense in depth: connect using TURN only, to avoid IP leaks if user enables WebRTC
    
    389 389
     pref("media.peerconnection.ice.relay_only", true);
    
    390
    +// tor-browser#42029 - Defense-in-depth: disable non-proxied UDP WebRTC
    
    391
    +pref("media.peerconnection.ice.default_address_only", true);
    
    392
    +pref("media.peerconnection.ice.no_host", true);
    
    393
    +pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true);
    
    394
    +
    
    390 395
     // Disables media devices but only if `media.peerconnection.enabled` is set to
    
    391 396
     // `false` as well. (see bug 16328 for this defense-in-depth measure)
    
    392 397
     pref("media.navigator.enabled", false);