This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch main in repository tor-browser-spec.

The following commit(s) were added to refs/heads/main by this push: new 0fa797b Bug 40029: FF95 Audit 0fa797b is described below

commit 0fa797bcb95e704a84dd9aab9abcf3c4c14201ad Author: Richard Pospesel richard@torproject.org AuthorDate: Wed Nov 2 20:47:14 2022 +0000

Bug 40029: FF95 Audit --- audits/FF95_AUDIT | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+)

diff --git a/audits/FF95_AUDIT b/audits/FF95_AUDIT new file mode 100644 index 0000000..dd30696 --- /dev/null +++ b/audits/FF95_AUDIT @@ -0,0 +1,78 @@ +Tracking issue: https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/issues/400... + +# General + +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript). + +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation. + +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit. + +## Firefox: https://github.com/mozilla/gecko-dev.git + +- Start: `6c9b6e1483551f220cd409e4e584349bc74a8231` ( `FIREFOX_RELEASE_95_BASE` ) +- End: `6a277ae5bdf6554793cd0da292a9c9ea804b4ed9` ( `FIREFOX_RELEASE_96_BASE` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +--- + +## Application Services: https://github.com/mozilla/application-services.git + +- Start: `df1a47fde89f49201b1e839f960e8f16eb95a55d` ( `v87.1.0` ) +- End: `5ceeb43598871a7d8550acc574a6a3fb93803ad7` ( `v87.3.0` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +## Android Components: https://github.com/mozilla-mobile/android-components.git + +- Start: `ef09fecd91dfcbffb85d9f4907b76cc9e5a0b70e` ( `v95.0.0` ) +- End: `93066a8f082fa2db3d38d361d0a538c438d2e1b8` ( `v95.0.15` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +## Fenix: https://github.com/mozilla-mobile/fenix.git + +- Start: `9ab24a371b2dd51d18dab2f7f49facc6d2fd56ad` ( `v95.0.0-beta.1` ) +- End: `d01642a0b1e3819cd2802b42a8a6aae43eb5ff12` ( `releases_v95.0.0` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +## Ticket Review ## + +### Review List + +#### 95 https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolutio... + +- https://bugzilla.mozilla.org/show_bug.cgi?id=1732792 : @dan https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41125 + - put this feature behind MOZ_PROXY_BYPASS_PROTECTION and uplifted to Firefox +- https://bugzilla.mozilla.org/show_bug.cgi?id=1734262 : @ma1 https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41126 + - nothing to do here +- https://bugzilla.mozilla.org/show_bug.cgi?id=1726524 : @henry https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41127 + - not a blocking issue for release, but kept open so we can review our options and re-enable text to speech while also resisting fingerprinting +- https://bugzilla.mozilla.org/show_bug.cgi?id=1734331 : @boklm https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41128 + - nothing to do here \ No newline at end of file