This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch main in repository tor-browser-spec.

The following commit(s) were added to refs/heads/main by this push: new 3287abf Bug 40024: FF96 Audit 3287abf is described below

commit 3287abf6189f1ca9f3422eeb47bd04a253aa8a93 Author: Richard Pospesel richard@torproject.org AuthorDate: Mon Oct 24 20:27:55 2022 +0000

Bug 40024: FF96 Audit --- audits/FF96_AUDIT | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+)

diff --git a/audits/FF96_AUDIT b/audits/FF96_AUDIT new file mode 100644 index 0000000..d30dbfb --- /dev/null +++ b/audits/FF96_AUDIT @@ -0,0 +1,77 @@ +Tracking Issue: https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/issues/400... + +# General + +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript). + +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation. + +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit. + +## Firefox: https://github.com/mozilla/gecko-dev.git + +- Start: `6a277ae5bdf6554793cd0da292a9c9ea804b4ed9` ( `FIREFOX_RELEASE_96_BASE` ) +- End: `e6b83e1727b7e9a6847e6e15bdb935d9937099e4` ( `FIREFOX_RELEASE_97_BASE` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +#### e88ab3dace9ad1c671c6c37a5aa1a3652e754544 +- Some windows proxy stuff we need to check +- Review Result: (SAFE|BAD) + +--- + +## Application Services: https://github.com/mozilla/application-services.git + +- Start: `5ceeb43598871a7d8550acc574a6a3fb93803ad7` ( `v87.3.0` ) +- End: `df53ad867be7d79899e05797533cd624f1eeb2a2` ( `v90.0.1` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +## Android Components: https://github.com/mozilla-mobile/android-components.git + +- Start: `ea5bd2687c9b64245ea8e3cdcb84faa5d87d540a` ( `v96.0.0` ) +- End: `0178a6fde98fa8c76885d67a2362f2ca310b67fd` ( `v96.0.15` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +**OR** +## Fenix: https://github.com/mozilla-mobile/fenix.git + +- Start: `a7afdb776ca202bf5eafc29d6a84f047c1609e0f` ( `v96.0.0-beta.1` ) +- End: `abe11c163d14fab17bdcf8aebbef2de2a3360032` ( `releases_v96.0.0` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +**OR** + +## Ticket Review ## + +### Review List + +#### 96 https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolutio... + +- https://bugzilla.mozilla.org/show_bug.cgi?id=1740840 : @ma1 https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41129 + - Nothing to do here \ No newline at end of file