This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch main in repository tor-browser-spec.

The following commit(s) were added to refs/heads/main by this push: new a14adcc Bug 40026: FF99 Audit a14adcc is described below

commit a14adccac9ed132242eda7fcae713766c29c8735 Author: Richard Pospesel richard@torproject.org AuthorDate: Tue Oct 25 22:47:31 2022 +0000

Bug 40026: FF99 Audit --- audits/FF99_AUDIT | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+)

diff --git a/audits/FF99_AUDIT b/audits/FF99_AUDIT new file mode 100644 index 0000000..4440553 --- /dev/null +++ b/audits/FF99_AUDIT @@ -0,0 +1,74 @@ +# General + +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript). + +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation. + +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit. + +## Firefox: https://github.com/mozilla/gecko-dev.git + +- Start: `99300ebd4a4a6440b6a11a80108f1ed6d867cdb4` ( `FIREFOX_RELEASE_99_BASE` ) +- End: `cd4dcd48476d8cb29f4770f6fb659e440ff84345` ( `FIREFOX_RELEASE_100_BASE` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +--- + +## Application Services: https://github.com/mozilla/application-services.git + +- Start: `1fcdb5984be6e0cc460d00cde44c49b7e3ac1ec6` ( `v92.0.0` ) +- End: `21f2904245a956366cae798e16035156c8232cad` ( `v93.0.2` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +## Android Components: https://github.com/mozilla-mobile/android-components.git + +- Start: `4154c161f0949fdf3e94780c8b5ac360722e909c` ( `v99.0.0` ) +- End: `2cf4dbe50f6810d373aeb550e722fabfc6816f56` ( `v99.0.10` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +## Fenix: https://github.com/mozilla-mobile/fenix.git + +- Start: `f4a5a4e471d17be791d73fddc63ebdfb734368e4` ( `v99.0.0-beta.1` ) +- End: `2421d3731e49faf5e2b9d3d4aa41bdbf3e81459a` ( `releases_v99.0.0` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +## Ticket Review ## + +### 99 https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolutio... + +- https://bugzilla.mozilla.org/show_bug.cgi?id=1755354 @dan https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41138 + - Nothing to do, already disabled by pref +- https://bugzilla.mozilla.org/show_bug.cgi?id=1637922 @richard https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41139 + - Nothing to do, already disabled by pref +- https://bugzilla.mozilla.org/show_bug.cgi?id=1751366 @ma1 https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41140 + - Nothing to do, will investigate backing this out in 12.5 alpha to investigate performance improvements ( opened https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41397 ) +- https://bugzilla.mozilla.org/show_bug.cgi?id=1675054 @dan https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41141 + - Not a security risk, bu discoverd the feature should also likely be enabeld for http .onion domains; opened https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41399 \ No newline at end of file