[tbb-bugs] #19048 [Applications/Tor Browser]: Review Firefox Developer Docs and Undocumented bugs since FF45esr
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Mar 2 14:52:12 UTC 2017
#19048: Review Firefox Developer Docs and Undocumented bugs since FF45esr
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff52-esr, TorBrowserTeam201702 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor: Sponsor4
Comment (by gk):
Replying to [comment:9 mcs]:
> Kathy and I reviewed the Firefox 46 and 47 changes (by looking at the
"Firefox ## for Developers" web pages, the target_milestone=mozilla##
bugs, and the target_milestone=Firefox%20## bugs). Before we move on to
48-52, we wanted to note here what we found so far:
> a) `DateTimeFormat.formatToParts`. We should verify that timezone and/or
locale not leaked to web content by new API.
That's in mozill52, right? But, yes, we should double-check that. I opened
> b) Some changes were made to device orientation events. We should ensure
that orientation is not leaked to web content.
> c) The Permissions API is now enabled. Kathy and I think we should turn
it off to prevent fingerprinting based on choices that users make.
Unfortunately, the `dom.permissions.enabled` pref was removed.
> d) TouchEvents are now enabled on Windows and Linux. I already poked
> e) window.showModalDialog() is not available when e10s is enabled.
Should we always make it unavailable (even when e10s is disabled)? Or
maybe we don't care because we will probably enable e10s for all Tor
Browser users or none.
I think we should not care. Besides that it seems that non of our code is
using `showModalDialog()` anyway.
> f) Looking through the bug lists reminded us about Web Animations
possibly providing a high resolution timing source. But we do have #18273
for that issue.
I guess you mean #16337?
> g) Similarly, we were reminded about WebAudio. See #13017.
> h) We will need to set `network.dns.blockDotOnion = false`.
Hm. You mean for the transparent proxying option?
> i) Should we disable about:profiles? Some of the functionality will
confused our users, e.g., "Create New Profile" which may not work
correctly on Linux and Windows and "Restart with Add-ons Disabled."
Yes. I opened #21610.
> j) A DNS lookup feature was added to about:networking DNS. We should
verify that it respects the browser proxy settings.
> k) Is the Fetch API safe? It includes fetch events with mode=navigate,
and Kathy and I are not sure if there are any linkability concerns with
This is already #16326. Or did you find something new we should look at?
Additional things I found:
l) Remaining things for offscreen canvas got implemented in
https://bugzilla.mozilla.org/show_bug.cgi?id=1172796. We should make sure
that they are disabled as well (I updated #18599).
m) windows are maximized on first run on small screens:
https://bugzilla.mozilla.org/show_bug.cgi?id=384336 I'll have that in mind
while reviewing the rebased patches in #20680.
n) There is a "What's new" item on the about dialog pointing to Mozilla
resources: https://bugzilla.mozilla.org/show_bug.cgi?id=1047395 I guess we
should point to our blog post instead. I opened #21613.
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19048#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs