[tbb-bugs] #19048 [Applications/Tor Browser]: Review Firefox Developer Docs and Undocumented bugs since FF45esr

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Mar 3 15:29:37 UTC 2017

#19048: Review Firefox Developer Docs and Undocumented bugs since FF45esr
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  task                                 |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ff52-esr, TorBrowserTeam201702,      |  Actual Points:
  tbb-7.0-must                                   |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor4

Comment (by mcs):

 Replying to [comment:15 gk]:
 > Replying to [comment:9 mcs]:
 > > a) `DateTimeFormat.formatToParts`. We should verify that timezone
 and/or locale not leaked to web content by new API.
 > > https://bugzilla.mozilla.org/show_bug.cgi?id=1289340
 > > https://developer.mozilla.org/en-
 > That's in mozill52, right? But, yes, we should double-check that. I
 opened #21608.

 Thanks. That bug and the docs say it is in mozilla51, but in any case we
 should take a look.

 > ...
 > > e) window.showModalDialog() is not available when e10s is enabled.
 Should we always make it unavailable (even when e10s is disabled)? Or
 maybe we don't care because we will probably enable e10s for all Tor
 Browser users or none.
 > > https://bugzilla.mozilla.org/show_bug.cgi?id=1234700
 > I think we should not care. Besides that it seems that non of our code
 is using `showModalDialog()` anyway.

 Okay. Kathy and I were thinking about regular web pages using that API
 and/or detecting that it is not available. But there are probably other
 ways to detect that e10s is enabled.

 > > f) Looking through the bug lists reminded us about Web Animations
 possibly providing a high resolution timing source. But we do have #18273
 for that issue.
 > I guess you mean #16337?

 Yes; thanks.

 > > h) We will need to set `network.dns.blockDotOnion = false`.
 > Hm. You mean for the transparent proxying option?

 I was thinking that the Firefox code would block .onion requests even when
 they go through the SOCKS proxy. But you may be correct.

 > > k) Is the Fetch API safe? It includes fetch events with mode=navigate,
 and Kathy and I are not sure if there are any linkability concerns with
 that API.
 > > https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API
 > This is already #16326. Or did you find something new we should look at?

 No, I don't think we found anything new. Kathy and I forgot that we had
 looked at this API before. There were some small changes since Firefox 45,
 but if I remember correctly they are not significant.

 Thanks for making another pass at this and filing tickets!

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19048#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list