[tbb-commits] [tor-browser-spec] branch main updated: Bug 40029: FF95 Audit

Wed Nov 2 20:47:43 UTC 2022

This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch main
in repository tor-browser-spec.

The following commit(s) were added to refs/heads/main by this push:
     new 0fa797b  Bug 40029: FF95 Audit
0fa797b is described below

commit 0fa797bcb95e704a84dd9aab9abcf3c4c14201ad
Author: Richard Pospesel <richard at torproject.org>
AuthorDate: Wed Nov 2 20:47:14 2022 +0000

    Bug 40029: FF95 Audit
---
 audits/FF95_AUDIT | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 78 insertions(+)

diff --git a/audits/FF95_AUDIT b/audits/FF95_AUDIT
new file mode 100644
index 0000000..dd30696
--- /dev/null
+++ b/audits/FF95_AUDIT
@@ -0,0 +1,78 @@
+Tracking issue: https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/issues/40029
+
+# General
+
+The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
+
+The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.
+
+`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
+
+## Firefox: https://github.com/mozilla/gecko-dev.git
+
+- Start: `6c9b6e1483551f220cd409e4e584349bc74a8231` ( `FIREFOX_RELEASE_95_BASE` )
+- End:   `6a277ae5bdf6554793cd0da292a9c9ea804b4ed9`  ( `FIREFOX_RELEASE_96_BASE` )
+
+### Languages:
+- [x] java
+- [x] cpp
+- [x] js
+- [x] rust
+
+Nothing of interest (using `code_audit.sh`)
+
+---
+
+## Application Services: https://github.com/mozilla/application-services.git
+
+- Start: `df1a47fde89f49201b1e839f960e8f16eb95a55d` ( `v87.1.0` )
+- End:   `5ceeb43598871a7d8550acc574a6a3fb93803ad7`  ( `v87.3.0` )
+
+### Languages:
+- [x] java
+- [x] cpp
+- [x] js
+- [x] rust
+
+Nothing of interest (using `code_audit.sh`)
+
+## Android Components: https://github.com/mozilla-mobile/android-components.git
+
+- Start: `ef09fecd91dfcbffb85d9f4907b76cc9e5a0b70e` ( `v95.0.0` )
+- End:   `93066a8f082fa2db3d38d361d0a538c438d2e1b8`  ( `v95.0.15` )
+
+### Languages:
+- [x] java
+- [x] cpp
+- [x] js
+- [x] rust
+
+Nothing of interest (using `code_audit.sh`)
+
+## Fenix: https://github.com/mozilla-mobile/fenix.git
+
+- Start: `9ab24a371b2dd51d18dab2f7f49facc6d2fd56ad` ( `v95.0.0-beta.1` )
+- End:   `d01642a0b1e3819cd2802b42a8a6aae43eb5ff12`  ( `releases_v95.0.0` )
+
+### Languages:
+- [x] java
+- [x] cpp
+- [x] js
+- [x] rust
+
+Nothing of interest (using `code_audit.sh`)
+
+## Ticket Review ##
+
+### Review List
+
+#### 95 https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolution=FIXED&target_milestone=95%20Branch&order=priority%2Cbug_severity&limit=0
+
+- https://bugzilla.mozilla.org/show_bug.cgi?id=1732792 : @dan https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41125
+  - put this feature behind MOZ_PROXY_BYPASS_PROTECTION and uplifted to Firefox
+- https://bugzilla.mozilla.org/show_bug.cgi?id=1734262 : @ma1 https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41126
+  - nothing to do here
+- https://bugzilla.mozilla.org/show_bug.cgi?id=1726524 : @henry  https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41127
+  - not a blocking issue for release, but kept open so we can review our options and re-enable text to speech while also resisting fingerprinting
+- https://bugzilla.mozilla.org/show_bug.cgi?id=1734331 : @boklm https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41128
+  - nothing to do here
\ No newline at end of file

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
