[tbb-commits] [tor-browser-spec] branch main updated: Bug 40044: FF92/93 Audit

gitolite role git at cupani.torproject.org
Wed Oct 26 22:02:32 UTC 2022 

This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch main
in repository tor-browser-spec.

The following commit(s) were added to refs/heads/main by this push:
     new 8776a7c  Bug 40044: FF92/93 Audit
8776a7c is described below

commit 8776a7cc0707f381858221ef6e73e8984c45d223
Author: Richard Pospesel <richard at torproject.org>
AuthorDate: Wed Oct 26 22:02:18 2022 +0000

    Bug 40044: FF92/93 Audit
---
 audits/FF92_93_AUDIT | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 85 insertions(+)

diff --git a/audits/FF92_93_AUDIT b/audits/FF92_93_AUDIT
new file mode 100644
index 0000000..1f2f38e
--- /dev/null
+++ b/audits/FF92_93_AUDIT
@@ -0,0 +1,85 @@
+Tracking issue: https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/issues/40044
+
+# General
+
+The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
+
+The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.
+
+`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
+
+## Firefox: https://github.com/mozilla/gecko-dev.git ( https://hg.mozilla.org/releases/ )
+
+- Start: `be2c584eacac4f7fe827c1d2409399fe13ba614a` ( `FIREFOX_RELEASE_92_BASE` )
+- End:   `7ea8b05d021fc8e0194e1b8eb9d37a351c9bdc5f`  ( `FIREFOX_RELEASE_93_END` )
+
+### Languages:
+- [x] java
+- [x] cpp
+- [x] js
+- [x] rust
+
+Nothing of interest (using `code_audit.sh`)
+---
+
+## Application Services: https://github.com/mozilla/application-services.git
+
+- Start: `11f7a4b079c83d37505067bd00e17e96ed52ed64` ( `v82.3.0` )
+- End:   `b1f371719ca20db642b64a0e860b4ecb0aaf316f`  ( `v86.1.0` )
+
+### Languages:
+- [x] java
+- [x] cpp
+- [x] js
+- [x] rust
+
+Nothing of interest (using `code_audit.sh`)
+
+## Android Components: https://github.com/mozilla-mobile/android-components.git
+
+- Start: `84553b30da506c656f2a323aed66f8d335fcbf2b`
+- End:   `e39f5dba3f9c29b46856d700701f6715adc261c5`  ( `v93.0.12` )
+
+### Languages:
+- [x] java
+- [x] cpp
+- [x] js
+- [x] rust
+
+Nothing of interest (using `code_audit.sh`)
+
+## Fenix: https://github.com/mozilla-mobile/fenix.git
+
+- Start: `9552ae0ab75c81bf72637b27f59031f1d088a7bf`
+- End:   `bcd31c22cd5460867092c71382392f13aeb95e64` ( `v93.2.0` )
+
+### Languages:
+- [x] java
+- [x] cpp
+- [x] js
+- [x] rust
+
+Nothing of interest (using `code_audit.sh`)
+
+## Ticket Review ##
+
+### Review List
+
+#### 92 (https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolution=FIXED&target_milestone=92%20Branch&order=priority%2Cbug_severity&limit=0 )
+
+- https://bugzilla.mozilla.org/show_bug.cgi?id=1226042 : @pierov https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41116
+  - Fixed in tor-browser and patchin proces of uplift: https://bugzilla.mozilla.org/show_bug.cgi?id=1787790
+- https://bugzilla.mozilla.org/show_bug.cgi?id=1512851 : @dan https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41117
+  - Made functionality dependent on MOZ_PROXY_BYPASS_PROTECTION, may uplift
+- https://bugzilla.mozilla.org/show_bug.cgi?id=1714583 : @ma1 https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41118
+  - Nothing to do here
+- https://bugzilla.mozilla.org/show_bug.cgi?id=1721178 : @dan https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41119
+  - Nothing to do here
+- https://bugzilla.mozilla.org/show_bug.cgi?id=1723869 : @boklm https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41120
+  - Nothing to do here
+- https://bugzilla.mozilla.org/show_bug.cgi?id=516362 : @pierov https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41121
+  - Tweaked this patch slightly to prevent Tor Browser from running with elevated privileges
+
+#### 93 (https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolution=FIXED&target_milestone=93%20Branch&order=priority%2Cbug_severity&limit=0 )
+
+none!

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the tbb-commits mailing list