[tor-bugs] #9608 [Firefox Patch Issues]: Review and audit Firefox changes since Firefox 17
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Oct 22 23:15:47 UTC 2013
#9608: Review and audit Firefox changes since Firefox 17
-------------------------------------+-------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: task | Status: new
Priority: major | Milestone:
Component: Firefox Patch | Version:
Issues | Keywords: ff24-esr,
Resolution: | MikePerry201310
Actual Points: | Parent ID:
Points: |
-------------------------------------+-------------------------------------
Comment (by mikeperry):
Reviewing just the developer docs (not counting undocumented bugs), here's
stuff that needs a closer look for each FF version.
FF24:
- Seems fine.
FF23:
- Mixed content blocking will need to be fixed or disabled.
FF22:
- WebRTC is on by default
- Clipboard data: https://developer.mozilla.org/en-
US/docs/Web/API/ClipboardEvent.clipboardData
- Web Notifications may cause proxy issues if they contain embedded
URLs/content?
https://developer.mozilla.org/en-
US/docs/WebAPI/Using_Web_Notifications
- Blob uris/objects may require caching isolation equivalent to data
uris
https://developer.mozilla.org/en-US/docs/Web/API/Blob
- Is the new third party cookie blocker better or worse?
https://blog.mozilla.org/privacy/2013/02/25/firefox-getting-smarter-
about-third-party-cookies/
http://webpolicy.org/2013/02/22/the-new-firefox-cookie-policy/
FF21:
- No major issues
FF20:
- Probably fine: https://developer.mozilla.org/en-
US/docs/Web/API/Navigator.getUserMedia
FF19:
- New canvas methods toBlob(), isPointInStroke():
https://developer.mozilla.org/en-
US/docs/Web/API/CanvasRenderingContext2D
https://developer.mozilla.org/en-US/docs/Web/API/HTMLCanvasElement
- File can return "current" date when time is unknown (verify no
timezone leaks, etc)
https://developer.mozilla.org/en-US/docs/Web/API/File
- https://developer.mozilla.org/en-US/docs/Web/API/CSSPageRule
FF18:
- https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#attr-
allowfullscreen
- https://bugzilla.mozilla.org/show_bug.cgi?id=767818
(navigator.mozPay??)
- https://developer.mozilla.org/en-
US/docs/JavaScript/Reference/Global_Objects/Proxy
- https://developer.mozilla.org/en-
US/docs/Web/Guide/User_experience/Using_the_Page_Visibility_API
- https://hacks.mozilla.org/2012/10/aurora-18-hidpi-touch-events/
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9608#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list