[tor-bugs] #22074 [Applications/Tor Browser]: Review Firefox Developer Docs and Undocumented bugs since FF52esr

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jul 2 15:57:02 UTC 2018 

#22074: Review Firefox Developer Docs and Undocumented bugs since FF52esr
--------------------------------------------+--------------------------
 Reporter:  gk                              |          Owner:  tbb-team
     Type:  task                            |         Status:  new
 Priority:  Very High                       |      Milestone:
Component:  Applications/Tor Browser        |        Version:
 Severity:  Normal                          |     Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201806  |  Actual Points:
Parent ID:                                  |         Points:
 Reviewer:                                  |        Sponsor:
--------------------------------------------+--------------------------

Comment (by mcs):

 I filed a bunch of tickets to cover the new things we found when reviewing
 the developer release notes (see comment:7):

 #26598 disable User Timing API in ESR60
 #26599 investigate CSS masks feature for fingerprinting potential
 #26600 verify that new WebGL extensions are disabled
 #26601 investigate whether SVGGeometryElement introduces a fingerprinting
 vector
 #26602 investigate whether CSS clip-path adds a fingerprinting risk
 #26603 remove obsolete HTTP pipelining prefs
 #26604 investigate whether date and time <input> types leak the user's
 locale
 #26605 investigate window.requestIdleCallback() for possible timing leaks
 #26606 investigate fingerprinting and linkability risks of the
 Intersection Observer API
 #26607 verify that subpixel accuracy of window scroll properties does not
 add fingerprinting risk
 #26608 investigate <link rel="preload">
 #26609 imvestigate whether the -moz-windows-accent-color-in-titlebar media
 query adds a fingerprinting vector
 #26610 investigate whether hardware encoding of media adds fingerprinting
 risk for TBA
 #26611 verify no locale leaks in ESR60 `Intl` APIs
 #26612 increase the TLS handshake timeout
 #26613 audit or disable Apple HLS implementation on Android
 #26614 audit or disable the Web Authentication API

 I am leaving this ticket open because Kathy and I found a few more
 undocumented issues when reviewing all of the bugs that were fixed between
 Firefox 53 and 60, and in fact we have not completed that review yet.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22074#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list