[or-cvs] [torbutton/master] Add a preliminary audit of Firefox 4.0's new features.

mikeperry at torproject.org mikeperry at torproject.org
Mon Nov 29 01:40:01 UTC 2010 

Author: Mike Perry <mikeperry-git at fscked.org>
Date: Sun, 28 Nov 2010 17:36:05 -0800
Subject: Add a preliminary audit of Firefox 4.0's new features.
Commit: 8f4584dac6e0627cb9414af5c04040b979c8794c

---
 website/design/FF40_AUDIT |   36 ++++++++++++++++++++++++++++++++++++
 1 files changed, 36 insertions(+), 0 deletions(-)
 create mode 100644 website/design/FF40_AUDIT

diff --git a/website/design/FF40_AUDIT b/website/design/FF40_AUDIT
new file mode 100644
index 0000000..f4c46f6
--- /dev/null
+++ b/website/design/FF40_AUDIT
@@ -0,0 +1,36 @@
+- Major compatibility issues:
+  http://blog.mozilla.com/addons/2010/11/11/making-add-on-compatible-firefox-4/
+  https://developer.mozilla.org/en/Extensions/Updating_extensions_for_Firefox_4
+  https://developer.mozilla.org/en/XPCOM/XPCOM_changes_in_Gecko_2.0
+
+- Key high level concerns:
+  - WebThreads
+    - https://developer.mozilla.org/En/Using_web_workers
+    - Network activity blocked by content policy
+  - What the hell is a blob url?
+    - https://developer.mozilla.org/en/DOM/window.createBlobURL
+    - https://developer.mozilla.org/en/DOM/window.revokeBlobURL
+    - Seems only relevent to FS injection..
+  - WebSockets
+  - New window.history functions may allow state smuggling
+    - https://developer.mozilla.org/en/DOM/Manipulating_the_browser_history
+  - New screen attributes
+    - https://developer.mozilla.org/en/DOM/window.mozInnerScreenX, Y
+  - Bounding rectangles -> window sizes?
+    - https://bugzilla.mozilla.org/show_bug.cgi?id=396392
+  - Mouse events reveal desktop coordinates?
+    - https://bugzilla.mozilla.org/show_bug.cgi?id=503943
+    - https://developer.mozilla.org/en/DOM/Event/UIEvent/MouseEvent
+  - DocShell and plugins inside createHTMLDocument?
+    - https://developer.mozilla.org/en/DOM/DOMImplementation.createHTMLDocument
+  - Media attributes
+    - "buffered"
+    - "preload"
+    - new codecs?
+
+
+
+- New fingerprinting threats:
+  - Lots of things are now available to CSS :(
+
+
-- 
1.7.1

More information about the tor-commits mailing list