[tor-commits] [tor-browser-spec/master] Bug 40015: Add FF80 audit
richard at torproject.org
richard at torproject.org
Thu Jan 27 15:31:18 UTC 2022
commit 46f05a52f521767113d6e115def4e9ef1d1a671d
Author: Georg Koppen <gk at torproject.org>
Date: Wed Jan 26 12:26:49 2022 +0000
Bug 40015: Add FF80 audit
---
audits/FF80_NETWORK_AUDIT | 57 +++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 57 insertions(+)
diff --git a/audits/FF80_NETWORK_AUDIT b/audits/FF80_NETWORK_AUDIT
new file mode 100644
index 0000000..11bda7c
--- /dev/null
+++ b/audits/FF80_NETWORK_AUDIT
@@ -0,0 +1,57 @@
+============ General =============
+
+The audit begins at the commit hash where the previous audit ended. Use
+code_audit.sh for creating the diff and highlighting potentially problematic
+code. The audit is scoped to a specific language (currently C/C++, Rust,
+Java/Kotlin, and Javascript).
+
+The output includes the entire patch where the new problematic code was
+introduced. Search for "XXX MATCH XXX" to find the next potential violation.
+
+code_audit.sh contains the list of known problematic APIs. New usage of these
+functions are documented and analyzed in this audit.
+
+============ Firefox General Portion =============
+
+(Note: While we later on use FIREFOX_XXX_BUILDN targets we use the _BASE ones
+ here as we do the audit retrospectively, long after those releases went out.)
+
+Start: 2742c5c7b6a244c28f81391c9e1641cc79281ef6 # FIREFOX_RELEASE_79_BASE
+End: 84cb11f03ecea33982cb53086c25d6b6df8b28cf # FIREFOX_RELEASE_80_BASE
+
+# https://bugzilla.mozilla.org/show_bug.cgi?id=1618271 got fixed, yay!
+
+# Nothing else of interest (using `code_audit.sh`)
+
+============ Application Services Portion =============
+
+Start: dd09c25f14dbf45f1637ed8dca2d1e5ff668479f # v61.0.10
+End: dd09c25f14dbf45f1637ed8dca2d1e5ff668479f # v61.0.10
+
+Nothing new, same commit.
+
+============ Android Components Portion =============
+
+Start: 8755ac0cdd88f2d549f65039413c41b6ccc02c5f # v48.0.15
+End: cfc360e0587ccb7eb49689d08212f05ff0966fbb # v54.0.6
+
+# Issue #4772 Improve our download manger to be able to forward downloads to
+ external download manager
+# - should be okay
+#
+# Issue #7366 Provide request interceptor to automatically navigate into PWAs
+# - should be covered by android-components#34333
+
+============ Fenix Portion =============
+
+Start: 6cb548575ff3af5c122c6a80d68a3dd483c596e7 # v79.0.5
+End: bad13cc48c526fcc8ed2de5c58da1ae4a3b392dd # v80.1.3
+
+Nothing new.
+
+============ Regression/Prior Vuln Review =========
+
+Review proxy bypass bugs; check for new vectors to look for:
+ - https://gitlab.torproject.org/groups/tpo/applications/-/issues?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=Proxy%20Bypass
+ - Look for new features like these. Especially external app launch vectors
+
More information about the tor-commits
mailing list