[tor-reports] May 2014 Report for the Tor Browser Team

Mike Perry mikeperry at torproject.org
Mon Jun 2 21:18:16 UTC 2014

In early May, the Tor Browser team released Tor Browser 3.6.1[1] to
correct a proxy settings regression in the 3.6 series. Due to changes
made to the default configuration of the Tor client in order to support
Pluggable Transports, normal Tor users were unable to configure an
upstream proxy for normal Tor usage[2]. In addition to fixing this
regression, the 3.6.1 release also featured a stopgap for the
HTTPS-Everywhere reproducibility issue[3] mentioned in last month's
report. For now, we are using the pre-built versions of the addon
produced by the EFF, which allows our packages to remain reproducible.
We are also in the process of investigating a proper fix to build the
addon from source in a reproducible fashion.

In May, iSec also performed an audit of the Tor Browser. Due to the
limited timeframe of the engagement, their efforts were focused on
evaluating the current compiler hardening in Tor Browser, suggesting new
hardening improvements, and suggesting preferences and additional items
for the Security Slider[4]. Using historical security bug data from
Mozilla's bugtracker, they enumerated vulnerability counts by high-level
components, to provide insight into which preferences and features we
should disable at various positions on the slider.

In addition to confirming known issues with our Windows hardening
options[5], their investigation into compiler hardening options also
uncovered issues with both Firefox and our usage of the now deprecated
Mac OS 10.6 SDK, which apparently prevents both our Mac builds and
official Firefox Mac builds from making full use of Address Space Layout

The full iSec report is due to be made public in mid-June.

On the build system front, we have refactored our build scripts to allow
us to build common dependencies and utilities as a separate step,
reducing build time[7]. We fixed a few issues with our nightly build
system, and improved reporting of failures of nightly builds[8,9].

We have also produced hardened test builds of Tor Browser, using the new
AddressSanitizer, Undefined Behavior Sanitizer, and Virtual Table
Verification features of GCC 4.9.0[10], and along the way merged an
upstream fix to Mozilla for a build issue[11]. 

We are hopeful that these hardened builds will both be more resistant to
exploitation, and will help us track down bugs quickly. The plan is to
deploy these builds for the 4.0-alpha series.

On the QA and testing front, we have developed test cases for validating
correctness of proxy settings for both uncensored as well as Pluggable
Transport users, have developed a test suite in the mbox sandbox[12] to
check for network and disk leaks[13], and have tests to check for the
successful application of compiler hardening options on Linux[14]. The
reporting functionality of our testing infrastructure has also been
improved so that test result summaries are now present in result emails
on the tor-qa mailinglist.

In June, we plan to make two releases of Tor Browser: 3.6.2 and

The fixes for 3.6.2 are written and ready to deploy. However, we have
decided to hold the release to coincide with the upstream Mozilla
Firefox release on June 10th, to pick up any security fixes at the same

The most important fix on our side is to enable the configuration of
SOCKS and HTTP proxies with Pluggable Transports, which will fix the
remaining issues for users of Tor Browser behind a proxy, whether
censored or not.

In addition, the release will enable TLS 1.1 and 1.2, which was set to
off by default in the 24ESR series, but the code is present and has been
unchanged since release, and has been turned on by default in later
Firefox releases[15]. A couple minor localization and configuration
issues with the Tor Launcher UI have also been corrected[16,17,18].

On top of this, fixes are already written to improve the about:tor
initial homepage/status notification[19], to address a couple race
conditions in the config and New Identity UI elements[20,21], and to
include missing Pluggable Transports documentation[22,23]. A few minor
issues with esoteric configurations, options, and Linux issues have also
been fixed[24,25,26].

We intend to use the 4.0-alpha series to test new features, as well as
to roll out our initial test deployments of the Firefox updater[27].

To this end, the 4.0-alpha series will feature a new directory
layout[28], which will improve the Mac OS docking behavior of the Tor
Browser app icon[29], as well as simplify the changes we need to make to
the Firefox updater. This series will also feature an additional patch
to enable or disable all of our third party identifier protections[30],
which should help to get this set of patches merged with Firefox. We
will also be including Tor 0.2.5.x in this series.

Also in June, we will begin prioritizing issues from the iSec report,
and evaluating their recommendations for the Security Slider options and

1. https://blog.torproject.org/blog/tor-browser-361-released
2. https://trac.torproject.org/projects/tor/ticket/11658
3. https://trac.torproject.org/projects/tor/ticket/11630
4. https://trac.torproject.org/projects/tor/ticket/9387
5. https://trac.torproject.org/projects/tor/ticket/10065
6. https://bugzilla.mozilla.org/show_bug.cgi?id=1018210
7. https://trac.torproject.org/projects/tor/ticket/10120
8. https://trac.torproject.org/projects/tor/ticket/11615
9. https://trac.torproject.org/projects/tor/ticket/11249
10. https://trac.torproject.org/projects/tor/ticket/10599
11. https://bugzilla.mozilla.org/show_bug.cgi?id=1013341
12. http://pdos.csail.mit.edu/mbox/
13. https://lists.torproject.org/pipermail/tor-dev/2014-May/006911.html
14. https://trac.torproject.org/projects/tor/ticket/12107
15. https://trac.torproject.org/projects/tor/ticket/11253
16. https://trac.torproject.org/projects/tor/ticket/11699
17. https://trac.torproject.org/projects/tor/ticket/11754
18. https://trac.torproject.org/projects/tor/ticket/11772
19. https://trac.torproject.org/projects/tor/ticket/11510
20. https://trac.torproject.org/projects/tor/ticket/11763
21. https://trac.torproject.org/projects/tor/ticket/11783
22. https://trac.torproject.org/projects/tor/ticket/11834
23. https://trac.torproject.org/projects/tor/ticket/11835
24. https://trac.torproject.org/projects/tor/ticket/12161
25. https://trac.torproject.org/projects/tor/ticket/11190
26. https://trac.torproject.org/projects/tor/ticket/10425
27. https://trac.torproject.org/projects/tor/ticket/4234
28. https://trac.torproject.org/projects/tor/ticket/11641
29. https://trac.torproject.org/projects/tor/ticket/6457
30. https://trac.torproject.org/projects/tor/ticket/10819

Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-reports/attachments/20140602/6c66979d/attachment.sig>

More information about the tor-reports mailing list