Re: [tor-bugs] #18862 [Applications/Tor Browser]: Make sure the Presentation API is no risk for our users

[Tor Bug Tracker & Wiki]

#18862: Make sure the Presentation API is no risk for our users
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  assigned
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff78-esr  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * keywords:  ff68-esr => ff78-esr


Comment:

 We are still good here I think.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18862 [Applications/Tor Browser]: Make sure the Presentation API is no risk for our users

[Tor Bug Tracker & Wiki]

#18862: Make sure the Presentation API is no risk for our users
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  assigned
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff68-esr  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * keywords:  ff60-esr => ff68-esr


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18862 [Applications/Tor Browser]: Make sure the Presentation API is no risk for our users

[Tor Bug Tracker & Wiki]

#18862: Make sure the Presentation API is no risk for our users
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  assigned
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff59-esr  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * status:  needs_review => assigned
 * keywords:  ff52-esr, tbb-7.0-must-alpha, TorBrowserTeam201704R =>
   ff59-esr


Comment:

 It seems we are fine for Android as well
 (https://bugzilla.mozilla.org/show_bug.cgi?id=1318214) since Firefox 52
 does not have this feature enabled there yet (but Firefox 53 does). I am
 leaving this open, though, moving it to `ff59-esr`. If we have lots of
 time we could rip it out as this is the cleaner approach.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18862 [Applications/Tor Browser]: Make sure the Presentation API is no risk for our users

[Tor Bug Tracker & Wiki]

#18862: Make sure the Presentation API is no risk for our users
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201704R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by arthuredelstein):

 * keywords:  ff52-esr, tbb-7.0-must-alpha, TorBrowserTeam201704 =>
 ff52-esr, tbb-7.0-must-alpha, TorBrowserTeam201704R
 * status:  new => needs_review


Comment:

 Setting this to Needs Review to check that someone else in the team agrees
 with my assessment that we don't need to do anything for the ESR52 alpha;
 if we want to rip out dom/presentation/* we can leave this ticket open and
 change the target release.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18862 [Applications/Tor Browser]: Make sure the Presentation API is no risk for our users

[Tor Bug Tracker & Wiki]

#18862: Make sure the Presentation API is no risk for our users
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201704   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by arthuredelstein):

 In ESR52, the Presentation API is still disabled by prefs
 (dom.presentation.enabled = false and similar). I manually confirmed,
 using the consoles, that window.PresentationRequest is not exposed in
 content or chrome javascript. I also searched on dxr.mozilla.org and
 didn't find any place where we would expect a PresentationRequest to be
 activated, except in tests.

 We could also potentially try to rip out the DOM Presentation code, but I
 already feel reasonably comfortable that the Presentation API code won't
 be running.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18862 [Applications/Tor Browser]: Make sure the Presentation API is no risk for our users

[Tor Bug Tracker & Wiki]

#18862: Make sure the Presentation API is no risk for our users
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201704   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  ff52-esr, tbb-7.0-must, TorBrowserTeam201703 => ff52-esr,
 tbb-7.0-must-alpha, TorBrowserTeam201704


Comment:

 From Mike's notes in #21625:
 {{{
 This needs to be disabled even if proxied, because it does ICE-style IP
 address discovery and advertisement.
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18862 [Applications/Tor Browser]: Make sure the Presentation API is no risk for our users

[Tor Bug Tracker & Wiki]

#18862: Make sure the Presentation API is no risk for our users
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff52-esr  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 Some useful bugs to start:
 https://bugzilla.mozilla.org/show_bug.cgi?id=1069230 and
 https://bugzilla.mozilla.org/show_bug.cgi?id=1115480 (for the mdns part).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #18862 [Applications/Tor Browser]: Make sure the Presentation API is no risk for our users

[Tor Bug Tracker & Wiki]

#18862: Make sure the Presentation API is no risk for our users
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  ff52-esr
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 The presentation API allows web content to use external presentation-type
 displays. It comes with own discovery mechanisms (libmdns) and is supposed
 to be available on desktop and on mobile in the near future
 (https://wiki.mozilla.org/WebAPI/PresentationAPI). This is a pretty
 complex beast and we have to make sure that it poses no risk (be into
 proxy bypass or fingerinting/tracking) to our users.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs