Re: [tor-bugs] #21625 [Applications/Tor Browser]: Review networking code for Firefox 52

[Tor Bug Tracker & Wiki]

#21625: Review networking code for Firefox 52
-+-
 Reporter:  gk   |  Owner:
 |  mikeperry
 Type:  task | Status:  closed
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Critical | Resolution:  fixed
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 Thanks, we are done here then, yay!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21625 [Applications/Tor Browser]: Review networking code for Firefox 52

[Tor Bug Tracker & Wiki]

#21625: Review networking code for Firefox 52
-+-
 Reporter:  gk   |  Owner:
 |  mikeperry
 Type:  task | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Critical | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mcs):

 Replying to [comment:17 cypherpunks]:
 > Replying to [comment:16 mcs]:
 > > We do wonder why Mozilla is keeping APIs such as these (making them
 chrome-only) instead of simply removing them.
 > Compatibility: https://bugzilla.mozilla.org/show_bug.cgi?id=1247628

 Thanks. I would characterize the situation more as "Mozilla may reuse the
 TCPSocket/UDPSocket code to provide similar capabilities to WebExtensions
 add-ons" (which, if you compare what can be done in an XPCOM extension
 with WebExtensions could be viewed as a compatibility issue).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21625 [Applications/Tor Browser]: Review networking code for Firefox 52

[Tor Bug Tracker & Wiki]

#21625: Review networking code for Firefox 52
-+-
 Reporter:  gk   |  Owner:
 |  mikeperry
 Type:  task | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Critical | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 Replying to [comment:16 mcs]:
 > We do wonder why Mozilla is keeping APIs such as these (making them
 chrome-only) instead of simply removing them.
 Compatibility: https://bugzilla.mozilla.org/show_bug.cgi?id=1247628

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21625 [Applications/Tor Browser]: Review networking code for Firefox 52

[Tor Bug Tracker & Wiki]

#21625: Review networking code for Firefox 52
-+-
 Reporter:  gk   |  Owner:
 |  mikeperry
 Type:  task | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Critical | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mcs):

 Replying to [comment:13 gk]:
 > mcs/brade: I'd like to hear your opinion about the TCPSocket stuff (see
 below) as you had concerns about that the last time which resulted into
 filing #18866. (All the other pieces replied to in this comment are even
 less problematic I think.)

 Kathy and I agree with your analysis.
 We do wonder why Mozilla is keeping APIs such as these (making them
 chrome-only) instead of simply removing them.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21625 [Applications/Tor Browser]: Review networking code for Firefox 52

[Tor Bug Tracker & Wiki]

#21625: Review networking code for Firefox 52
-+-
 Reporter:  gk   |  Owner:
 |  mikeperry
 Type:  task | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Critical | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 Replying to [comment:7 mikeperry]:
 > Components that could probably use another review (Part 3/3):
 >  * The NetworkInfoService (./netwerk/base/NetworkInfoServiceCocoa.cpp
 and ./netwerk/base/NetworkInfoServiceLinux.cpp) both collect a list of
 local IP addresses for use in
 nsNetworkInfoService::ListNetworkAddresses(). This is used by mDNS and the
 Presentation API. Did I miss any uses? Maybe we want to patch this out
 just in case?

 Sounds like a good idea to me. This is: #22165.

 >  * media/mtransport/nr_socket_prsock.cpp is an alternate non-SOCKS
 socket API. It should be disabled by WebRTC, but if Mozilla removed the
 compile-time WebRTC option, this definitely needs a double-check that it
 is not used.

 Marked for `ff59-esr` (#22166).

 >  * netwerk/base/ThrottleQueue.cpp uses what appear to be local sockets
 for timer notification. Could use a double-check.

 This looks actually okay to me. It got implemented in
 https://bugzilla.mozilla.org/show_bug.cgi?id=1244227, for dev tools as an
 option to simulate crappy networks.

 >  * On Android, the uses of ch.boye.httpclientandroidlib.impl.client.*
 should be verified again.

 #22170

 >  * The full git diff from esr45 to esr52 of ./android/ should probably
 be reviewed by someone with more Android development experience than me,
 for additional networking calls.

 #22171

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21625 [Applications/Tor Browser]: Review networking code for Firefox 52

[Tor Bug Tracker & Wiki]

#21625: Review networking code for Firefox 52
-+-
 Reporter:  gk   |  Owner:
 |  mikeperry
 Type:  task | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Critical | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 2c: now Firefox uses 3 loopback connections (the child process too).
 What about DNS-RPC calls?
 (Also what protection might be added against extraction of MAC address as
 in recent exploit? Maybe, some interception of such system calls?)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21625 [Applications/Tor Browser]: Review networking code for Firefox 52

[Tor Bug Tracker & Wiki]

#21625: Review networking code for Firefox 52
-+-
 Reporter:  gk   |  Owner:
 |  mikeperry
 Type:  task | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Critical | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 mcs/brade: I'd like to hear your opinion about the TCPSocket stuff (see
 below) as you had concerns about that the last time which resulted into
 filing #18866. (All the other pieces replied to in this comment are even
 less problematic I think.)

 Replying to [comment:6 mikeperry]:
 > Stuff to verify is still patched or disabled (part 2/3)
 >  * The DNS service was changed a bit for e10s. See
 ./netwerk/dns/ChildDNSService.cpp. Verify our DNS patch still actually
 disables non-SOCKS DNS with e10s.

 ChildDNSService.cpp has no own resolver capabilities. Sync resolve is not
 supported at all;  `AsyncResolveExtended` creates a DNSChildRequest and
 starts that request. It gets sent to the parent process
 (SendPDNSReqeustContstructor()). The corresponding
 `RecvPDNSRequestConstructor` method calls `DoAsyncResolve` provided by
 `DNSRequestParent` which calls `AsyncResolveExtended` which we have
 patched in nsDNSService2.cpp.

 >  * Make sure RTSP is still disabled for desktop and Android
 (netwerk/protocol/rtsp/*)

 RTSP is gone with

 https://bugzilla.mozilla.org/show_bug.cgi?id=1295885
 https://bugzilla.mozilla.org/show_bug.cgi?id=1291629

 . The hint in the `moz.build` file is just a leftover.


 >  * Make sure disabling WebRTC still disables all of the
 ./media/mtransport/* stuff.

 We have
 {{{
 if CONFIG['MOZ_WEBRTC']:
 DIRS += [
 '/media/webrtc',
 '/media/mtransport',
 ]
 }}}
 in `toolkit.mozbuild` and we don't set `MOZ_WEBRTC` as we don't compile it
 in with the configure switch.

 >  * Verify our defense-in-depth patches to NSS/OCSP still apply (ditto
 for other proxy patches)

 They do and other patches still applied as well (see #20680 for what we
 did and for review comments).

 >  * Verify that the TCPSocket and UDPSocket DOM APIs are still disabled
 by pref (esp if the moz prefix goes away).

 There is no pref anymore for `TCPSocket`, rather it is bound to
 `ShouldTCPSocketExist`:
 {{{
 -  [NewObject, Pref="dom.mozTCPSocket.enabled", CheckAnyPermissions="tcp-
 socket"]
 +  [NewObject, Func="mozilla::dom::TCPSocket::ShouldTCPSocketExist"]
 }}}
 which does
 {{{
 return
 nsContentUtils::IsSystemPrincipal(nsContentUtils::ObjectPrincipal(global));
 }}}
 . Thus only chrome code can use it. I think we are not worse off than we
 were with the pref in ESR45.

 There are no changes regarding the UDPSocket DOM API, so we are still
 good.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21625 [Applications/Tor Browser]: Review networking code for Firefox 52

[Tor Bug Tracker & Wiki]

#21625: Review networking code for Firefox 52
-+-
 Reporter:  gk   |  Owner:
 |  mikeperry
 Type:  task | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Critical | Resolution:
 Keywords:  TorBrowserTeam201703, ff52-esr,  |  Actual Points:
  tbb-7.0-must   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 Replying to [comment:3 mikeperry]:
 > Stuff we should patch/disable:
 >  * FlyWeb (dom/flyweb/FlyWebService.cpp) - This is a mechanism for
 contacting local devices and interacting with them. It may not be fully
 implemented, but networking code is definitely here. Disable it.

 We have #21746 for that.

 >  * dom/presentation/* and nsNetworkInfoService::ListNetworkAddresses -
 the Presentation API (for remote displays - https://developer.mozilla.org
 /en-US/docs/Web/API/Presentation_API). This needs to be disabled even if
 proxied, because it does ICE-style IP address discovery and advertisement.

 #18862

 >  * ./dom/presentation/provider/MulticastDNSDeviceProvider.cpp - used by
 the Presentation API to announce itself (and maybe other stuff?). Make
 sure it gets disabled.
 >  * The Rust URL parser (third_party/rust/url/src/host.rs) has a
 to_socket_addrs and ToSocketAddrs methods. These should be patched out for
 safety and to remind us later, I think.
 >  * netwerk/dns/mdns/libmdns/fallback/MulticastDNS.jsm - more mDNS stuff
 that should be disabled.

 We have #21861 for the mdns stuff and #21862 for the Rust part.

 > Android stuff that definitely leaks that we should fix (missing proxy
 params to HttpUrlConnection - these need to use the buildHttpConnection
 helper to get a proxy):
 >  * mobile/android/base/java/org/mozilla/gecko/feeds/FeedFetcher.java
 >  *
 mobile/android/base/java/org/mozilla/gecko/media/GeckoMediaDrmBridgeV21.java
 >  *
 mobile/android/base/java/org/mozilla/gecko/search/SearchEngineManager.java
 >  * mobile/android/thirdparty/com/keepsafe/switchboard/SwitchBoard.java

 That's #21683.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21625 [Applications/Tor Browser]: Review networking code for Firefox 52

[Tor Bug Tracker & Wiki]

#21625: Review networking code for Firefox 52
-+-
 Reporter:  gk   |  Owner:
 |  mikeperry
 Type:  task | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Critical | Resolution:
 Keywords:  TorBrowserTeam201703, ff52-esr,  |  Actual Points:
  tbb-7.0-must   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mikeperry):

 The full notes are now pushed to https://gitweb.torproject.org/tor-
 browser-spec.git/tree/audits/FF52_NETWORK_AUDIT

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21625 [Applications/Tor Browser]: Review networking code for Firefox 52

[Tor Bug Tracker & Wiki]

#21625: Review networking code for Firefox 52
-+-
 Reporter:  gk   |  Owner:
 |  mikeperry
 Type:  task | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Critical | Resolution:
 Keywords:  TorBrowserTeam201703, ff52-esr,  |  Actual Points:
  tbb-7.0-must   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mikeperry):

 Components that could probably use another review:
  * The NetworkInfoService (./netwerk/base/NetworkInfoServiceCocoa.cpp and
 ./netwerk/base/NetworkInfoServiceLinux.cpp) both collect a list of local
 IP addresses for use in nsNetworkInfoService::ListNetworkAddresses(). This
 is used by mDNS and the Presentation API. Did I miss any uses? Maybe we
 want to patch this out just in case?
  * media/mtransport/nr_socket_prsock.cpp is an alternate non-SOCKS socket
 API. It should be disabled by WebRTC, but if Mozilla removed the compile-
 time WebRTC option, this definitely needs a double-check that it is not
 used.
  * netwerk/base/ThrottleQueue.cpp uses what appear to be local sockets for
 timer notification. Could use a double-check.
  * On Android, the uses of ch.boye.httpclientandroidlib.impl.client.*
 should be verified again.
  * The full git diff from esr45 to esr52 of ./android/ should probably be
 reviewed by someone with more Android development experience than me, for
 additional networking calls.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21625 [Applications/Tor Browser]: Review networking code for Firefox 52

[Tor Bug Tracker & Wiki]

#21625: Review networking code for Firefox 52
-+-
 Reporter:  gk   |  Owner:
 |  mikeperry
 Type:  task | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Critical | Resolution:
 Keywords:  TorBrowserTeam201703, ff52-esr,  |  Actual Points:
  tbb-7.0-must   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mikeperry):

 Stuff to verify is still patched or disabled (part 2/3)
  * The DNS service was changed a bit for e10s. See
 ./netwerk/dns/ChildDNSService.cpp. Verify our DNS patch still actually
 disables non-SOCKS DNS with e10s.
  * Make sure RTSP is still disabled for desktop and Android
 (netwerk/protocol/rtsp/*)
  * Make sure disabling WebRTC still disables all of the
 ./media/mtransport/* stuff.
  * Verify our defense-in-depth patches to NSS/OCSP still apply (ditto for
 other proxy patches)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21625 [Applications/Tor Browser]: Review networking code for Firefox 52

[Tor Bug Tracker & Wiki]

#21625: Review networking code for Firefox 52
-+-
 Reporter:  gk   |  Owner:
 |  mikeperry
 Type:  task | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Critical | Resolution:
 Keywords:  TorBrowserTeam201703, ff52-esr,  |  Actual Points:
  tbb-7.0-must   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by tom):

 * cc: tom (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21625 [Applications/Tor Browser]: Review networking code for Firefox 52

[Tor Bug Tracker & Wiki]

#21625: Review networking code for Firefox 52
-+-
 Reporter:  gk   |  Owner:
 |  mikeperry
 Type:  task | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Critical | Resolution:
 Keywords:  TorBrowserTeam201703, ff52-esr,  |  Actual Points:
  tbb-7.0-must   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by mcs):

 * cc: brade, mcs (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21625 [Applications/Tor Browser]: Review networking code for Firefox 52

[Tor Bug Tracker & Wiki]

#21625: Review networking code for Firefox 52
-+-
 Reporter:  gk   |  Owner:
 |  mikeperry
 Type:  task | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Critical | Resolution:
 Keywords:  TorBrowserTeam201703, ff52-esr,  |  Actual Points:
  tbb-7.0-must   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mikeperry):

 Stuff we should patch/disable:
  * FlyWeb (dom/flyweb/FlyWebService.cpp) - This is a mechanism for
 contacting local devices and interacting with them. It may not be fully
 implemented, but networking code is definitely here. Disable it.
  * dom/presentation/* and nsNetworkInfoService::ListNetworkAddresses - the
 Presentation API (for remote displays - https://developer.mozilla.org/en-
 US/docs/Web/API/Presentation_API). This needs to be disabled even if
 proxied, because it does ICE-style IP address discovery and advertisement.
  * ./dom/presentation/provider/MulticastDNSDeviceProvider.cpp - used by
 the Presentation API to announce itself (and maybe other stuff?). Make
 sure it gets disabled.
  * The Rust URL parser (third_party/rust/url/src/host.rs) has a
 to_socket_addrs and ToSocketAddrs methods. These should be patched out for
 safety and to remind us later, I think.
  * netwerk/dns/mdns/libmdns/fallback/MulticastDNS.jsm - more mDNS stuff
 that should be disabled.

 Android stuff that definitely leaks that we should fix (missing proxy
 params to HttpUrlConnection - these need to use the buildHttpConnection
 helper to get a proxy):
  * mobile/android/base/java/org/mozilla/gecko/feeds/FeedFetcher.java
  *
 mobile/android/base/java/org/mozilla/gecko/media/GeckoMediaDrmBridgeV21.java
  *
 mobile/android/base/java/org/mozilla/gecko/search/SearchEngineManager.java
  * mobile/android/thirdparty/com/keepsafe/switchboard/SwitchBoard.java

 That's it for the stuff that definitely needs patching. I'll post the
 other sets as soon as I can.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21625 [Applications/Tor Browser]: Review networking code for Firefox 52

[Tor Bug Tracker & Wiki]

#21625: Review networking code for Firefox 52
-+-
 Reporter:  gk   |  Owner:
 |  mikeperry
 Type:  task | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Critical | Resolution:
 Keywords:  TorBrowserTeam201703, ff52-esr,  |  Actual Points:
  tbb-7.0-must   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mikeperry):

 Ok, I'm done with the review. I conducted it a little different this time.
 I just did a 'git diff -U10 esr45 esr52' and focused primarily on the new
 lines, looking for various types of socket usage. (Things like the PR_
 calls, UDPSockets, SOCK_, etc). My review notes will be posted in the
 repo.

 I'm going to break the writeup down into categories on this ticket. First
 I'll list stuff that really needs to be patched. Then I'll list some stuff
 that we already patched that changed a bit (which may cause our patches to
 fail) that we should look at closely after patch application. Then I'll
 list stuff that it would be nice to have a second set of eyes confirm.

 We may also want someone to go over the android stuff again in more
 detail, as well.

 Will be posting the above mentioned sections one per comment here.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21625 [Applications/Tor Browser]: Review networking code for Firefox 52

[Tor Bug Tracker & Wiki]

#21625: Review networking code for Firefox 52
-+-
 Reporter:  gk   |  Owner:
 |  mikeperry
 Type:  task | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Critical | Resolution:
 Keywords:  TorBrowserTeam201703, ff52-esr,  |  Actual Points:
  tbb-7.0-must   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * owner:  tbb-team => mikeperry
 * status:  new => assigned
 * keywords:  TorBrowserTeam201703 => TorBrowserTeam201703, ff52-esr,
 tbb-7.0-must


Comment:

 Mike said he would help with that. Setting him as owner. Tentative
 deadline April 1.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21625 [Applications/Tor Browser]: Review networking code for Firefox 52

[Tor Bug Tracker & Wiki]

#21625: Review networking code for Firefox 52
--+
 Reporter:  gk|  Owner:  tbb-team
 Type:  task  | Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Critical  |   Keywords:
  |  TorBrowserTeam201703
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 We should review the networking code for Firefox 52 to make sure the are
 no Tor bypasses.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs