#21625: Review networking code for Firefox 52 -------------------------------------------------+------------------------- Reporter: gk | Owner: | mikeperry Type: task | Status: | assigned Priority: Very High | Milestone: Component: Applications/Tor Browser | Version: Severity: Critical | Resolution: Keywords: TorBrowserTeam201703, ff52-esr, | Actual Points: tbb-7.0-must | Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by gk): Replying to [comment:3 mikeperry]: > Stuff we should patch/disable: > * FlyWeb (dom/flyweb/FlyWebService.cpp) - This is a mechanism for contacting local devices and interacting with them. It may not be fully implemented, but networking code is definitely here. Disable it. We have #21746 for that. > * dom/presentation/* and nsNetworkInfoService::ListNetworkAddresses - the Presentation API (for remote displays - https://developer.mozilla.org /en-US/docs/Web/API/Presentation_API). This needs to be disabled even if proxied, because it does ICE-style IP address discovery and advertisement. #18862 > * ./dom/presentation/provider/MulticastDNSDeviceProvider.cpp - used by the Presentation API to announce itself (and maybe other stuff?). Make sure it gets disabled. > * The Rust URL parser (third_party/rust/url/src/host.rs) has a to_socket_addrs and ToSocketAddrs methods. These should be patched out for safety and to remind us later, I think. > * netwerk/dns/mdns/libmdns/fallback/MulticastDNS.jsm - more mDNS stuff that should be disabled. We have #21861 for the mdns stuff and #21862 for the Rust part. > Android stuff that definitely leaks that we should fix (missing proxy params to HttpUrlConnection - these need to use the buildHttpConnection helper to get a proxy): > * mobile/android/base/java/org/mozilla/gecko/feeds/FeedFetcher.java > * mobile/android/base/java/org/mozilla/gecko/media/GeckoMediaDrmBridgeV21.java > * mobile/android/base/java/org/mozilla/gecko/search/SearchEngineManager.java > * mobile/android/thirdparty/com/keepsafe/switchboard/SwitchBoard.java That's #21683. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21625#comment:9> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs