[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #19048 [Applications/Tor Browser]: Review Firefox Developer Docs and Undocumented bugs since FF45esr



#19048: Review Firefox Developer Docs and Undocumented bugs since FF45esr
--------------------------------------------+--------------------------
 Reporter:  gk                              |          Owner:  tbb-team
     Type:  task                            |         Status:  new
 Priority:  Medium                          |      Milestone:
Component:  Applications/Tor Browser        |        Version:
 Severity:  Normal                          |     Resolution:
 Keywords:  ff52-esr, TorBrowserTeam201702  |  Actual Points:
Parent ID:                                  |         Points:
 Reviewer:                                  |        Sponsor:  Sponsor4
--------------------------------------------+--------------------------

Comment (by mcs):

 And here are our notes for Firefox 49:

 a) Graphite font rendering has been re-enabled. We need to decide if we
 want to disable it again or not.

 b) Mozilla switched to compiling with Intel SSE2. We could do the same,
 although it would mean that Tor Browser would not run on some really old
 CPUs. Mozilla modified their Windows installer to notify and refuse to
 install if the CPU does not support SSE2.
  https://bugzilla.mozilla.org/show_bug.cgi?id=1271759

 c) Kathy and I cannot think of any fingerprinting or linkability risks
 associated with the Web Speech API, but it is a big new thing:
  https://developer.mozilla.org/en-US/docs/Web/API/Web_Speech_API
  https://bugzilla.mozilla.org/show_bug.cgi?id=1268633

 d) We should verify that the "Network ID" is not even computed when
 Telemetry is disabled.  At least I would feel better if it was not.
  https://bugzilla.mozilla.org/show_bug.cgi?id=1240932

 e) The Bookmarks Toolbar is automatically shown when the user adds a
 bookmark to it. This will change the window size, but maybe this is used
 rarely enough that we do not care?
  https://bugzilla.mozilla.org/show_bug.cgi?id=1219788

 f) The window.isSecureContext API is interesting but may not add any
 fingerprinting or linkability risks. We should think about whether
 features that are being made "HTTPS only" should also be available on
 .onion sites.
  https://developer.mozilla.org/en-US/docs/Web/API/Window/isSecureContext

 g) As part of our release procedures, do we double-check the HPKP
 expiration? Mozilla seems to have bugs for each release, e.g.,
  https://bugzilla.mozilla.org/show_bug.cgi?id=1307530

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19048#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs