[tor-commits] [Git][tpo/applications/tor-browser][tor-browser-115.2.0esr-13.0-1] fixup! Firefox preference overrides.

Subject: [tor-commits] [Git][tpo/applications/tor-browser][tor-browser-115.2.0esr-13.0-1] fixup! Firefox preference overrides.

From: "richard \(@richard\) via tor-commits" <tor-commits@xxxxxxxxxxxxxxxxxxxx>

Date: Mon, 21 Aug 2023 17:22:04 +0000

Auto-submitted: auto-generated

Cc: "richard \(@richard\)" <git@xxxxxxxxxxxxxxxxxxxxx>

Delivered-to: archiver@xxxxxxxx

Delivery-date: Mon, 21 Aug 2023 13:22:16 -0400

Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.torproject.org; s=2022-eugeni; t=1692638533; bh=GgvN72QmxaqVeCNrbIuSKez7mxVU8H5tHewDnsvxXbA=; h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=QpZ+w90j9qv1FzNTaEULMDUIiKEa80RXUyIARnz/elQP1EKbX86hD+TY1TS/EAlSR VTXR81bYb1E5btKtwK1Yf9fcWuZDcEwYC6arzc6G4pFmQQ1+vGEYCj6eeu+PSb1zHj 6Dn/9O6oSLhNcWfVcUhTVjL6AML672HRgfsJHu9vEmEC5OxNm+7v0TnnIMGp6ZM9XK SgLYrf0W4jlsWampODqrhztuoz7WZAIyhCVdtoMtGJvHDTE0KVSyDeG254jsA0wpY+ dAFpaaRAQ63n1i/j1XXSc5eGQb/f17W8hk7kRz66M3uh5J0I9xURpezSCTYVBK7ojY WDM74VIr4QRuw==

List-archive: <http://lists.torproject.org/pipermail/tor-commits/>

List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>

List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>

List-post: <mailto:tor-commits@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>

Reply-to: noreply@xxxxxxxxxxxxxx

Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

Title: GitLab

richard pushed to branch tor-browser-115.2.0esr-13.0-1 at The Tor Project / Applications / Tor Browser

Commits:

fd6517c1

by hackademix at 2023-08-21T19:16:27+02:00

fixup! Firefox preference overrides.

Bug 42029 - Defense-in-depth: disable non-proxied UDP WebRTC

1 changed file:

browser/app/profile/001-base-profile.js

Changes:

browser/app/profile/001-base-profile.js

@@ -381,12 +381,17 @@ pref("network.http.http2.enable-hpack-dump", false, locked);
  // (defense in depth measure)
  pref("network.gio.supported-protocols", "");
  pref("media.peerconnection.enabled", false); // Disable WebRTC interfaces
 -// Mullvad browser enables WebRTC by default, therefore the following 2 prefs
 +// Mullvad Browser enables WebRTC by default, meaning that there the following prefs
  // are first-line defense, rather than "in depth" (mullvad-browser#40)
  // tor-browser#41667 - Defense in depth: use mDNS to avoid local IP leaks on Android too if user enables WebRTC
  pref("media.peerconnection.ice.obfuscate_host_addresses", true);
  // tor-browser#41671 - Defense in depth: connect using TURN only, to avoid IP leaks if user enables WebRTC
  pref("media.peerconnection.ice.relay_only", true);
 +// tor-browser#42029 - Defense-in-depth: disable non-proxied UDP WebRTC
 +pref("media.peerconnection.ice.default_address_only", true);
 +pref("media.peerconnection.ice.no_host", true);
 +pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true);
++
  // Disables media devices but only if `media.peerconnection.enabled` is set to
  // `false` as well. (see bug 16328 for this defense-in-depth measure)
  pref("media.navigator.enabled", false);

_______________________________________________ tor-commits mailing list tor-commits@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits