[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #21625 [Applications/Tor Browser]: Review networking code for Firefox 52
#21625: Review networking code for Firefox 52
-------------------------------------------------+-------------------------
Reporter: gk | Owner:
| mikeperry
Type: task | Status:
| assigned
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Critical | Resolution:
Keywords: TorBrowserTeam201703, ff52-esr, | Actual Points:
tbb-7.0-must |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by gk):
Replying to [comment:3 mikeperry]:
> Stuff we should patch/disable:
> * FlyWeb (dom/flyweb/FlyWebService.cpp) - This is a mechanism for
contacting local devices and interacting with them. It may not be fully
implemented, but networking code is definitely here. Disable it.
We have #21746 for that.
> * dom/presentation/* and nsNetworkInfoService::ListNetworkAddresses -
the Presentation API (for remote displays - https://developer.mozilla.org
/en-US/docs/Web/API/Presentation_API). This needs to be disabled even if
proxied, because it does ICE-style IP address discovery and advertisement.
#18862
> * ./dom/presentation/provider/MulticastDNSDeviceProvider.cpp - used by
the Presentation API to announce itself (and maybe other stuff?). Make
sure it gets disabled.
> * The Rust URL parser (third_party/rust/url/src/host.rs) has a
to_socket_addrs and ToSocketAddrs methods. These should be patched out for
safety and to remind us later, I think.
> * netwerk/dns/mdns/libmdns/fallback/MulticastDNS.jsm - more mDNS stuff
that should be disabled.
We have #21861 for the mdns stuff and #21862 for the Rust part.
> Android stuff that definitely leaks that we should fix (missing proxy
params to HttpUrlConnection - these need to use the buildHttpConnection
helper to get a proxy):
> * mobile/android/base/java/org/mozilla/gecko/feeds/FeedFetcher.java
> *
mobile/android/base/java/org/mozilla/gecko/media/GeckoMediaDrmBridgeV21.java
> *
mobile/android/base/java/org/mozilla/gecko/search/SearchEngineManager.java
> * mobile/android/thirdparty/com/keepsafe/switchboard/SwitchBoard.java
That's #21683.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21625#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs