[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #19048 [Applications/Tor Browser]: Review Firefox Developer Docs and Undocumented bugs since FF45esr
#19048: Review Firefox Developer Docs and Undocumented bugs since FF45esr
--------------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff52-esr, TorBrowserTeam201702 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor: Sponsor4
--------------------------------------------+--------------------------
Comment (by mcs):
Kathy and I reviewed the Firefox 46 and 47 changes (by looking at the
"Firefox ## for Developers" web pages, the target_milestone=mozilla##
bugs, and the target_milestone=Firefox%20## bugs). Before we move on to
48-52, we wanted to note here what we found so far:
a) `DateTimeFormat.formatToParts`. We should verify that timezone and/or
locale not leaked to web content by new API.
https://bugzilla.mozilla.org/show_bug.cgi?id=1289340
https://developer.mozilla.org/en-
US/docs/Web/JavaScript/Reference/Global_Objects/DateTimeFormat/formatToParts
b) Some changes were made to device orientation events. We should ensure
that orientation is not leaked to web content.
https://bugzilla.mozilla.org/show_bug.cgi?id=1205649
c) The Permissions API is now enabled. Kathy and I think we should turn it
off to prevent fingerprinting based on choices that users make.
Unfortunately, the `dom.permissions.enabled` pref was removed.
https://lists.mozilla.org/pipermail/dev-platform/2015-August/011466.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1233702
d) TouchEvents are now enabled on Windows and Linux. I already poked
#10286.
e) window.showModalDialog() is not available when e10s is enabled. Should
we always make it unavailable (even when e10s is disabled)? Or maybe we
don't care because we will probably enable e10s for all Tor Browser users
or none.
https://bugzilla.mozilla.org/show_bug.cgi?id=1234700
f) Looking through the bug lists reminded us about Web Animations possibly
providing a high resolution timing source. But we do have #18273 for that
issue.
g) Similarly, we were reminded about WebAudio. See #13017.
h) We will need to set `network.dns.blockDotOnion = false`.
i) Should we disable about:profiles? Some of the functionality will
confused our users, e.g., "Create New Profile" which may not work
correctly on Linux and Windows and "Restart with Add-ons Disabled."
https://bugzilla.mozilla.org/show_bug.cgi?id=1235402
j) A DNS lookup feature was added to about:networking DNS. We should
verify that it respects the browser proxy settings.
https://bugzilla.mozilla.org/show_bug.cgi?id=907050
k) Is the Fetch API safe? It includes fetch events with mode=navigate, and
Kathy and I are not sure if there are any linkability concerns with that
API.
https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19048#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs