[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #19048 [Applications/Tor Browser]: Review Firefox Developer Docs and Undocumented bugs since FF45esr
#19048: Review Firefox Developer Docs and Undocumented bugs since FF45esr
--------------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff52-esr, TorBrowserTeam201702 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor: Sponsor4
--------------------------------------------+--------------------------
Comment (by gk):
Replying to [comment:9 mcs]:
> Kathy and I reviewed the Firefox 46 and 47 changes (by looking at the
"Firefox ## for Developers" web pages, the target_milestone=mozilla##
bugs, and the target_milestone=Firefox%20## bugs). Before we move on to
48-52, we wanted to note here what we found so far:
>
> a) `DateTimeFormat.formatToParts`. We should verify that timezone and/or
locale not leaked to web content by new API.
> https://bugzilla.mozilla.org/show_bug.cgi?id=1289340
> https://developer.mozilla.org/en-
US/docs/Web/JavaScript/Reference/Global_Objects/DateTimeFormat/formatToParts
That's in mozill52, right? But, yes, we should double-check that. I opened
#21608.
> b) Some changes were made to device orientation events. We should ensure
that orientation is not leaked to web content.
> https://bugzilla.mozilla.org/show_bug.cgi?id=1205649
#21609.
> c) The Permissions API is now enabled. Kathy and I think we should turn
it off to prevent fingerprinting based on choices that users make.
Unfortunately, the `dom.permissions.enabled` pref was removed.
> https://lists.mozilla.org/pipermail/dev-platform/2015-August/011466.html
> https://bugzilla.mozilla.org/show_bug.cgi?id=1233702
#21569.
> d) TouchEvents are now enabled on Windows and Linux. I already poked
#10286.
>
> e) window.showModalDialog() is not available when e10s is enabled.
Should we always make it unavailable (even when e10s is disabled)? Or
maybe we don't care because we will probably enable e10s for all Tor
Browser users or none.
> https://bugzilla.mozilla.org/show_bug.cgi?id=1234700
I think we should not care. Besides that it seems that non of our code is
using `showModalDialog()` anyway.
> f) Looking through the bug lists reminded us about Web Animations
possibly providing a high resolution timing source. But we do have #18273
for that issue.
I guess you mean #16337?
> g) Similarly, we were reminded about WebAudio. See #13017.
>
> h) We will need to set `network.dns.blockDotOnion = false`.
Hm. You mean for the transparent proxying option?
> i) Should we disable about:profiles? Some of the functionality will
confused our users, e.g., "Create New Profile" which may not work
correctly on Linux and Windows and "Restart with Add-ons Disabled."
> https://bugzilla.mozilla.org/show_bug.cgi?id=1235402
Yes. I opened #21610.
> j) A DNS lookup feature was added to about:networking DNS. We should
verify that it respects the browser proxy settings.
> https://bugzilla.mozilla.org/show_bug.cgi?id=907050
#21611.
> k) Is the Fetch API safe? It includes fetch events with mode=navigate,
and Kathy and I are not sure if there are any linkability concerns with
that API.
> https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API
This is already #16326. Or did you find something new we should look at?
Additional things I found:
l) Remaining things for offscreen canvas got implemented in
https://bugzilla.mozilla.org/show_bug.cgi?id=1172796. We should make sure
that they are disabled as well (I updated #18599).
m) windows are maximized on first run on small screens:
https://bugzilla.mozilla.org/show_bug.cgi?id=384336 I'll have that in mind
while reviewing the rebased patches in #20680.
n) There is a "What's new" item on the about dialog pointing to Mozilla
resources: https://bugzilla.mozilla.org/show_bug.cgi?id=1047395 I guess we
should point to our blog post instead. I opened #21613.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19048#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs