[tbb-commits] [Git][tpo/applications/tor-browser][tor-browser-115.2.0esr-13.0-1] fixup! Firefox preference overrides.
richard (@richard)
git at gitlab.torproject.org
Mon Aug 21 17:22:04 UTC 2023
richard pushed to branch tor-browser-115.2.0esr-13.0-1 at The Tor Project / Applications / Tor Browser
Commits:
fd6517c1 by hackademix at 2023-08-21T19:16:27+02:00
fixup! Firefox preference overrides.
Bug 42029 - Defense-in-depth: disable non-proxied UDP WebRTC
- - - - -
1 changed file:
- browser/app/profile/001-base-profile.js
Changes:
=====================================
browser/app/profile/001-base-profile.js
=====================================
@@ -381,12 +381,17 @@ pref("network.http.http2.enable-hpack-dump", false, locked);
// (defense in depth measure)
pref("network.gio.supported-protocols", "");
pref("media.peerconnection.enabled", false); // Disable WebRTC interfaces
-// Mullvad browser enables WebRTC by default, therefore the following 2 prefs
+// Mullvad Browser enables WebRTC by default, meaning that there the following prefs
// are first-line defense, rather than "in depth" (mullvad-browser#40)
// tor-browser#41667 - Defense in depth: use mDNS to avoid local IP leaks on Android too if user enables WebRTC
pref("media.peerconnection.ice.obfuscate_host_addresses", true);
// tor-browser#41671 - Defense in depth: connect using TURN only, to avoid IP leaks if user enables WebRTC
pref("media.peerconnection.ice.relay_only", true);
+// tor-browser#42029 - Defense-in-depth: disable non-proxied UDP WebRTC
+pref("media.peerconnection.ice.default_address_only", true);
+pref("media.peerconnection.ice.no_host", true);
+pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true);
+
// Disables media devices but only if `media.peerconnection.enabled` is set to
// `false` as well. (see bug 16328 for this defense-in-depth measure)
pref("media.navigator.enabled", false);
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/fd6517c1704ee8f9c40683911ffcf83c5c23bfff
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/fd6517c1704ee8f9c40683911ffcf83c5c23bfff
You're receiving this email because of your account on gitlab.torproject.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-commits/attachments/20230821/82e96788/attachment-0001.htm>
More information about the tbb-commits
mailing list