[tor-bugs] #19048 [Applications/Tor Browser]: Review Firefox Developer Docs and Undocumented bugs since FF45esr
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Feb 25 13:48:40 UTC 2017
#19048: Review Firefox Developer Docs and Undocumented bugs since FF45esr
--------------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff52-esr, TorBrowserTeam201702 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor: Sponsor4
--------------------------------------------+--------------------------
Comment (by mcs):
Here are a few items for Firefox 50:
a) We need to determine if the File and Directory Entries API adds any
fingerprinting or linkability risk.
https://developer.mozilla.org/en-
US/docs/Web/API/File_and_Directory_Entries_API
b) When reviewing bugs, Kathy and I noticed that there seem to be a lot of
crasher bugs associated with DOM Animation, e.g., UAF bugs. I think this
is disabled by default via:
dom.animations-api.core.enabled = false
or maybe we also need to add the following if we want to turn it off
completely?
dom.animations-api.element-animate.enabled
This might be something for the security slider eventually.
c) As part of our release procedures, do we double-check the HPKP
expiration? We do not want to have a repeat of the problem where the pins
expired. Mozilla seems to have bugs for each release, e.g.,
https://bugzilla.mozilla.org/show_bug.cgi?id=1307530
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19048#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list