#21961 |
should torbrowser enable network.IDN_show_punycode by default?
|
ikurua22, mcs, brade, qbi, intrigeri, anonym, arthuredelstein
|
needs_review
|
tbb-team
|
enhancement
|
Immediate
|
#16352 |
Play with Intel's MPX for hardened Tor Browser builds
|
arthuredelstein
|
new
|
tbb-team
|
task
|
Very High
|
#18361 |
Issues with corporate censorship and mass surveillance
|
arthuredelstein, torry, saint, tne, nullius@…, fdsfgs@…
|
reopened
|
tbb-team
|
defect
|
Very High
|
#19001 |
Tor Browser with Snowflake
|
mrphs, mcs, serene, boklm, arthuredelstein, adrelanos
|
new
|
|
project
|
Very High
|
#19907 |
NoScript could not be verified and gets disabled after restart
|
mcs, brade, arthuredelstein
|
new
|
tbb-team
|
defect
|
Very High
|
#21394 |
connection timeouts are affecting Tor Browser usability
|
gk, brade, mcs, arthuredelstein, tom, dhalgren.tor@…
|
merge_ready
|
|
defect
|
Very High
|
#23771 |
Certain Trac accounts are vulnerable to social engineering hologram impersonation
|
arthuredelstein
|
new
|
qbi
|
defect
|
Very High
|
#24145 |
Tor Browser crash on Windows 7
|
arthuredelstein
|
new
|
|
defect
|
Very High
|
#3600 |
Prevent redirects from transmitting+storing cookies+identifiers
|
joyton, gk, michael, arma, arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
#3652 |
Export clock skew opinion as getinfo command
|
gk, adrelanos@…, arthuredelstein@…, brade, mcs, catalyst
|
needs_revision
|
nickm
|
enhancement
|
High
|
#4522 |
Add privilege separation for bundled browser
|
shondoit@…, gk, unknown@…, marlowe, trams, arthuredelstein@…, intrigeri, nord-stream@…
|
assigned
|
tbb-team
|
enhancement
|
High
|
#5798 |
Improve persistence and WebFont compatibility of font patch
|
gk, arthuredelstein@…, dcf@…, Peter_Baumann_TUD
|
new
|
tbb-team
|
defect
|
High
|
#9675 |
Provide feedback mechanism for clock-skew and other bad problems
|
mcs, Sherief, whonix-devel@…, arthuredelstein, gk, catalyst
|
assigned
|
brade
|
defect
|
High
|
#13017 |
Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector
|
arthuredelstein, isis, mcs, brade, zevnull, RobinLinus, Sampei
|
new
|
arthuredelstein
|
task
|
High
|
#13400 |
Canvas Fingerprinting: fonts
|
mcs, brade, mikeperry, arthuredelstein
|
needs_information
|
tbb-team
|
defect
|
High
|
#13893 |
Torbrowser crashes on start when using MS EMET 5.x
|
mcs, bugzilla, arthuredelstein
|
reopened
|
gk
|
defect
|
High
|
#14390 |
Browser configuration fingerprinting
|
arthuredelstein, gk, brade, mcs, nord-stream@…, adrelanos
|
new
|
tbb-team
|
defect
|
High
|
#14952 |
Audit HTTP/2 and SPDY if needed
|
mcs, dcf@…, gk, arthuredelstein
|
assigned
|
tbb-team
|
task
|
High
|
#14985 |
NoScript Clickjacking warning when clicking on embedded content
|
lunar, gk, gacar, brade, mcs, arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
#17879 |
Activating the Flash Player is not working anymore since Tor Browser 5.0.5
|
arthuredelstein
|
reopened
|
tbb-team
|
defect
|
High
|
#18364 |
Tor Browser in Gnu+Linux doesn't support Dingbats properly
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
#18589 |
Tor browser writes SiteSecurityServiceState.txt with usage history
|
arthuredelstein, mcs, gacar
|
assigned
|
tbb-team
|
defect
|
High
|
#18860 |
Reply button text and text editing Dingbats in Trac are not visible on Gnu+Linux TBB
|
arthuredelstein
|
needs_information
|
tbb-team
|
defect
|
High
|
#20120 |
TorBrowser keeps crashing
|
Verhoeff, mcs, brade, arthuredelsteins
|
needs_information
|
tbb-team
|
defect
|
High
|
#20941 |
Tor browser will resize it self after the dock is enabled and the browser is dragged to a new location
|
arthuredelstein, brade, mcs
|
assigned
|
arthuredelstein
|
defect
|
High
|
#22137 |
Provide the same scrollbar size across different platforms
|
arthuredelstein, brade, mcs
|
new
|
tbb-team
|
defect
|
High
|
#22649 |
Save Link As... in the context menu results in using the catch-all circuit
|
mcs, brade, arthuredelstein, dwatson@…
|
new
|
tbb-team
|
defect
|
High
|
#23050 |
Tab keeps crashing on Win 8.1 with Tor Browser 7 (in e10s mode)
|
mcs, brade, arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
#23247 |
Communicating security expectations for .onion: what to say about different padlock states for .onion services
|
asn, arthuredelstein, tor@…, phw, pospeselr, dmr
|
new
|
tbb-team
|
project
|
High
|
#23452 |
Tor Browser macOS dmg's are not mountable on some systems
|
mcs, brade, arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
#23769 |
Tor crashes Mac OS X 12 and 13
|
mcs, brade, arthuredelstein
|
needs_information
|
tbb-team
|
defect
|
High
|
#24309 |
Activity 4.1: Improve how circuits are displayed to the user
|
sukhbir, arthuredelstein, antonela, dmr
|
needs_revision
|
tbb-team
|
defect
|
High
|
#25013 |
Move TorButton code to the tor browser repository
|
arthuredelstein
|
needs_revision
|
tbb-team
|
defect
|
High
|
#4682 |
Deal with 'double door' effects because our read and write rate limiting are independent
|
nickm, tschorsch@…, robgjansen, arthuredelstein
|
assigned
|
arma
|
project
|
Medium
|
#5791 |
Gather apparmor/selinux/seatbelt profiles for each component of TBB
|
Shondoit, gk, andreas@…, unknown@…, tagnaq@…, tichodroma@…, ioerror, intrigeri, adrelanos@…, arthuredelstein@…
|
assigned
|
erinn
|
project
|
Medium
|
#5830 |
Write tool to automate web queries to Tor; and use Stem to track stream/circ allocation and results
|
amj703, robgjansen, karsten, gsathya, cwacek, arthuredelstein, gk
|
assigned
|
metrics-team
|
task
|
Medium
|
#7256 |
Explore zoom-based alternatives to fixed window sizes
|
gk, isis, brade, mcs, arthuredelstein
|
needs_information
|
tbb-team
|
project
|
Medium
|
#9451 |
de-anonymisation by readable @font-face CSS attribute - TBB settings update
|
g.koppen@…, team@…, arthuredelstein@…
|
new
|
tbb-team
|
defect
|
Medium
|
#9456 |
Reset file attribute information after usage
|
mikeperry, arthuredelstein
|
new
|
tbb-team
|
enhancement
|
Medium
|
#10675 |
Let's graph an estimate of the number of Tor Browser users
|
karsten, mikeperry, gk, mcs, arthuredelstein
|
new
|
|
task
|
Medium
|
#10864 |
Please create a specific “Unable to connect” page
|
gk, brade, sajolida@…, arthuredelstein, mcs
|
new
|
tbb-team
|
enhancement
|
Medium
|
#10888 |
Mozilla trademarks still remain in some about: urls
|
arthuredelstein, brade, mcs, isabela, antonela
|
new
|
tbb-team
|
defect
|
Medium
|
#11652 |
Review text of Tor Browser User Manual
|
Phoul, Sherief, mrphs, Runa, Lunar, Envite, arthuredelstein
|
new
|
|
task
|
Medium
|
#11698 |
Decide how to incorporate Tor Browser Manual pages into Tor Browser
|
Lunar, Phoul, mrphs, Sherief, karsten, mcs, brade, arthuredelstein, lnl, isabela
|
new
|
|
defect
|
Medium
|
#12418 |
TBBs with UBSan create lots of errors when running
|
arthuredelstein
|
assigned
|
tbb-team
|
defect
|
Medium
|
#12420 |
Investigate deploying STACK to check for optimization-unstable code
|
tom@…, mcs, arthuredelstein
|
new
|
tbb-team
|
task
|
Medium
|
#12820 |
Test+Recommend Tor Browser with MS EMET (Enhanced Mitigation Experience Toolkit)
|
gk, mcs, arthuredelstein
|
assigned
|
gk
|
project
|
Medium
|
#13033 |
Apply mixed content blocking patch?
|
arthuredelstein, gk
|
new
|
tbb-team
|
task
|
Medium
|
#13056 |
Some stack canaries are still missing on Tor Browser binaries
|
arthuredelstein
|
needs_information
|
tbb-team
|
defect
|
Medium
|
#13094 |
Recursive DOM Objects enumeration test
|
arthuredelstein
|
new
|
boklm
|
task
|
Medium
|
#13747 |
Block non .onion content on .onion addresses
|
arthuredelstein, brade, mcs
|
new
|
tbb-team
|
enhancement
|
Medium
|
#14085 |
HTTP redirects can leak third-party state (cookies, etc)
|
gk, arthuredelstein, ctang@…
|
new
|
tbb-team
|
enhancement
|
Medium
|
#14098 |
TBB still doesn't round windows in some cases
|
arthuredelstein, randybytes, joebtfsplk@…, adrelanos
|
new
|
tbb-team
|
defect
|
Medium
|
#14205 |
Closely review all uses of IsCallerChrome() for e10s
|
brade, arthuredelstein, gk
|
assigned
|
mcs
|
task
|
Medium
|
#14389 |
Improve TBB UI of hidden service client authorization
|
antonela, arthuredelstein, brade, mcs, gk, michael, special, erinn, patrick@…, lunar, linda
|
needs_revision
|
tbb-team
|
defect
|
Medium
|
#14638 |
Make it easier to add a bridge in network settings
|
arthuredelstein, gk, brade, mcs
|
new
|
tbb-team
|
enhancement
|
Medium
|
#15000 |
bring some sanity to quoted strings in the controller api
|
arthuredelstein, atagar, gk
|
needs_revision
|
|
defect
|
Medium
|
#15473 |
JS Date object reveals OS type
|
gk, brade, mcs, arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
#15535 |
Window unstable
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
#15537 |
Tor Browser 4.5a5 fails to maximize
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
#15842 |
Refactor and upstream patch for #10280
|
gk, arthuredelstein
|
assigned
|
gk
|
defect
|
Medium
|
#16221 |
Investigate WebRTC with TCP-ICE and hidden services
|
leif@…, gk, arthuredelstein, intrigeri
|
new
|
tbb-team
|
enhancement
|
Medium
|
#16417 |
DEP/ASLR missing on some Tor Browser (Pluggable Transports) binaries on Windows
|
gk, erinn, arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
#16443 |
Audit tiles targeting
|
mcs, gk, arthuredelstein
|
new
|
tbb-team
|
task
|
Medium
|
#16621 |
Can we merge torbutton_do_new_identity with Clear Private Data?
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
#16624 |
Improper key passed to nsHttpChannel::DoInvalidateCacheEntry()?
|
arthuredelstein, brade, mcs, gk
|
new
|
tbb-team
|
task
|
Medium
|
#16665 |
Circuit visualizer needs a cue about guards
|
mcs, arthuredelstein, sajolida@…, Spencer, dmr
|
needs_revision
|
tbb-team
|
enhancement
|
Medium
|
#16678 |
Enhance KeyboardEvent fingerprinting protection for unusual characters
|
gk, arthuredelstein, brade, mcs
|
needs_revision
|
sysrqb
|
enhancement
|
Medium
|
#16724 |
Tor Browser 5.0a4 crashes with fonts.conf file
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
#16740 |
Font defense in 5.0a4 crashes OS X 10.6.8
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
#16888 |
Regression tests for Bug #2950 (Make Permissions Manager memory-only) never fails
|
arthuredelstein, gk
|
new
|
tbb-team
|
defect
|
Medium
|
#17123 |
Request for certificate is sent over the catch-all circuit
|
arthuredelstein, bugzilla
|
new
|
tbb-team
|
defect
|
Medium
|
#17206 |
TorBrowser GeoIP works incorrectly
|
arthuredelstein
|
needs_information
|
|
defect
|
Medium
|
#17252 |
Confirm TLS session resumption/ID are isolated to the URL bar domain, and re-enable them
|
arthuredelstein
|
new
|
tbb-team
|
enhancement
|
Medium
|
#17400 |
Decide how to use the multi-lingual Tor Browser in the alpha/release series
|
mcs, brade, mikeperry, whonix-devel@…, ilv, isabela, linda, arthuredelstein
|
new
|
tbb-team
|
task
|
Medium
|
#17505 |
UBSan is freezing Tor Browser
|
arthuredelstein
|
needs_information
|
tbb-team
|
defect
|
Medium
|
#17569 |
Add uBlock Origin to the Tor Browser
|
arthuredelstein, intrigeri
|
new
|
tbb-team
|
defect
|
Medium
|
#17809 |
tbb-tests/browser_tor_TB4.js is out-of-date
|
bolkm, arthuredelstein
|
new
|
cypherpunks
|
defect
|
Medium
|
#17965 |
Isolate HPKP and HSTS to url bar domain
|
gk, arthuredelstein
|
needs_revision
|
tbb-team
|
defect
|
Medium
|
#17999 |
Changed default GUI font might help fingerprinting JA Windows users
|
yawning, arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
#18172 |
Emoji support is broken in Tor Browser 5.5
|
arthuredelstein, joel2017
|
needs_revision
|
tbb-team
|
defect
|
Medium
|
#18234 |
Font fingerprinting defenses broken on Windows
|
arthuredelstein, gk
|
new
|
tbb-team
|
defect
|
Medium
|
#18340 |
Make sure the controller password used in Torbutton is conforming to the spec
|
arthuredelstein
|
new
|
tbb-team
|
enhancement
|
Medium
|
#19135 |
'refresh tor browser' makes it inoperable
|
mcs, brade, arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
#19335 |
Tor circuit display shows example circuit instead of real
|
arthuredelstein, Mofasa, gk
|
needs_information
|
tbb-team
|
defect
|
Medium
|
#19417 |
asm.js files should be no linkability risk
|
mcs, brade, arthuredelstein
|
assigned
|
tbb-team
|
defect
|
Medium
|
#19575 |
Test for privacy.thirdparty.isolate fails with a timeout
|
arthuredelstein
|
new
|
cypherpunks
|
defect
|
Medium
|
#19583 |
Regression test for isolation of mediasource URI fails
|
arthuredelstein
|
new
|
cypherpunks
|
defect
|
Medium
|
#19670 |
Regression test for blocking of Components.interfaces fails
|
arthuredelstein, boklm
|
new
|
cypherpunks
|
defect
|
Medium
|
#20102 |
use a data object for control port info
|
arthuredelstein, brade
|
new
|
tbb-team
|
defect
|
Medium
|
#20361 |
Investigate CFI means for usage in Tor Browser
|
arthuredelstein
|
new
|
tbb-team
|
task
|
Medium
|
#20557 |
Upstream the BSD Diversity Project Tor Browser patches.
|
gk, brade, mcs, arthuredelstein
|
needs_information
|
tbb-team
|
task
|
Medium
|
#20665 |
Create alpha Tor Browser Manual
|
arthuredelstein, brade, mcs, gk
|
accepted
|
phoul
|
defect
|
Medium
|
#20724 |
Provide a way to launch TB even if Tor cannot connect
|
arthuredelstein
|
new
|
tbb-team
|
enhancement
|
Medium
|
#20820 |
Add font support for Shift-JIS
|
arthuredelstein, gk, yawning, fdsfgs@…
|
new
|
tbb-team
|
enhancement
|
Medium
|
#21011 |
Disable JavaScript JIT
|
Yawning, brade, mcs, gk, arthuredelstein
|
new
|
yawning
|
enhancement
|
Medium
|
#21030 |
Test integration of PartitionAlloc/HardenedPartitionAlloc in Tor Browser
|
arthuredelstein, tom
|
new
|
tbb-team
|
task
|
Medium
|
#21183 |
Basic Usability Issues
|
arthuredelstein, micahlee, i139, linda, brade, mcs
|
new
|
|
defect
|
Medium
|
#21224 |
Youtube fullscreen errorr in TBB fullscreen mode on MacOS 10.12
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
#21341 |
Screen size not rounding if Windows not at default DPI_TBB 6.5
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|