| #21961 |
should torbrowser enable network.IDN_show_punycode by default?
|
ikurua22, mcs, brade, qbi, intrigeri, anonym, arthuredelstein, floweb
|
needs_review
|
tbb-team
|
enhancement
|
Immediate
|
| #16352 |
Play with Intel's MPX for hardened Tor Browser builds
|
arthuredelstein
|
new
|
tbb-team
|
task
|
Very High
|
| #18361 |
Issues with corporate censorship and mass surveillance
|
arthuredelstein, torry, saint, tne, nullius@…, fdsfgs@…
|
needs_review
|
tbb-team
|
defect
|
Very High
|
| #19001 |
Tor Browser with Snowflake
|
mrphs, mcs, serene, boklm, arthuredelstein, adrelanos
|
new
|
|
project
|
Very High
|
| #19907 |
NoScript could not be verified and gets disabled after restart
|
mcs, brade, arthuredelstein
|
needs_information
|
tbb-team
|
defect
|
Very High
|
| #21394 |
connection timeouts are affecting Tor Browser usability
|
gk, brade, mcs, arthuredelstein, tom, dhalgren.tor@…
|
merge_ready
|
|
defect
|
Very High
|
| #23771 |
Certain Trac accounts are vulnerable to social engineering hologram impersonation
|
arthuredelstein
|
new
|
qbi
|
defect
|
Very High
|
| #27083 |
TBA: Window size rounding isn't used
|
sysrqb, igt0, arthuredelstein
|
new
|
tbb-team
|
defect
|
Very High
|
| #27413 |
Implement better communication between NoScript and Tor Browser
|
arthuredelstein, ma1
|
new
|
tbb-team
|
enhancement
|
Very High
|
| #3600 |
Prevent redirects from transmitting+storing cookies+identifiers
|
joyton, gk, michael, arma, arthuredelstein, tbb-team
|
assigned
|
pospeselr
|
defect
|
High
|
| #3652 |
Export clock skew opinion as getinfo command
|
gk, adrelanos@…, arthuredelstein@…, brade, mcs, catalyst, dmr
|
needs_revision
|
nickm
|
enhancement
|
High
|
| #4522 |
Add privilege separation for bundled browser
|
shondoit@…, gk, unknown@…, marlowe, trams, arthuredelstein@…, intrigeri, nord-stream@…
|
assigned
|
tbb-team
|
enhancement
|
High
|
| #5798 |
Improve persistence and WebFont compatibility of font patch
|
gk, arthuredelstein@…, dcf@…, Peter_Baumann_TUD
|
new
|
tbb-team
|
defect
|
High
|
| #9675 |
Provide feedback mechanism for clock-skew and other bad problems
|
mcs, Sherief, whonix-devel@…, arthuredelstein, gk, catalyst, dmr
|
assigned
|
brade
|
defect
|
High
|
| #13017 |
Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector
|
arthuredelstein, isis, mcs, brade, zevnull, RobinLinus, Sampei
|
new
|
arthuredelstein
|
task
|
High
|
| #13400 |
Canvas Fingerprinting: fonts
|
mcs, brade, mikeperry, arthuredelstein
|
needs_information
|
tbb-team
|
defect
|
High
|
| #13747 |
Block non .onion content on .onion addresses (mixed content blocking)
|
arthuredelstein, brade, mcs, tom
|
new
|
tbb-team
|
enhancement
|
High
|
| #13893 |
Torbrowser crashes on start when using MS EMET 5.x
|
mcs, bugzilla, arthuredelstein
|
reopened
|
gk
|
defect
|
High
|
| #14390 |
Browser configuration fingerprinting
|
arthuredelstein, gk, brade, mcs, nord-stream@…, adrelanos
|
new
|
tbb-team
|
defect
|
High
|
| #14985 |
NoScript Clickjacking warning when clicking on embedded content
|
lunar, gk, gacar, brade, mcs, arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
| #17879 |
Activating the Flash Player is not working anymore since Tor Browser 5.0.5
|
arthuredelstein
|
reopened
|
tbb-team
|
defect
|
High
|
| #18364 |
Tor Browser in Gnu+Linux doesn't support Dingbats properly
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
| #18589 |
Tor browser writes SiteSecurityServiceState.txt with usage history
|
arthuredelstein, mcs, gacar
|
assigned
|
tbb-team
|
defect
|
High
|
| #18860 |
Reply button text and text editing Dingbats in Trac are not visible on Gnu+Linux TBB
|
arthuredelstein
|
needs_information
|
tbb-team
|
defect
|
High
|
| #20941 |
Tor browser will resize it self after the dock is enabled and the browser is dragged to a new location
|
arthuredelstein, brade, mcs
|
assigned
|
arthuredelstein
|
defect
|
High
|
| #22070 |
Check whether we need to update our font whitelist for ESR60
|
arthuredelstein
|
new
|
tbb-team
|
task
|
High
|
| #22137 |
Provide the same scrollbar size across different platforms
|
arthuredelstein, brade, mcs
|
new
|
tbb-team
|
defect
|
High
|
| #23050 |
Tab keeps crashing on Win 8.1 with Tor Browser 7 (in e10s mode)
|
mcs, brade, arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
| #23452 |
Tor Browser macOS dmg's are not mountable on some systems
|
mcs, brade, arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
| #23769 |
Tor crashes Mac OS X 12 and 13
|
mcs, brade, arthuredelstein
|
needs_information
|
tbb-team
|
defect
|
High
|
| #25555 |
Reimplement Optimistic SOCKS feature
|
arthuredelstein, sysrqb, pospeselr
|
new
|
tbb-team
|
defect
|
High
|
| #26407 |
Go over security slider governed preferences and update them where needed
|
arthuredelstein
|
new
|
tbb-team
|
task
|
High
|
| #26557 |
Regression in keyboard fingerprinting
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
| #26599 |
investigate CSS masks feature for fingerprinting potential
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
| #26601 |
investigate whether SVGGeometryElement introduces a fingerprinting vector
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
| #26602 |
investigate whether CSS clip-path adds a fingerprinting risk
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
| #26605 |
investigate window.requestIdleCallback() for possible timing leaks
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
| #26606 |
investigate fingerprinting and linkability risks of the Intersection Observer API
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
| #26607 |
verify that subpixel accuracy of window scroll properties does not add fingerprinting risk
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
| #26608 |
investigate <link rel="preload">
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
| #26610 |
investigate whether hardware encoding of media adds fingerprinting risk for TBA
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
| #26612 |
increase the TLS handshake timeout
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
| #26614 |
audit the Web Authentication API
|
arthuredelstein
|
reopened
|
tbb-team
|
defect
|
High
|
| #27601 |
browser notifications are not working anymore with Tor Browser 8
|
arthuredelstein, gok+tortrac@…
|
new
|
tbb-team
|
defect
|
High
|
| #4682 |
Deal with 'double door' effects because our read and write rate limiting are independent
|
nickm, tschorsch@…, robgjansen, arthuredelstein
|
assigned
|
arma
|
project
|
Medium
|
| #5791 |
Gather apparmor/selinux/seatbelt profiles for each component of TBB
|
Shondoit, gk, andreas@…, unknown@…, tagnaq@…, tichodroma@…, ioerror, intrigeri, adrelanos@…, arthuredelstein@…
|
assigned
|
erinn
|
project
|
Medium
|
| #5830 |
Write tool to automate web queries to Tor; and use Stem to track stream/circ allocation and results
|
amj703, robgjansen, karsten, gsathya, cwacek, arthuredelstein, gk
|
assigned
|
metrics-team
|
task
|
Medium
|
| #7256 |
Explore zoom-based alternatives to fixed window sizes
|
gk, isis, brade, mcs, arthuredelstein
|
needs_information
|
tbb-team
|
project
|
Medium
|
| #7921 |
Remove/hide fingerprintable UI options
|
gk, arthuredelstein
|
new
|
tbb-team
|
enhancement
|
Medium
|
| #9451 |
de-anonymisation by readable @font-face CSS attribute - TBB settings update
|
g.koppen@…, team@…, arthuredelstein@…
|
new
|
tbb-team
|
defect
|
Medium
|
| #9456 |
Reset file attribute information after usage
|
mikeperry, arthuredelstein
|
new
|
tbb-team
|
enhancement
|
Medium
|
| #10864 |
Please create a specific “Unable to connect” page
|
gk, brade, sajolida@…, arthuredelstein, mcs
|
new
|
tbb-team
|
enhancement
|
Medium
|
| #10888 |
Mozilla trademarks still remain in some about: urls
|
arthuredelstein, brade, mcs, isabela, antonela
|
new
|
tbb-team
|
defect
|
Medium
|
| #11013 |
Windows installer's language should default to the bundle's language
|
arthuredelstein, emmapeel, StrangeCharm
|
new
|
tbb-team
|
defect
|
Medium
|
| #11698 |
Decide how to incorporate Tor Browser Manual pages into Tor Browser
|
Lunar, Phoul, mrphs, Sherief, karsten, mcs, brade, arthuredelstein, lnl, isabela
|
new
|
|
defect
|
Medium
|
| #12418 |
TBBs with UBSan create lots of errors when running
|
arthuredelstein
|
assigned
|
tbb-team
|
defect
|
Medium
|
| #12420 |
Investigate deploying STACK to check for optimization-unstable code
|
tom@…, mcs, arthuredelstein
|
new
|
tbb-team
|
task
|
Medium
|
| #12774 |
"Firefox is already running" when you select meek after bootstrapping
|
arthuredelstein, brade, mcs
|
new
|
dcf
|
defect
|
Medium
|
| #12820 |
Test+Recommend Tor Browser with MS EMET (Enhanced Mitigation Experience Toolkit)
|
gk, mcs, arthuredelstein
|
assigned
|
gk
|
project
|
Medium
|
| #13033 |
Apply mixed content blocking patch?
|
arthuredelstein, gk
|
new
|
tbb-team
|
task
|
Medium
|
| #13056 |
Some stack canaries are still missing on Tor Browser binaries
|
arthuredelstein
|
needs_information
|
tbb-team
|
defect
|
Medium
|
| #13094 |
Recursive DOM Objects enumeration test
|
arthuredelstein
|
new
|
boklm
|
task
|
Medium
|
| #14085 |
HTTP redirects can leak third-party state (cookies, etc)
|
gk, arthuredelstein, ctang@…
|
new
|
tbb-team
|
enhancement
|
Medium
|
| #14098 |
TBB still doesn't round windows in some cases
|
arthuredelstein, randybytes, joebtfsplk@…, adrelanos
|
new
|
tbb-team
|
defect
|
Medium
|
| #14205 |
Closely review all uses of IsCallerChrome() for e10s
|
brade, arthuredelstein, gk
|
assigned
|
mcs
|
task
|
Medium
|
| #14389 |
Improve TBB UI of hidden service client authorization
|
antonela, arthuredelstein, brade, mcs, gk, michael, special, erinn, patrick@…, lunar, linda, dmr
|
needs_revision
|
tbb-team
|
defect
|
Medium
|
| #14638 |
Make it easier to add a bridge in network settings
|
arthuredelstein, gk, brade, mcs
|
new
|
tbb-team
|
enhancement
|
Medium
|
| #15000 |
bring some sanity to quoted strings in the controller api
|
arthuredelstein, atagar, gk
|
needs_revision
|
|
defect
|
Medium
|
| #15473 |
JS Date object reveals OS type
|
gk, brade, mcs, arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
| #15535 |
Window unstable
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
| #15537 |
Tor Browser 4.5a5 fails to maximize
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
| #15842 |
Refactor and upstream patch for #10280
|
gk, arthuredelstein
|
assigned
|
gk
|
defect
|
Medium
|
| #16221 |
Investigate WebRTC with TCP-ICE and hidden services
|
leif@…, gk, arthuredelstein, intrigeri, ln5, dmr
|
new
|
tbb-team
|
enhancement
|
Medium
|
| #16417 |
DEP/ASLR missing on some Tor Browser (Pluggable Transports) binaries on Windows
|
gk, erinn, arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
| #16443 |
Audit tiles targeting
|
mcs, gk, arthuredelstein
|
new
|
tbb-team
|
task
|
Medium
|
| #16621 |
Can we merge torbutton_do_new_identity with Clear Private Data?
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
| #16624 |
Improper key passed to nsHttpChannel::DoInvalidateCacheEntry()?
|
arthuredelstein, brade, mcs, gk
|
new
|
tbb-team
|
task
|
Medium
|
| #16678 |
Enhance KeyboardEvent fingerprinting protection for unusual characters
|
gk, arthuredelstein, brade, mcs
|
needs_revision
|
sysrqb
|
enhancement
|
Medium
|
| #16724 |
Tor Browser 5.0a4 crashes with fonts.conf file
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
| #16740 |
Font defense in 5.0a4 crashes OS X 10.6.8
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
| #16888 |
Regression tests for Bug #2950 (Make Permissions Manager memory-only) never fails
|
arthuredelstein, gk
|
new
|
tbb-team
|
defect
|
Medium
|
| #17123 |
Request for certificate is sent over the catch-all circuit
|
arthuredelstein, bugzilla
|
new
|
tbb-team
|
defect
|
Medium
|
| #17206 |
TorBrowser GeoIP works incorrectly
|
arthuredelstein
|
needs_information
|
|
defect
|
Medium
|
| #17400 |
Decide how to use the multi-lingual Tor Browser in the alpha/release series
|
mcs, brade, mikeperry, whonix-devel@…, ilv, isabela, linda, arthuredelstein, emmapeel, antonela, intrigeri
|
new
|
tbb-team
|
task
|
Medium
|
| #17505 |
UBSan is freezing Tor Browser
|
arthuredelstein
|
needs_information
|
tbb-team
|
defect
|
Medium
|
| #17569 |
Add uBlock Origin to the Tor Browser
|
arthuredelstein, intrigeri
|
reopened
|
tbb-team
|
defect
|
Medium
|
| #17809 |
tbb-tests/browser_tor_TB4.js is out-of-date
|
bolkm, arthuredelstein
|
new
|
cypherpunks
|
defect
|
Medium
|
| #17999 |
Changed default GUI font might help fingerprinting JA Windows users
|
yawning, arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
| #18172 |
Emoji support is broken in Tor Browser 5.5
|
arthuredelstein, joel2017
|
needs_revision
|
tbb-team
|
defect
|
Medium
|
| #18234 |
Font fingerprinting defenses broken on Windows
|
arthuredelstein, gk
|
new
|
tbb-team
|
defect
|
Medium
|
| #18340 |
Make sure the controller password used in Torbutton is conforming to the spec
|
arthuredelstein
|
new
|
tbb-team
|
enhancement
|
Medium
|
| #19135 |
'refresh tor browser' makes it inoperable
|
mcs, brade, arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
| #19335 |
Tor circuit display shows example circuit instead of real
|
arthuredelstein, Mofasa, gk
|
new
|
tbb-team
|
defect
|
Medium
|
| #19417 |
asm.js files should be no linkability risk
|
mcs, brade, arthuredelstein
|
assigned
|
tbb-team
|
defect
|
Medium
|
| #19575 |
Test for privacy.thirdparty.isolate fails with a timeout
|
arthuredelstein
|
new
|
cypherpunks
|
defect
|
Medium
|
| #19583 |
Regression test for isolation of mediasource URI fails
|
arthuredelstein
|
new
|
cypherpunks
|
defect
|
Medium
|
| #19670 |
Regression test for blocking of Components.interfaces fails
|
arthuredelstein, boklm
|
new
|
cypherpunks
|
defect
|
Medium
|
| #20102 |
use a data object for control port info
|
arthuredelstein, brade
|
new
|
tbb-team
|
defect
|
Medium
|
| #20361 |
Investigate CFI means for usage in Tor Browser
|
arthuredelstein
|
new
|
tbb-team
|
task
|
Medium
|
| #20557 |
Upstream the BSD Diversity Project Tor Browser patches.
|
gk, brade, mcs, arthuredelstein
|
needs_information
|
tbb-team
|
task
|
Medium
|
