| #6119 |
Create our own instance of Panopticlick
|
pde, runa, gk, adrelanos@…, arthuredelstein@…, tD66BSHWU@…, boklm, tbb-team
|
assigned
|
boklm
|
project
|
Very High
|
| #13017 |
Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector
|
arthuredelstein, isis, mcs, brade, zevnull, RobinLinus, Sampei
|
needs_review
|
arthuredelstein
|
task
|
Very High
|
| #16010 |
Get a working content process sandbox for Tor Browser on Windows
|
mikeperry, mcs, arlolra, sukhbir, tom, arthuredelstein
|
needs_review
|
gk
|
task
|
Very High
|
| #19907 |
NoScript could not be verified and gets disabled after restart
|
mcs, brade, arthuredelstein
|
new
|
tbb-team
|
defect
|
Very High
|
| #22692 |
Backport Linux content sandboxing from Firefox 54
|
arthuredelstein, mcs, brade, saint, boklm
|
needs_review
|
tbb-team
|
enhancement
|
Very High
|
| #3652 |
Export clock skew opinion as getinfo command
|
gk, adrelanos@…, arthuredelstein@…, brade, mcs, catalyst
|
needs_revision
|
nickm
|
enhancement
|
High
|
| #4522 |
Add privilege separation for bundled browser
|
shondoit@…, gk, unknown@…, marlowe, trams, arthuredelstein@…, intrigeri, nord-stream@…
|
assigned
|
tbb-team
|
enhancement
|
High
|
| #5798 |
Improve persistence and WebFont compatibility of font patch
|
gk, arthuredelstein@…, dcf@…, Peter_Baumann_TUD
|
new
|
tbb-team
|
defect
|
High
|
| #13400 |
Canvas Fingerprinting: fonts
|
mcs, brade, mikeperry, arthuredelstein
|
needs_information
|
tbb-team
|
defect
|
High
|
| #14205 |
Closely review all uses of IsCallerChrome() for e10s
|
brade, arthuredelstein, gk
|
assigned
|
mcs
|
task
|
High
|
| #14390 |
Browser configuration fingerprinting
|
arthuredelstein, gk, brade, mcs, nord-stream@…, adrelanos
|
new
|
tbb-team
|
defect
|
High
|
| #14985 |
NoScript Clickjacking warning when clicking on embedded content
|
lunar, gk, gacar, brade, mcs, arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
| #15599 |
Range requests used by pdfjs are not isolated to URL bar domain
|
arthuredelstein, mcs, brade
|
assigned
|
tbb-team
|
defect
|
High
|
| #17879 |
Activating the Flash Player is not working anymore since Tor Browser 5.0.5
|
arthuredelstein
|
reopened
|
tbb-team
|
defect
|
High
|
| #17965 |
Isolate HPKP and HSTS to url bar domain
|
gk, arthuredelstein
|
needs_revision
|
tbb-team
|
defect
|
High
|
| #18364 |
Tor Browser in Gnu+Linux doesn't support Dingbats properly
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
| #18589 |
Tor browser writes SiteSecurityServiceState.txt with usage history
|
arthuredelstein, mcs, gacar
|
assigned
|
tbb-team
|
defect
|
High
|
| #18860 |
Reply button text and text editing Dingbats in Trac are not visible on Gnu+Linux TBB
|
arthuredelstein
|
needs_information
|
tbb-team
|
defect
|
High
|
| #19417 |
asm.js files should not be cached to disk in Tor Browser and no linkability risk
|
mcs, brade, arthuredelstein
|
needs_revision
|
tbb-team
|
defect
|
High
|
| #20120 |
TorBrowser keeps crashing
|
Verhoeff, mcs, brade, arthuredelsteins
|
needs_information
|
tbb-team
|
defect
|
High
|
| #20941 |
Tor browser will resize it self after the dock is enabled and the browser is dragged to a new location
|
arthuredelstein, brade, mcs
|
assigned
|
arthuredelstein
|
defect
|
High
|
| #22137 |
Provide the same scrollbar size across different platforms
|
arthuredelstein, brade, mcs
|
new
|
tbb-team
|
defect
|
High
|
| #22649 |
Save Link As... in the context menu results in using the catch-all circuit
|
mcs, brade, arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
| #23050 |
Tab keeps crashing on Win 8.1 with Tor Browser 7 (in e10s mode)
|
mcs, brade, arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
| #23452 |
Tor Browser macOS dmg's are not mountable on some systems
|
mcs, brade, arthuredelstein
|
new
|
tbb-team
|
defect
|
High
|
| #5753 |
When we isolate streams by domain, can a local observer guess how many domains we visit?
|
g.koppen@…, arthuredelstein
|
new
|
|
defect
|
Medium
|
| #5791 |
Gather apparmor/selinux/seatbelt profiles for each component of TBB
|
Shondoit, gk, andreas@…, unknown@…, tagnaq@…, tichodroma@…, ioerror, intrigeri, adrelanos@…, arthuredelstein@…
|
assigned
|
erinn
|
project
|
Medium
|
| #5830 |
Write tool to automate web queries to Tor; and use Stem to track stream/circ allocation and results
|
amj703, robgjansen, karsten, gsathya, cwacek, arthuredelstein, gk
|
new
|
|
task
|
Medium
|
| #7256 |
Explore zoom-based alternatives to fixed window sizes
|
gk, isis, brade, mcs, arthuredelstein
|
needs_information
|
tbb-team
|
project
|
Medium
|
| #7500 |
Keep an eye on Shumway (Flash in JS)
|
g.koppen@…, StrangeCharm, adrelanos@…, arthuredelstein@…
|
new
|
tbb-team
|
project
|
Medium
|
| #9451 |
de-anonymisation by readable @font-face CSS attribute - TBB settings update
|
g.koppen@…, team@…, arthuredelstein@…
|
new
|
tbb-team
|
defect
|
Medium
|
| #9456 |
Reset file attribute information after usage
|
mikeperry, arthuredelstein
|
new
|
tbb-team
|
enhancement
|
Medium
|
| #9675 |
Provide feedback mechanism for clock-skew and other bad problems
|
mcs, Sherief, whonix-devel@…, arthuredelstein, gk, catalyst
|
assigned
|
brade
|
defect
|
Medium
|
| #10675 |
Let's graph an estimate of the number of Tor Browser users
|
karsten, mikeperry, gk, mcs, arthuredelstein
|
new
|
|
task
|
Medium
|
| #10864 |
Please create a specific “Unable to connect” page
|
gk, brade, sajolida@…, arthuredelstein, mcs
|
new
|
tbb-team
|
enhancement
|
Medium
|
| #10888 |
Mozilla trademarks still remain in some about: urls
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
| #11652 |
Review text of Tor Browser User Manual
|
Phoul, Sherief, mrphs, Runa, Lunar, Envite, arthuredelstein
|
new
|
|
task
|
Medium
|
| #11698 |
Decide how to incorporate Tor Browser Manual pages into Tor Browser
|
Lunar, Phoul, mrphs, Sherief, karsten, mcs, brade, arthuredelstein, lnl, isabela
|
new
|
|
defect
|
Medium
|
| #12418 |
TBBs with UBSan create lots of errors when running
|
arthuredelstein
|
assigned
|
tbb-team
|
defect
|
Medium
|
| #12420 |
Investigate deploying STACK to check for optimization-unstable code
|
tom@…, mcs, arthuredelstein
|
new
|
tbb-team
|
task
|
Medium
|
| #12820 |
Test+Recommend Tor Browser with MS EMET (Enhanced Mitigation Experience Toolkit)
|
gk, mcs, arthuredelstein
|
assigned
|
gk
|
project
|
Medium
|
| #13033 |
Apply mixed content blocking patch?
|
arthuredelstein, gk
|
new
|
tbb-team
|
task
|
Medium
|
| #13056 |
Some stack canaries are still missing on Tor Browser binaries
|
arthuredelstein
|
needs_information
|
tbb-team
|
defect
|
Medium
|
| #13094 |
Recursive DOM Objects enumeration test
|
arthuredelstein
|
new
|
boklm
|
task
|
Medium
|
| #13398 |
at startup, browser gleans user FULL NAME (real name, given name) from O/S
|
arthuredelstein, brade, mcs
|
needs_revision
|
pospeselr
|
defect
|
Medium
|
| #13747 |
Block non .onion content on .onion addresses
|
arthuredelstein, brade, mcs
|
new
|
tbb-team
|
enhancement
|
Medium
|
| #14085 |
HTTP redirects can leak third-party state (cookies, etc)
|
gk, arthuredelstein, ctang@…
|
new
|
tbb-team
|
enhancement
|
Medium
|
| #14098 |
TBB still doesn't round windows in some cases
|
arthuredelstein, randybytes, joebtfsplk@…, adrelanos
|
new
|
tbb-team
|
defect
|
Medium
|
| #14389 |
Improve TBB UI of hidden service client authorization
|
arthuredelstein, brade, mcs, gk, michael, special, erinn, patrick@…, lunar, linda
|
needs_revision
|
tbb-team
|
defect
|
Medium
|
| #14638 |
Make it easier to add a bridge in network settings
|
arthuredelstein, gk, brade, mcs
|
new
|
tbb-team
|
enhancement
|
Medium
|
| #15000 |
bring some sanity to quoted strings in the controller api
|
arthuredelstein, atagar, gk
|
needs_revision
|
|
defect
|
Medium
|
| #15473 |
JS Date object reveals OS type
|
gk, brade, mcs, arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
| #15535 |
Window unstable
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
| #15537 |
Tor Browser 4.5a5 fails to maximize
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
| #15842 |
Refactor and upstream patch for #10280
|
gk, arthuredelstein
|
assigned
|
gk
|
defect
|
Medium
|
| #15897 |
Circuit information is not displayed on Tor Browser new/error pages
|
arthuredelstein, gk, arma, mcs, special
|
needs_revision
|
tbb-team
|
defect
|
Medium
|
| #16221 |
Investigate WebRTC with TCP-ICE and hidden services
|
leif@…, gk, arthuredelstein, intrigeri
|
new
|
tbb-team
|
enhancement
|
Medium
|
| #16352 |
Play with Intel's MPX for hardened Tor Browser builds
|
arthuredelstein
|
new
|
tbb-team
|
task
|
Medium
|
| #16417 |
DEP/ASLR missing on some Tor Browser (Pluggable Transports) binaries on Windows
|
gk, erinn, arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
| #16443 |
Audit tiles targeting
|
mcs, gk, arthuredelstein
|
new
|
tbb-team
|
task
|
Medium
|
| #16621 |
Can we merge torbutton_do_new_identity with Clear Private Data?
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
| #16624 |
Improper key passed to nsHttpChannel::DoInvalidateCacheEntry()?
|
arthuredelstein, brade, mcs, gk
|
new
|
tbb-team
|
task
|
Medium
|
| #16665 |
Circuit visualizer needs a cue about guards
|
mcs, arthuredelstein, sajolida@…, Spencer
|
needs_revision
|
tbb-team
|
enhancement
|
Medium
|
| #16678 |
Enhance KeyboardEvent fingerprinting protection for unusual characters
|
gk, arthuredelstein, brade, mcs
|
needs_information
|
sysrqb
|
enhancement
|
Medium
|
| #16724 |
Tor Browser 5.0a4 crashes with fonts.conf file
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
| #16740 |
Font defense in 5.0a4 crashes OS X 10.6.8
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
| #16888 |
Regression tests for Bug #2950 (Make Permissions Manager memory-only) never fails
|
arthuredelstein, gk
|
new
|
tbb-team
|
defect
|
Medium
|
| #17123 |
Request for certificate is sent over the catch-all circuit
|
arthuredelstein, bugzilla
|
new
|
tbb-team
|
defect
|
Medium
|
| #17206 |
TorBrowser GeoIP works incorrectly
|
arthuredelstein
|
needs_information
|
|
defect
|
Medium
|
| #17400 |
Decide how to use the multi-lingual Tor Browser in the alpha/release series
|
mcs, brade, mikeperry, whonix-devel@…, ilv, isabela, linda, arthuredelstein
|
new
|
tbb-team
|
task
|
Medium
|
| #17505 |
UBSan is freezing Tor Browser
|
arthuredelstein
|
needs_information
|
tbb-team
|
defect
|
Medium
|
| #17569 |
Add uBlock Origin to the Tor Browser
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
| #17809 |
tbb-tests/browser_tor_TB4.js is out-of-date
|
bolkm, arthuredelstein
|
new
|
cypherpunks
|
defect
|
Medium
|
| #17999 |
Changed default GUI font might help fingerprinting JA Windows users
|
yawning, arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
| #18172 |
Emoji support is broken in Tor Browser 5.5
|
arthuredelstein, joel2017
|
needs_revision
|
tbb-team
|
defect
|
Medium
|
| #18234 |
Font fingerprinting defenses broken on Windows
|
arthuredelstein, gk
|
new
|
tbb-team
|
defect
|
Medium
|
| #18340 |
Make sure the controller password used in Torbutton is conforming to the spec
|
arthuredelstein
|
new
|
tbb-team
|
enhancement
|
Medium
|
| #19001 |
Tor Browser with Snowflake
|
mrphs, mcs, serene, boklm, arthuredelstein, adrelanos
|
new
|
|
project
|
Medium
|
| #19135 |
'refresh tor browser' makes it inoperable
|
mcs, brade, arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
| #19335 |
Tor circuit not displayed
|
arthuredelstein, Mofasa, gk
|
needs_information
|
tbb-team
|
defect
|
Medium
|
| #19575 |
Test for privacy.thirdparty.isolate fails with a timeout
|
arthuredelstein
|
new
|
cypherpunks
|
defect
|
Medium
|
| #19583 |
Regression test for isolation of mediasource URI fails
|
arthuredelstein
|
new
|
cypherpunks
|
defect
|
Medium
|
| #19670 |
Regression test for blocking of Components.interfaces fails
|
arthuredelstein, boklm
|
new
|
cypherpunks
|
defect
|
Medium
|
| #19675 |
Merge Orfox patches into tor-browser
|
amoghbl1, brade, mcs, arthuredelstein, fdsfgs@…
|
new
|
tbb-team
|
task
|
Medium
|
| #20102 |
use a data object for control port info
|
arthuredelstein, brade
|
new
|
tbb-team
|
defect
|
Medium
|
| #20361 |
Investigate CFI means for usage in Tor Browser
|
arthuredelstein
|
new
|
tbb-team
|
task
|
Medium
|
| #20557 |
Upstream the BSD Diversity Project Tor Browser patches.
|
gk, brade, mcs, arthuredelstein
|
needs_information
|
tbb-team
|
task
|
Medium
|
| #20665 |
Create alpha Tor Browser Manual
|
arthuredelstein, brade, mcs, gk
|
accepted
|
phoul
|
defect
|
Medium
|
| #20724 |
Provide a way to launch TB even if Tor cannot connect
|
arthuredelstein
|
new
|
tbb-team
|
enhancement
|
Medium
|
| #20815 |
UI dev work of security slider experience on Orfox
|
gk, tbb-team, n8fr8, amoghbl1, brade, mcs, arthuredelstein, synzvato, fdsfgs@…
|
assigned
|
synzvato
|
task
|
Medium
|
| #20820 |
Add font support for Shift-JIS
|
arthuredelstein, gk, yawning, fdsfgs@…
|
new
|
tbb-team
|
enhancement
|
Medium
|
| #21011 |
Disable JavaScript JIT
|
Yawning, brade, mcs, gk, arthuredelstein
|
new
|
yawning
|
enhancement
|
Medium
|
| #21030 |
Test integration of PartitionAlloc/HardenedPartitionAlloc in Tor Browser
|
arthuredelstein, tom
|
new
|
tbb-team
|
task
|
Medium
|
| #21183 |
Basic Usability Issues
|
arthuredelstein, micahlee, i139, linda, brade, mcs
|
new
|
|
defect
|
Medium
|
| #21224 |
Youtube fullscreen errorr in TBB fullscreen mode on MacOS 10.12
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
| #21341 |
Screen size not rounding if Windows not at default DPI_TBB 6.5
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
| #21361 |
Enable browser APIs only allowed in secure contexts for NG HS
|
arthuredelstein, gk, mcs
|
new
|
tbb-team
|
defect
|
Medium
|
| #21426 |
Make sure keyup events don't leak underlying keyboard layout
|
arthuredelstein
|
new
|
tbb-team
|
enhancement
|
Medium
|
| #21455 |
Inconsistent New Window height on multiple monitors (Windows)
|
arthuredelstein
|
new
|
tbb-team
|
defect
|
Medium
|
| #21565 |
Clean up hardening wrapper flags used in tor-browser-build
|
arthuredelstein
|
new
|
tbb-team
|
enhancement
|
Medium
|
