Custom Query (177 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (1 - 100 of 177)

1 2
Ticket Summary Keywords Status Owner Type Priority
#25795 Decide which settings to hide in Tor Browser ux-team, tbb-security, tbb-fingerprinting new tbb-team defect Medium
#27143 Look for parts of code that relies on non-trunnel code for binary wire format handling trunnel wireformat heartbleed-safety security parsing accepted rl1987 task Medium
#27324 Rework AUTHENTICATE cell parsing and remaining generation with trunnel trunnel wireformat heartbleed-safety security parsing accepted rl1987 enhancement Medium
#27326 Replace packed_cell_t and supporting code with stuff generated by trunnel trunnel wireformat heartbleed-safety security parsing new enhancement Medium
#27327 Parse and generate CREATE, CREATE_FAST and CREATED cell wire format with trunnel trunnel wireformat heartbleed-safety security parsing new enhancement Medium
#27328 Rework EXTEND and EXTENDED cells with trunnel trunnel wireformat heartbleed-safety security parsing new enhancement Medium
#27329 Rework RELAY cell wire format handling with trunnel trunnel wireformat heartbleed-safety security parsing new enhancement Medium
#32673 'buf_read_from_tls()' can return the wrong error code tor-tls, tor-security, consider-backport-if-needed, consider-backport-after-0433, 035-backport, 040-backport, 041-backport, 042-backport fast-fix merge_ready nickm defect Medium
#20055 Remove relays that fail to rotate onion keys from the consensus tor-spec, tor-dirauth, security, key-rotation, network-health new enhancement Medium
#23414 rep_hist_format_hs_stats() should add noise, then round tor-relay, security-low, privcount, 034-triage-20180328, 034-removed-20180328, 031-unreached-backport new defect Medium
#23415 sample_laplace_distribution() should take multiple random inputs tor-relay, security-low, privcount, 026-backport-maybe, 034-triage-20180328, 034-removed-20180328, 031-unreached-backport new defect Medium
#13753 Validate is_canonical more thoroughly tor-relay, security, tor-sponsorS-orphan new enhancement High
#17521 Support capsicum(4) on FreeBSD tor-relay, security, sandboxing, BSD, capsicum, 034-triage-20180328, 034-removed-20180328 assigned shawn.webb enhancement Medium
#13697 Carry entropy across invocations tor-relay rng security new enhancement Medium
#17579 Split tor-gencert into "make cert" and "sign" portions tor-relay key-management cli security new enhancement Medium
#15729 Proposal: Hidden Service Revocation tor-hs, tor-spec stalled security revocation new Nathaniel enhancement Medium
#17216 Make Tor Browser's updater work over Hidden Services tor-hs, tbb-security, TorBrowserTeam201901, tbb-update new tbb-team enhancement Medium
#29583 HSv3: Faulty cross-certs in introduction point keys (allows naive onionbalance for v3s) tor-hs, scaling, onionbalance, 040-backport, 035-backport, needs-proposal, security, 041-longterm, 041-deferred-20190530 new defect High
#12500 Add an option to upload hidden service descriptors some time after startup tor-hs, easy, traffic-analysis, security, reviewer-was-teor-20190422 new enhancement Medium
#18037 Should the user be allowed to specify FQDNs for HS TARGETs? tor-hs, dns, maybe-bad-idea, security-risk, single-onion new defect Low
#29927 Tor protocol errors causing silent dropped cells tor-hs, diagnostic, mystery, security new defect High
#19162 Make it even harder to become HSDir tor-hs tor-dirauth prop224 security needs-design accepted arma defect Medium
#22660 Guard against stack smashing attacks in tor with additional compiler options. tor-hardening, security, review-group-19, 032-unreached, 034-triage-20180328, 034-removed-20180328, 031-unreached-backport, 032-unreached-backport, 033-unreached-backport needs_revision defect Medium
#27921 apparent DOS / impairment-of-service against FallbackDirs using DIR requests, please evaluate for possible mitigation tor-dos, 040-roadmap-proposed, postfreeze-ok, security, 040-deferred-20190220 new enhancement Medium
#18643 Replace the most error-prone binary parsers with trunnel tor-dos security tor-relay tor-client technical-debt parsing trunnel new enhancement Medium
#18644 Replace our routerparse.c core with something machine-generated tor-dos security tor-relay tor-client technical-debt parsing new task Medium
#18645 Replace our http parser with something machine-generated tor-dos security tor-relay tor-client technical-debt parsing new task Medium
#17901 Tor would bind ControlPort to public ip address if it has no localhost interface tor-control misconfiguration security easy new defect High
#11397 Keep using too-dirty circuits if no new circuit can be built? tor-client needs-design security-relevant circuit-usage not-sure-if-good-idea new enhancement Medium
#19983 Is openssl 1.1.0's "secure heap" feature useful for us? tls openssl hardening security tor-relay tor-client new enhancement Medium
#22981 Don't block audio/video on https sites under Medium Security tbb-usability, tbb-security-slider, ux-team new tbb-team defect Medium
#22982 Introduce a single "adjust security" toolbar button for security slider and noscript options tbb-usability, tbb-security-slider, ux-team new tbb-team defect Medium
#22985 Can we simplify and clarify click-to-play of audio/video? tbb-usability, tbb-security, ux-team new tbb-team defect Medium
#21983 Should we do more to discourage custom prefs and nonstandard addons? tbb-usability, tbb-security new tbb-team defect Medium
#18497 Check that MAR signing is done properly on the files available in the update responses tbb-update, tbb-security assigned tbb-team enhancement Medium
#21601 media.webaudio.enabled is not a thing anymore -- we should not govern it with our security slider tbb-torbutton, tbb-security-slider, gitlab-tb-torbutton new tbb-team defect Medium
#29506 <noscript> tag doesn't work when JS is blocked by security slider at Safer tbb-security-slider, ux-team, noscript new tbb-team defect Medium
#20744 add 'media.source.enabled' only where JS is enabled in security settings tbb-security-slider, tbb-usability-website new tbb-team defect Medium
#21153 Changing the security level does not reload the page anymore tbb-security-slider, tbb-usability reopened tbb-team defect Medium
#27607 Enabling SVG sets security slider back to "Safer" tbb-security-slider, tbb-8.0-issues, tbb-regression, tbb-8.0.1-can new tbb-team defect Medium
#22788 PDF.js overloads CPU when opening large PDFs on higher security slider levels tbb-security-slider new tbb-team defect Medium
#29917 Safest security level breaks reader view buttons tbb-security-slider new tbb-team defect Medium
#32425 SVG icons are blocked in the video player in Safest security setting tbb-security-slider new tbb-team defect Medium
#20149 Test that static public key pins are working tbb-security, tls, ReleaseTrainMigration assigned tbb-team enhancement High
#20146 Firefox bug - (CVE-2016-5284) ESR-45/Tor Browser certificate pinning bypass for addons.mozilla.org and other built-in sites tbb-security, tls needs_review tbb-team defect Medium
#15687 Make Tor Browser work with AppLocker tbb-security, tbb-usability-stoppoint-app new tbb-team defect Medium
#18288 Sign Tor Browser binaries on Windows (not just the setup executable) tbb-security, tbb-usability new erinn enhancement Medium
#10397 Torbrowser's updater integrates additional protections from Thandy's threat model tbb-security, tbb-update new tbb-team project Medium
#13065 counter downgrade / stale mirror attacks on RecommendedTBBVersions - sign / verify tbb versions file tbb-security, tbb-update new tbb-team defect Medium
#13730 Make use of MAR files with more than one signature tbb-security, tbb-update new tbb-team enhancement Medium
#2340 protect users against freeze, replay and version-rollback attacks tbb-security, tbb-sign, tbb-rbm, gitlab-tb-tor-browser-build new tbb-team defect Very High
#31905 Sign dmg images (not just their contents) tbb-security, tbb-sign, TorBrowserTeamTriaged new tbb-team enhancement Medium
#34398 Harden our code signing on macOS for ESR 78 tbb-security, tbb-sign, GeorgKoppen201911, ff78-esr, gitlab-tb-tor-browser-build new tbb-team task Medium
#32504 Harden our macOS builds tbb-security, tbb-sign, GeorgKoppen201911 new tbb-team defect Medium
#32506 Move to different entitlements files for parent and child processes tbb-security, tbb-sign, GeorgKoppen201911 new tbb-team defect Medium
#32507 Move closer to the way Mozilla is signing macOS bundles tbb-security, tbb-sign, GeorgKoppen201911 new tbb-team defect Medium
#23362 consider performing network operations in a dedicated process tbb-security, tbb-sandboxing, ff78-esr new tbb-team enhancement Medium
#6948 Shared memory for zygote mind meld tbb-security, tbb-sandboxing new tbb-team enhancement Medium
#21009 sandboxed OSX browser hangs if printing is attempted tbb-security, tbb-sandboxing assigned mcs defect High
#20361 Investigate CFI means for usage in Tor Browser tbb-security, tbb-rbm, gitlab-tb-tor-browser-build new tbb-team task Medium
#21448 Identify what build flags we should be using for security, and use them tbb-security, tbb-rbm, gitlab-tb-tor-browser-build new tbb-team defect Medium
#12968 Specify HEASLR (High Entropy Address Space Layout Randomization) in MinGW-w64 tbb-security, tbb-rbm, boklm201811, TorBrowserTeam201908, gitlab-tb-tor-browser-build needs_revision tbb-team enhancement Very High
#33481 Update lucetc for RLBox on macOS tbb-security, tbb-rbm, GeorgKoppen202006, TorBrowserTeam202006, gitlab-tb-tor-browser-build needs_revision gk defect Medium
#12820 Test+Recommend Tor Browser with MS EMET (Enhanced Mitigation Experience Toolkit) tbb-security, tbb-isec-report, GeorgKoppen201610, TorBrowserTeam201610, ff52-esr assigned tbb-team project Medium
#12429 Enable Assertions in Tor Browser release builds tbb-security, tbb-firefox-patch new tbb-team enhancement Medium
#13367 Rate limit gyroscope sampling frequency on FF mobile tbb-security, tbb-fingerprinting, tbb-mobile new tbb-team defect Medium
#15825 webgl.disable-extensions true about:config setting may allow DoS and breaks websites tbb-security, tbb-fingerprinting new tbb-team defect Medium
#23664 Deal with UUID for content sandbox temp folder on Windows and Mac tbb-security, tbb-disk-leak new tbb-team defect High
#13893 Torbrowser crashes on start when using MS EMET 5.x tbb-security, tbb-crash, tbb-usability-stoppoint-app, fuck-mingw-gcc, GeorgKoppen201609, TorBrowserTeam201610, ff52-esr assigned tbb-team defect High
#17505 UBSan is freezing Tor Browser tbb-security, tbb-crash needs_information tbb-team defect Medium
#27518 firefox tries to access system's snapd profile tbb-security, tbb-8.0-issues, tbb-regression new tbb-team defect Medium
#10498 Get only the NoScript we want to our users tbb-security, noscript new tbb-team defect Medium
#14985 NoScript Clickjacking warning when clicking on embedded content tbb-security, noscript new tbb-team defect High
#15514 Trim the NoScript whitelist tbb-security, noscript assigned tbb-team defect Medium
#18375 HTTPSEverywhere/NoScript becomes disabled and not shown in about:addons after some launches. tbb-security, noscript new tbb-team defect Medium
#19280 Replace or fork NoScript in the Tor Browser tbb-security, noscript reopened tbb-team project Medium
#22974 NoScript (and Tor Browser) vulnerable to Mozilla Add-On Code Execution tbb-security, noscript new tbb-team defect Medium
#10394 Torbrowser's updater updates HTTPS-everywhere tbb-security, https-everywhere, TorBrowserTeam202006R needs_review tbb-team task Medium
#19850 Disable Plaintext HTTP Clearnet Connections tbb-security, https-everywhere new tbb-team enhancement High
#20326 Tor Browser forgets HTTPS sometimes tbb-security, https-everywhere new tbb-team defect Medium
#32469 Keep an eye on potential omni.ja signing tbb-security, ff78-esr, TorBrowserTeamTriaged new tbb-team defect Medium
#22971 The XPI signing mechanism needs to use different hash functions. tbb-security, ff60-esr new tbb-team defect High
#25559 Miscellaneous security- and privacy-related prefs for Tor Browser tbb-security, ff60-esr new tbb-team defect Medium
#5791 Gather apparmor/selinux/seatbelt profiles for each component of TBB tbb-security, apparmor new tbb-team project Medium
#13747 Block non .onion content on .onion addresses (mixed content blocking) tbb-security, TorBrowserTeam201903 new tbb-team enhancement High
#20322 SafeSEH support for mingw-w64 for Tor Browser on Windows tbb-security, TorBrowserTeam201711, GeorgKoppen201711, tbb-rbm, gitlab-tb-tor-browser-build new tbb-team defect Medium
#12420 Investigate deploying STACK to check for optimization-unstable code tbb-security, TorBrowserTeam201711, GeorgKoppen201711 new tbb-team task Medium
#12418 TBBs with UBSan create lots of errors when running tbb-security, TorBrowserTeam201711 assigned tbb-team defect Medium
#12736 DLL hijacking vulnerability in TBB tbb-security, TorBrowserTeam201608 new tbb-team defect High
#32389 Sandbox Graphite using RLBox for Linux tbb-security, GeorgKoppen202006, TorBrowserTeam202006 needs_revision gk task Medium
#33410 Use RLBox for sandboxing Graphite on macOS tbb-security, GeorgKoppen202006, TorBrowserTeam202006 needs_revision tbb-team task Medium
#33487 Prepare lucetc and wasi-sdk for macOS build for RLBox Support tbb-security, GeorgKoppen202006, TorBrowserTeam202006 needs_revision gk defect Medium
#32379 Use RLBox for sandboxing third-party libraries tbb-security, GeorgKoppen202006 new tbb-team project Medium
#33488 lucetc does not procude reproducible .so/.dylib files tbb-security, GeorgKoppen202003 assigned gk defect Medium
#15470 cannot edit the certificates in Tor browser, tbb-security, CNNIC reopened tbb-team defect Very High
#7501 Audit PDF.js tbb-security new tbb-team task Medium
#12425 Investigate setjmp/longjmp-based exception handling for Tor Browser on Windows tbb-security new tbb-team task Medium
#12427 Investigate Virtual Table Verification (VTV) hardening for Tor Browser on Linux and Windows tbb-security new tbb-team task High
#12950 Backport Windows ASLR forcing patch tbb-security new tbb-team task Medium
#13033 Apply mixed content blocking patch? tbb-security new tbb-team task Medium
1 2
Note: See TracQuery for help on using queries.