Custom Query (173 matches)
Results (1 - 100 of 173)
| Ticket | Summary | Keywords | Status | Owner | Type | Priority |
|---|---|---|---|---|---|---|
| #18037 | Should the user be allowed to specify FQDNs for HS TARGETs? | tor-hs, dns, maybe-bad-idea, security-risk, single-onion | new | defect | Low | |
| #23591 | Build Tor and Tor Browser with -mmitigate-rop | tbb-security, tbb-rbm | new | enhancement | Low | |
| #1299 | Tor should verify signatures before parsing | tor-security, tor-crypto, tor-client, parse, safety, 035-removed-20180711 | new | defect | Medium | |
| #4152 | Implement Bottom Up Randomization (Windows platform) | tbb-security | assigned | enhancement | Medium | |
| #4280 | build changes for TBB | tbb-security, apparmor | assigned | defect | Medium | |
| #5791 | Gather apparmor/selinux/seatbelt profiles for each component of TBB | tbb-security, apparmor | assigned | project | Medium | |
| #6948 | Shared memory for zygote mind meld | tbb-security | new | enhancement | Medium | |
| #7193 | Tor's sybil protection doesn't consider IPv6 | ipv6, intro, tor-dirauth security sybil | new | enhancement | Medium | |
| #7501 | Audit PDF.js | tbb-security, ff60-esr | assigned | task | Medium | |
| #10393 | Torbrowser updates are verified through the Tor consensus | tbb-security, tbb-update | new | project | Medium | |
| #10394 | Torbrowser's updater updates HTTPS-everywhere | tbb-security, TorBrowserTeam201805, https-everywhere | reopened | task | Medium | |
| #10397 | Torbrowser's updater integrates additional protections from Thandy's threat model | tbb-security, tbb-update | new | project | Medium | |
| #10498 | Noscript. Path of trust. | tbb-security, noscript | reopened | defect | Medium | |
| #11096 | Randomize MAC address before start of Tor | tbb-security | assigned | enhancement | Medium | |
| #11397 | Keep using too-dirty circuits if no new circuit can be built? | tor-client needs-design security-relevant circuit-usage not-sure-if-good-idea | new | enhancement | Medium | |
| #11458 | A newer signing cert should innoculate us against older ones? | needs-proposal tor-client tor-dirauth security certificates | new | enhancement | Medium | |
| #11511 | Investigate why TorLauncher is sometimes not loaded when starting TBB | tbb-security | assigned | task | Medium | |
| #12418 | TBBs with UBSan create lots of errors when running | tbb-security, TorBrowserTeam201711 | assigned | defect | Medium | |
| #12420 | Investigate deploying STACK to check for optimization-unstable code | tbb-security, TorBrowserTeam201711, GeorgKoppen201711 | new | task | Medium | |
| #12425 | Investigate setjmp/longjmp-based exception handling for Tor Browser on Windows | tbb-security | new | task | Medium | |
| #12429 | Enable Assertions in Tor Browser release builds | tbb-security, tbb-firefox-patch | new | enhancement | Medium | |
| #12500 | Add an option to upload hidden service descriptors some time after startup | tor-hs, easy, traffic-analysis, security, reviewer-was-teor-20190422 | new | enhancement | Medium | |
| #12820 | Test+Recommend Tor Browser with MS EMET (Enhanced Mitigation Experience Toolkit) | tbb-security, tbb-isec-report, GeorgKoppen201610, TorBrowserTeam201610, ff52-esr | assigned | project | Medium | |
| #12950 | Backport Windows ASLR forcing patch | tbb-security | new | task | Medium | |
| #13033 | Apply mixed content blocking patch? | tbb-security | new | task | Medium | |
| #13056 | Some stack canaries are still missing on Tor Browser binaries | tbb-security | needs_information | defect | Medium | |
| #13065 | counter downgrade / stale mirror attacks on RecommendedTBBVersions - sign / verify tbb versions file | tbb-security, tbb-update | new | defect | Medium | |
| #13155 | I can use an extend cell to remotely determine whether two relays have a connection open | needs-insight needs-design security maybe-wontfix | new | defect | Medium | |
| #13367 | Rate limit gyroscope sampling frequency on FF mobile | tbb-security, tbb-fingerprinting, tbb-mobile | new | defect | Medium | |
| #13697 | Carry entropy across invocations | tor-relay rng security | new | enhancement | Medium | |
| #13703 | Adding doc/HARDENING | hardening, security, opsec, docs, lorax, tor-relay, tor-doc | accepted | enhancement | Medium | |
| #13730 | Make use of MAR files with more than one signature | tbb-security, tbb-update | new | enhancement | Medium | |
| #13912 | Key Security: Zeroing Buffers Is Insufficient (AES-NI leaves keys in SSE registers) | security registers aesni memwipe tor-relay | new | defect | Medium | |
| #15514 | Trim the NoScript whitelist | tbb-security, noscript | assigned | defect | Medium | |
| #15660 | [feature suggestion] Need signal to totally switch to the new set of circuits | security needs-design tor-client | new | defect | Medium | |
| #15687 | Make Tor Browser work with AppLocker | tbb-security, tbb-usability-stoppoint-app | new | defect | Medium | |
| #15729 | Proposal: Hidden Service Revocation | tor-hs, tor-spec stalled security revocation | new | enhancement | Medium | |
| #15825 | webgl.disable-extensions true about:config setting may allow DoS and breaks websites | tbb-security, tbb-fingerprinting | new | defect | Medium | |
| #16417 | DEP/ASLR missing on some Tor Browser (Pluggable Transports) binaries on Windows | tbb-security, tbb-rbm | new | defect | Medium | |
| #16894 | Check all logging output is appropriately escaped / escaped_safe_str_client | security, logging, lorax, intro | new | task | Medium | |
| #17091 | Support our own hotfix mechanism | tbb-security | new | defect | Medium | |
| #17216 | Make Tor Browser's updater work over Hidden Services | tor-hs, tbb-security, TorBrowserTeam201901, tbb-update | new | enhancement | Medium | |
| #17505 | UBSan is freezing Tor Browser | tbb-security, tbb-crash | needs_information | defect | Medium | |
| #17521 | Support capsicum(4) on FreeBSD | tor-relay, security, sandboxing, BSD, capsicum, 034-triage-20180328, 034-removed-20180328 | assigned | enhancement | Medium | |
| #17569 | Add uBlock Origin to the Tor Browser | new-addon, tbb-usability tbb-security, tbb-performance | reopened | defect | Medium | |
| #17579 | Split tor-gencert into "make cert" and "sign" portions | tor-relay key-management cli security | new | enhancement | Medium | |
| #18288 | Sign Tor Browser binaries on Windows (not just the setup executable) | tbb-security, tbb-usability | new | enhancement | Medium | |
| #18375 | HTTPSEverywhere/NoScript becomes disabled and not shown in about:addons after some launches. | tbb-security, noscript | new | defect | Medium | |
| #18643 | Replace the most error-prone binary parsers with trunnel | tor-dos security tor-relay tor-client technical-debt parsing trunnel | new | enhancement | Medium | |
| #18644 | Replace our routerparse.c core with something machine-generated | tor-dos security tor-relay tor-client technical-debt parsing | new | task | Medium | |
| #18645 | Replace our http parser with something machine-generated | tor-dos security tor-relay tor-client technical-debt parsing | new | task | Medium | |
| #19162 | Make it even harder to become HSDir | tor-hs tor-dirauth prop224 security needs-design | accepted | defect | Medium | |
| #19280 | Replace or fork NoScript in the Tor Browser | tbb-security, noscript | reopened | project | Medium | |
| #19983 | Is openssl 1.1.0's "secure heap" feature useful for us? | tls openssl hardening security tor-relay tor-client | new | enhancement | Medium | |
| #20055 | Remove relays that fail to rotate onion keys from the consensus | tor-spec, tor-dirauth, security, key-rotation | new | enhancement | Medium | |
| #20146 | Firefox bug - (CVE-2016-5284) ESR-45/Tor Browser certificate pinning bypass for addons.mozilla.org and other built-in sites | tbb-security, tls | needs_review | defect | Medium | |
| #20212 | Tor can be forced to open too many circuits by embedding .onion resources | guard-discovery, TorBrowserTeam201803, 034-roadmap-proposed, security, tor-hs | new | enhancement | Medium | |
| #20322 | SafeSEH support for mingw-w64 for Tor Browser on Windows | tbb-security, TorBrowserTeam201711, GeorgKoppen201711 | new | defect | Medium | |
| #20326 | Tor Browser forgets HTTPS sometimes | tbb-security, https-everywhere | new | defect | Medium | |
| #20361 | Investigate CFI means for usage in Tor Browser | tbb-security | new | task | Medium | |
| #20744 | add 'media.source.enabled' only where JS is enabled in security settings | tbb-security-slider, tbb-usability-website | new | defect | Medium | |
| #20955 | Tor Browser memory hardening | tbb-security | new | defect | Medium | |
| #20957 | Get DieHarder working with Tor Browser | tbb-security | needs_revision | defect | Medium | |
| #20971 | Try building Tor Browser with SafeStack | tbb-security | new | defect | Medium | |
| #21004 | "JavaScript is disabled by default on all non-HTTPS sites" option shouldn't block JS on hidden services | tbb-security-slider | new | defect | Medium | |
| #21030 | Test integration of PartitionAlloc/HardenedPartitionAlloc in Tor Browser | tbb-security | new | task | Medium | |
| #21065 | Make it easier to switch between security levels in Tor Browser | tbb-torbutton, tbb-security-slider, tbb-usability | new | enhancement | Medium | |
| #21153 | Changing the security level does not reload the page anymore | tbb-security-slider, tbb-usability | reopened | defect | Medium | |
| #21448 | Identify what build flags we should be using for security, and use them | tbb-security | new | defect | Medium | |
| #21601 | media.webaudio.enabled is not a thing anymore -- we should not govern it with our security slider | tbb-torbutton, tbb-security-slider | new | defect | Medium | |
| #21908 | Tor Browser breaks response headers sometimes | tbb-security | new | defect | Medium | |
| #21983 | Should we do more to discourage custom prefs and nonstandard addons? | tbb-usability, tbb-security | new | defect | Medium | |
| #22000 | update OSX browser sandbox profile for e10s | ff52-esr, tbb-security, tbb-sandboxing, tbb-e10s, TorBrowserTeam201707 | new | defect | Medium | |
| #22315 | Make use of interceptor to protect memory on Windows (spin-off from #12426) | tbb-security | new | enhancement | Medium | |
| #22584 | More RWX memory pages for TBB on some Windows versions | tbb-security | assigned | defect | Medium | |
| #22660 | Guard against stack smashing attacks in tor with additional compiler options. | tor-hardening, security, 029-backport, review-group-19, 032-unreached, 034-triage-20180328, 034-removed-20180328, 031-unreached-backport, 032-unreached-backport, 033-backport-unreached | needs_revision | defect | Medium | |
| #22788 | PDF.js overloads CPU when opening large PDFs on higher security slider levels | tbb-security-slider | new | defect | Medium | |
| #22917 | Use --disable-auto-import on mingw builds of TBB and tor | tbb-security | new | defect | Medium | |
| #22947 | Possible Security Issue (Information Disclosure) with Drupal on blog.torproject.org | security | needs_revision | defect | Medium | |
| #22963 | Make relay integrity digests harder to guess by padding cells with random bytes | security, 034-triage-20180328, 034-removed-20180328 | new | enhancement | Medium | |
| #22974 | NoScript (and Tor Browser) vulnerable to Mozilla Add-On Code Execution | tbb-security, noscript | new | defect | Medium | |
| #22981 | Don't block audio/video on https sites under Medium Security | tbb-usability, tbb-security-slider, ux-team | new | defect | Medium | |
| #22982 | Introduce a single "adjust security" toolbar button for security slider and noscript options | tbb-usability, tbb-security-slider, ux-team | new | defect | Medium | |
| #22985 | Can we simplify and clarify click-to-play of audio/video? | tbb-usability, tbb-security, ux-team | new | defect | Medium | |
| #23061 | crypto_rand_double() should produce all possible outputs on platforms with 32-bit int | fast-fix, tor-relay, security-low, privcount, 029-backport, review-group-22, 034-triage-20180328, 034-removed-20180328, 031-unreached-backport, 035-roadmap-subtask, 035-triaged-in-20180711, 040-unreached-20190109 | assigned | defect | Medium | |
| #23113 | Manage DNS state better when "All nameservers have failed" | dns, security-low, 032-unreached | new | defect | Medium | |
| #23238 | Using Application Verifier Within Your Software Development Lifecycle | tbb-security | assigned | task | Medium | |
| #23323 | sample_laplace_distribution should produce a valid result on 0.0 | security-low, tor-relay, 029-backport, 026-backport-maybe, 034-triage-20180328, 034-removed-20180328, 031-unreached-backport | assigned | defect | Medium | |
| #23357 | Build with non-Cross-DSO CFI | security, defence-in-depth, 033-triage-20180320, 033-removed-20180320 | needs_revision | enhancement | Medium | |
| #23362 | consider performing network operations in a dedicated process | tbb-security, tbb-sandboxing, ff68-esr | new | enhancement | Medium | |
| #23414 | rep_hist_format_hs_stats() should add noise, then round | tor-relay, security-low, privcount, 029-backport, 034-triage-20180328, 034-removed-20180328, 031-unreached-backport | assigned | defect | Medium | |
| #23415 | sample_laplace_distribution() should take multiple random inputs | tor-relay, security-low, privcount, 029-backport, 026-backport-maybe, 034-triage-20180328, 034-removed-20180328, 031-unreached-backport | assigned | defect | Medium | |
| #23658 | Improve content sandboxing Tor Browser users on Windows | tbb-security | new | project | Medium | |
| #23660 | Handle exceptions in content sandboxing code for Tor Browser on Windows properly | tbb-security | new | defect | Medium | |
| #24455 | messages out of order in the tor log due to stored logs | security-low, 033-triage-20180320, 033-removed-20180320 | new | defect | Medium | |
| #24509 | circuit_can_use_tap() should only allow TAP for v2 onion services | prop224, tor-hs, security-low, easy, intro, 034-triage-20180328, security 035-removed | assigned | defect | Medium | |
| #24570 | [Meta] Mitigations for DLL Injection | tbb-security | new | defect | Medium | |
| #24653 | Apply security slider improvements made on desktop back to mobile | tbb-mobile, tbb-torbutton, tbb-security-slider, tbb-parity | new | enhancement | Medium | |
| #25559 | Miscellaneous security- and privacy-related prefs for Tor Browser | tbb-security, ff60-esr | new | defect | Medium | |
| #25568 | hs: Lookup failure cache when introducing to an intro point | security, tor-hs, 034-triage-20180328, 034-removed-20180328 | needs_review | defect | Medium |
Note: See TracQuery
for help on using queries.
