Query syntax:

  • Use tag1 tag2 to match all tags.
  • tag1 or tag2 will match any tag.
  • Negate a tag with -tag1.
  • Group sub-queries with (tag1 or tag2).
  • Quote strings to include special characters.
  • Restrict search to a specific realm with realm:wiki.

Showing objects tagged with 'tbb-linkability'

  • #3600 defect: Prevent redirects from transmitting+storing cookies+identifiers (new)
  • #5288 defect: Clickjacking + popups subvert TBB url-bar isolation (new)
  • #8213 defect: spoof history.length - browser.sessionhistory.max_entries (new)
  • #9783 defect: New Identity does not always clear all OCSP/favicon related network ... (new)
  • #12682 enhancement: Tor Browser's HTML5 canvas fingerprinting dialogue could use a ... (new)
  • #12683 defect: Permissions in nsIPermissionManager aren't cleared with TorButton's ... (new)
  • #13236 defect: investigate Firefox SSL for things that might allow user tracking (new)
  • #15499 defect: Onion sites circuits are not properly isolated to URL bar domain (new)
  • #15563 defect: ServiceWorkers violate first party isolation, probably (new)
  • #15569 defect: Web Notification API icons get no first party on Windows systems (new)
  • #15954 defect: Canvas permission and HTTP auth still use FQDN isolation (new)
  • #16285 task: Make sure EME is no tracking risk in Tor Browser (new)
  • #16335 task: Investigate whether the Symbol data type can store global identifiers ... (new)
  • #16693 defect: Isolate TLS Channel-Bound Cookies (new)
  • #16920 defect: Referer Header should be disabled for new tabs (needs_review)
  • #17123 defect: Request for certificate is sent over the catch-all circuit (new)
  • #17244 defect: Low entropy PRNG usage in Tor Browser? (needs_information)
  • #18532 defect: Now search.disconnect.me through catchall too (reopened)
  • #18552 defect: timing oracle for rendezvouz circuits (new)
  • #19037 defect: Suppress content access to page visibility API (new)
  • #19520 task: Investigate "No last modified time" entries visible in about:cache (new)
  • #19741 defect: favicon in searchbar popup uses catchall circuit (new)
  • #20256 defect: Cloudfront resources are isolated to the FQDN (new)
  • #20328 defect: No cookies are visible, except... (needs_information)
  • #20393 defect: Something uses catchall circuit (new)
  • #21347 enhancement: Retrying a download breaks URL bar domain isolation (new)
  • #21559 defect: Tor browser deanonymization/fingerprinting via cached intermediate CAs (new)
  • #21657 task: Test to make sure we isolate or disable all speculative connects (new)
  • #21793 task: Keep an eye on the CustomElementRegistry API (assigned)
  • #22100 defect: Triggering the external helper dialog leads sometimes to requests ... (new)
  • #22162 defect: Review speculative connections (new)
  • #23210 defect: Favicons are getting reloaded over catch-all-circuit if content ... (new)
  • #23216 defect: The languagechange event is noticeable on all open tabs (new)
  • #23768 defect: Update code to wipe indexedDB in New Identity (new)
  • #25672 defect: Debugger in developer tools is fetching website over catch-all circuit (new)
  • #26606 defect: investigate fingerprinting and linkability risks of the Intersection ... (new)
  • #27127 defect: Audit and enable HTTP/2 push (new)
  • #27260 defect: Audit network.http.spdy.enabled.deps (new)
  • #27633 defect: Do subscribed feeds adhere to first party isolation? (new)
  • #28368 defect: determine if media.decoder.recycle.enabled allows any linkability (new)
  • #28719 defect: Clicking on embedded links seems to cause FPI mismatch (new)
  • #31066 defect: Consider protection against requests going through catch-all circuit (new)
  • #31075 defect: Consider dropping browser patch for 26353 (new)
  • #31753 defect: Web developer network tab breaks first-party isolation in some cases II (new)
  • #32151 defect: Investigate RemoteSettings requests params and try to reduce info ... (new)
  • #32289 defect: feedback on a website‏ (needs_information)
  • #32414 defect: window.external.AddSearchProvider request goes through catch-all-circuit (closed: fixed)
  • #32885 task: Make sure SSL resumption cache in Necko adheres to FPI (new)