Query syntax:

  • Use tag1 tag2 to match all tags.
  • tag1 or tag2 will match any tag.
  • Negate a tag with -tag1.
  • Group sub-queries with (tag1 or tag2).
  • Quote strings to include special characters.
  • Restrict search to a specific realm with realm:wiki.

Showing objects tagged with 'tbb-security'

  • #2340 defect: protect users against freeze, replay and version-rollback attacks (assigned)
  • #4152 enhancement: Implement Bottom Up Randomization (Windows platform) (assigned)
  • #4280 defect: build changes for TBB (assigned)
  • #5791 project: Gather apparmor/selinux/seatbelt profiles for each component of TBB (assigned)
  • #6948 enhancement: Shared memory for zygote mind meld (new)
  • #7501 task: Audit PDF.js (assigned)
  • #8288 enhancement: security, relability and repeatability issues in the TBB build process (closed: fixed)
  • #10393 project: Torbrowser updates are verified through the Tor consensus (new)
  • #10394 task: Torbrowser's updater updates HTTPS-everywhere (reopened)
  • #10397 project: Torbrowser's updater integrates additional protections from Thandy's ... (new)
  • #10498 defect: Noscript. Path of trust. (reopened)
  • #11096 enhancement: Randomize MAC address before start of Tor (assigned)
  • #11511 task: Investigate why TorLauncher is sometimes not loaded when starting TBB (assigned)
  • #12418 defect: TBBs with UBSan create lots of errors when running (assigned)
  • #12420 task: Investigate deploying STACK to check for optimization-unstable code (new)
  • #12425 task: Investigate setjmp/longjmp-based exception handling for Tor Browser on ... (new)
  • #12427 task: Investigate Virtual Table Verification (VTV) hardening for Tor Browser ... (new)
  • #12429 enhancement: Enable Assertions in Tor Browser release builds (new)
  • #12736 defect: DLL hijacking vulnerability in TBB (new)
  • #12820 project: Test+Recommend Tor Browser with MS EMET (Enhanced Mitigation ... (assigned)
  • #12950 task: Backport Windows ASLR forcing patch (new)
  • #12968 enhancement: Specify HEASLR (High Entropy Address Space Layout Randomization) in ... (needs_revision)
  • #13033 task: Apply mixed content blocking patch? (new)
  • #13056 defect: Some stack canaries are still missing on Tor Browser binaries (needs_information)
  • #13065 defect: counter downgrade / stale mirror attacks on RecommendedTBBVersions - ... (new)
  • #13367 defect: Rate limit gyroscope sampling frequency on FF mobile (new)
  • #13379 defect: Sign our MAR files (closed: fixed)
  • #13730 enhancement: Make use of MAR files with more than one signature (new)
  • #13747 enhancement: Block non .onion content on .onion addresses (mixed content blocking) (new)
  • #14676 task: Implement update verification via Tor consensus in Tor Browser (new)
  • #14970 enhancement: Don't allow third parties to block our own Tor Browser extensions (closed: fixed)
  • #14985 defect: NoScript Clickjacking warning when clicking on embedded content (new)
  • #15470 defect: cannot edit the certificates in Tor browser, (reopened)
  • #15514 defect: Trim the NoScript whitelist (assigned)
  • #15687 defect: Make Tor Browser work with AppLocker (new)
  • #15825 defect: webgl.disable-extensions true about:config setting may allow DoS (new)
  • #16010 task: Get a working content process sandbox for Tor Browser on Windows (closed: fixed)
  • #16352 task: Play with Intel's MPX for hardened Tor Browser builds (new)
  • #16417 defect: DEP/ASLR missing on some Tor Browser (Pluggable Transports) binaries ... (new)
  • #16441 defect: 8-month-old Tor Browser offers to "Reset Tor Browser", removes extensions (closed: fixed)
  • #16652 task: Review vulnerability history from FF31 to FF45 (closed: fixed)
  • #16926 defect: Multiple OS: Tor Browser leaks domains to system DNS management. (new)
  • #17091 defect: Support our own hotfix mechanism (new)
  • #17216 enhancement: Make Tor Browser's updater work over Hidden Services (new)
  • #17505 defect: UBSan is freezing Tor Browser (needs_information)
  • #17531 task: Provide a hardened Tor Browser for OS X (closed: wontfix)
  • #17532 task: Provide a hardened Tor Browser for Windows (closed: wontfix)
  • #17569 defect: Add uBlock Origin to the Tor Browser (reopened)
  • #18008 enhancement: Create a new MAR signing key and bake it into Tor Browser (closed: fixed)
  • #18287 enhancement: Use SHA-2 signature for Tor Browser setup executables (closed: fixed)
  • #18288 enhancement: Sign Tor Browser binaries on Windows (not just the setup executable) (new)
  • #18375 defect: HTTPSEverywhere/NoScript becomes disabled and not shown in ... (new)
  • #19280 project: Replace or fork NoScript in the Tor Browser (reopened)
  • #19722 enhancement: Compile tor with selfrando (assigned)
  • #19850 enhancement: Disable Plaintext HTTP Clearnet Connections (new)
  • #19907 defect: NoScript could not be verified and gets disabled after restart (needs_information)
  • #20146 defect: Firefox bug - (CVE-2016-5284) ESR-45/Tor Browser certificate pinning ... (needs_review)
  • #20149 enhancement: Test that static public key pins are working (assigned)
  • #20322 defect: SafeSEH support for mingw-w64 for Tor Browser on Windows (new)
  • #20326 defect: Tor Browser forgets HTTPS sometimes (new)
  • #20361 task: Investigate CFI means for usage in Tor Browser (new)
  • #20955 defect: Tor Browser memory hardening (new)
  • #20957 defect: Get DieHarder working with Tor Browser (needs_revision)
  • #20971 defect: Try building Tor Browser with SafeStack (new)
  • #21009 defect: sandboxed OSX browser hangs if printing is attempted (assigned)
  • #21030 task: Test integration of PartitionAlloc/HardenedPartitionAlloc in Tor Browser (new)
  • #21448 defect: Identify what build flags we should be using for security, and use them (new)
  • #21908 defect: Tor Browser breaks response headers sometimes (new)
  • #21983 defect: Should we do more to discourage custom prefs and nonstandard addons? (new)
  • #22000 defect: update OSX browser sandbox profile for e10s (new)
  • #22315 enhancement: Make use of interceptor to protect memory on Windows (spin-off from #12426) (new)
  • #22584 defect: More RWX memory pages for TBB on some Windows versions (assigned)
  • #22699 enhancement: Use browser pref for javascript at High Security Level (new)
  • #22794 defect: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured. (closed: fixed)
  • #22917 defect: Use --disable-auto-import on mingw builds of TBB and tor (new)
  • #22971 defect: The XPI signing mechanism needs to use different hash functions. (new)
  • #22974 defect: NoScript (and Tor Browser) vulnerable to Mozilla Add-On Code Execution (new)
  • #22985 defect: Can we simplify and clarify click-to-play of audio/video? (new)
  • #23238 task: Using Application Verifier Within Your Software Development Lifecycle (assigned)
  • #23362 enhancement: consider performing network operations in a dedicated process (new)
  • #23396 defect: Update the msvcr100.dll we ship in Tor Browser (closed: fixed)
  • #23409 defect: Review past year's Firefox sec bugs and update security slider ... (closed: fixed)
  • #23591 enhancement: Build Tor and Tor Browser with -mmitigate-rop (new)
  • #23658 project: Improve content sandboxing Tor Browser users on Windows (new)
  • #23659 task: Clean-up content sandboxing code for Tor Browser on Windows (closed: fixed)
  • #23660 defect: Handle exceptions in content sandboxing code for Tor Browser on ... (new)
  • #23661 defect: Set content sandbox for Tor Browser on Windows to level 2 (closed: wontfix)
  • #23663 defect: ESR52 codebase is incompatible with anything below Universal C Runtime ... (closed: invalid)
  • #23664 defect: Deal with UUID for content sandbox temp folder on Windows and Mac (new)
  • #24570 defect: [Meta] Mitigations for DLL Injection (new)
  • #25229 defect: Resist Spectre by using retpoline and a new instruction provided by ... (closed: invalid)
  • #25559 defect: Miscellaneous security- and privacy-related prefs for Tor Browser (new)
  • #25795 defect: Decide which settings to hide in Tor Browser (new)
  • #26553 defect: Sign our own extensions in Tor Browser (new)
  • #27141 enhancement: Backport TLS1.3 patches (reopened)
  • #27196 defect: TB 8a10 and panopticlick: your browser has a unique fingerprint (closed: worksforme)
  • #27462 task: Use OSS-Fuzz for Tor Browser (new)
  • #27518 defect: firefox tries to access system's snapd profile (new)
  • #28695 defect: Set BRNameMatchingPolicy to "Enforce" (closed: fixed)