Block protocol handler enumeration

Torbutton should block remote protocol handler enumeration. We currently wrap the external protocol handler launching components, and install custom protocol handlers to handle tor:// urls. We should see if we can perform any tricks in these components to defeat http://pseudo-flaw.net/tor/torbutton/scan-protocol-handlers.html.

added TorBrowserTeam201810R component::applications/tor browser owner::tbb-team priority::high resolution::fixed severity::normal status::closed tbb-backported tbb-fingerprinting tbb-torbutton type::enhancement labels

Trac:
Component: Torbutton to TorBrowserButton
Actualpoints: N/A to N/A
Points: N/A to N/A

Trac:
Milestone: N/A to TorBrowserBundle 2.3.x-stable

Trac:
Keywords: N/A deleted, tbb-fingerprinting added

Trac:
Keywords: N/A deleted, MikePerry201206 added

Trac:
Keywords: MikePerry201206 deleted, N/A added

Trac:
Component: TorBrowserButton to Tor Browser
Owner: mikeperry to tbb-team
Keywords: N/A deleted, tbb-torbutton added

We ran across this in the mozilla bugtracker, and Jonathan updated the POC to work again: https://bugzilla.mozilla.org/show_bug.cgi?id=680300#c5

Trac:
Severity: N/A to Blocker
Reviewer: N/A to N/A
Sponsor: N/A to N/A

Trac:
Severity: Blocker to Normal

Trac:
Milestone: TorBrowserBundle 2.3.x-stable to N/A

Tim landed patches in https://bugzilla.mozilla.org/show_bug.cgi?id=680300, so we can backport them for TBB/ESR60.

Here is a branch with Tim's 3 commits cherry-picked on top of tor-browser-60.2.0esr-8.5-1

https://github.com/arthuredelstein/tor-browser/commits/1623

We could also consider including these backported patches in 8.0.x.

Trac:
Keywords: N/A deleted, TorBrowserTeam201809R added
Status: new to needs_review

Moving review tickets to October

Trac:
Keywords: TorBrowserTeam201809R deleted, TorBrowserTeam201810R added

Looks good. Cherry-picked to tor-browser-60.2.1esr-8.5-1 (commits 8ac83f77ae144a3063c57099c250a340fd4bf0ac, 0a5a1991dec543177e78283f27407e2a6d4892d8, and d098b183150a7feb83f159ad731fc42537252863) and marked for possible backport. This should be available starting with Tor Browser 8.5a4.

Trac:
Resolution: N/A to fixed
Status: needs_review to closed
Keywords: N/A deleted, tbb-backport added

Backported to tor-browser-60.3.0esr-8.0-1 (commits d0571f8b98a5a98e59974b4868c0fcccaea17748, 818556471232f9a9a4caebc3c37cae387a43bbd7, and bec054919416df19648702f2af0b9a0be1c384b8)

Trac:
Keywords: tbb-backport deleted, tbb-backported added

closed

moved to tpo/applications/tor-browser#1623 (closed)