Opened 4 years ago

Last modified 21 months ago

#17091 new defect

Support our own hotfix mechanism

Reported by: mikeperry Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-security
Cc: brade, mcs, gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We disabled the Firefox Hotfix system in #16837 over concerns about compatibility/conflicts.

We can enable this again by setting extensions.hotfix.url to our own servers, and only pushing out a specific Mozilla hotfix after we've tested it on TBB ourselves, but then we need to deal with pinning and other issues. The pinning for AMO is specified here:
https://mxr.mozilla.org/mozilla-central/source/security/manager/tools/PreloadedHPKPins.json#201

Mozilla is also planning on replacing the Hotfix mechanism at some point, so we'll need to watch for falling bits.

Child Tickets

Change History (3)

comment:1 Changed 4 years ago by mcs

Cc: brade mcs added

comment:2 Changed 4 years ago by gk

Cc: gk added

comment:3 Changed 21 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.