Look into fuzzing our tor-browser patches
As part of Sponsor4 and our switch to have specific debug builds which allow us to detect bugs earlier we should look into fuzzing our browser patches.
Mozilla already does fuzzing and we might learn something from them. Also, some of the things mentioned in https://blog.mozilla.org/security/2012/06/20/7-tips-for-fuzzing-firefox-more-effectively/ might be a good starting point, too.