Opened 3 months ago

Last modified 2 weeks ago

#26614 reopened defect

audit the Web Authentication API

Reported by: mcs Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff60-esr, TorBrowserTeam201809
Cc: arthuredelstein Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

As of Firefox 60, Mozilla has enabled support for the Web Authentication API by default. We should audit it or at least understand it better, or we should disable it by setting security.webauth.webauthn to false. See:

https://bugzilla.mozilla.org/show_bug.cgi?id=1432542

Child Tickets

Change History (9)

comment:1 Changed 3 months ago by arthuredelstein

Cc: arthuredelstein added

comment:2 Changed 3 months ago by gk

Priority: MediumImmediate

Bumping prio.

comment:3 Changed 3 months ago by gk

Priority: ImmediateHigh

comment:4 Changed 7 weeks ago by gk

Keywords: TorBrowserTeam201808 added; TorBrowserTeam201807 removed

Move our tickets to August.

comment:5 Changed 3 weeks ago by gk

Keywords: TorBrowserTeam201808R added; TorBrowserTeam201808 removed

comment:6 Changed 3 weeks ago by mcs

r=mcs
LGTM

comment:7 Changed 3 weeks ago by gk

Resolution: fixed
Status: newclosed

Cherry-picked to tor-browser-60.1.0esr-8.0-1 (commit 6417fe352cdd2275664870ce0003fe3dfd2561eb), thanks!

comment:8 Changed 3 weeks ago by gk

Keywords: TorBrowserTeam201808 added; TorBrowserTeam201808R removed
Resolution: fixed
Status: closedreopened
Summary: audit or disable the Web Authentication APIaudit the Web Authentication API

Let's use this ticket for the audit as well.

comment:9 Changed 2 weeks ago by gk

Keywords: TorBrowserTeam201809 added; TorBrowserTeam201808 removed

Moving our tickets to September 2018

Note: See TracTickets for help on using tickets.