audit the Web Authentication API

As of Firefox 60, Mozilla has enabled support for the Web Authentication API by default. We should audit it or at least understand it better, or we should disable it by setting security.webauth.webauthn to false. See: ​https://bugzilla.mozilla.org/show_bug.cgi?id=1432542

added TorBrowserTeam201809 component::applications/tor browser ff60-esr owner::tbb-team priority::high severity::normal status::reopened type::defect labels

Trac:
Cc: N/A to arthuredelstein

Bumping prio.

Trac:
Priority: Medium to Immediate

Trac:
Priority: Immediate to High

Move our tickets to August.

Trac:
Keywords: TorBrowserTeam201807 deleted, TorBrowserTeam201808 added

bug_26614 (https://gitweb.torproject.org/user/gk/tor-browser.git/commit/?h=bug_26614&id=4f1f0b24358519d784a775189fbf02e6f53ec5e4) in my public tor-browser repo disables the API for now.

Trac:
Keywords: TorBrowserTeam201808 deleted, TorBrowserTeam201808R added

r=mcs LGTM

Cherry-picked to tor-browser-60.1.0esr-8.0-1 (commit 6417fe352cdd2275664870ce0003fe3dfd2561eb), thanks!

Trac:
Status: new to closed
Resolution: N/A to fixed

Let's use this ticket for the audit as well.

Trac:
Keywords: TorBrowserTeam201808R deleted, TorBrowserTeam201808 added
Status: closed to reopened
Summary: audit or disable the Web Authentication API to audit the Web Authentication API
Resolution: fixed to N/A

Moving our tickets to September 2018

Trac:
Keywords: TorBrowserTeam201808 deleted, TorBrowserTeam201809 added

mentioned in issue #34193 (moved)

moved to tpo/applications/tor-browser#26614

mentioned in issue tpo/applications/tor-browser#34193