TPE SecEng/Tor Integration
From MozillaWiki
Contents
Tor Integration Project
Tor Browser has been using Firefox ESR (Extended Support Release), which has much longer release cycles than normal Firefox release.
The intention of Tor integration project is to land all Tor Browser patches so that Tor can directly use Firefox main trunk instead of a fork.
Main Engineers
- Tanvi Vyas (SecEng, San Francisco, US)
- Dave Huseby (SecEng, Las Vegas, US)
- Jonathan Hao (SecEng, Taipei, TW)
- Tim Huang (SecEng, Taipei, TW)
- Yoshi Huang (SecEng, Taipei, TW)
Communication Channel
- IRC: https://www.oftc.net/
- Channel: #tor, #tor-dev, #tor-project
Tor Repositories
- https://gitweb.torproject.org/tor.git
- https://gitweb.torproject.org/tor-browser.git
- https://gitweb.torproject.org/https-everywhere.git
References
- Tor Uplift Tracker
- Tor Browser Patches List
- Tor Project Bug Tracker
- The Design and Implementation of the Tor Browser
- The Tor Browser Hacking Guide
- HTTPS Everywhere
- Pluggable Transports
Taipei Dashboard
Meta bugs
| ID | Summary | Priority | Status |
|---|---|---|---|
| 1260929 | [META] Tor Patch Uplifting | P3 | NEW |
1 Total; 1 Open (100%); 0 Resolved (0%); 0 Verified (0%);
Ship bugs
| ID | Summary | Status | Target milestone | Resolution | Assigned to | Depends on | Blocks | Whiteboard |
|---|---|---|---|---|---|---|---|---|
| 232227 | System colors for form elements used when browser.display.use_system_colors is set to false | RESOLVED | mozilla44 | FIXED | Dave Huseby [:huseby] | 1235520 | 1260929, 1158076 | [tor] |
| 418986 | window.screen and CSS media queries provide a large amount of identifiable information (Tor 2875) | RESOLVED | mozilla41 | FIXED | Arthur Edelstein [:arthur] | 960875, 1192090, 1192575, 1320801, 1324044, 1325016 | 1260929, 855358 | [fingerprinting][tor 5856][tor 2875][tor 4755] |
| 429070 | exposing Components.interfaces to untrusted content leaks information about installed extensions | RESOLVED | mozilla22 | FIXED | Camilo Viecco (:cviecco) | 462483, 726053, 790732, 808457 | 1260929, 467520 | [sg:low][tor] |
| 436344 | nsIProtocolProxyFilter.applyFilter() should be handed channel or request instead of URI (Tor 3455) | RESOLVED | mozilla38 | FIXED | Arthur Edelstein [:arthur] | 1124784, 1124841, 1125372, 1125757, 1137274, 1165286 | 1260929, 332248, 1144270 | [tor] |
| 440892 | network.protocol-handler.warn-external are ignored | NEW | --- | 1260929 | [tor][tor-standalone] | |||
| 565965 | Key cookies on setting domain * toplevel load domain | RESOLVED | --- | DUPLICATE | 565475 | 1260929 | [evang-wanted][necko-backlog][tor] | |
| 570342 | Metabug for mingw-w64 compilation | RESOLVED | --- | FIXED | 449292, 505731, 567771, 569475, 569547, 569581, 569586, 569587, 569590, 569604, 569608, 569611, 569819, 569821, 570332, 570334, 570340, 570949 | 1260929 | [tor] | |
| 629558 | need way to disable intermediate SSL certificate cache to demonstrate SSL problems | RESOLVED | mozilla41 | FIXED | Arthur Edelstein [:arthur] | 1216882 | 1260929, 733232 | [tor] |
| 732096 | Add a preference to prevent local font enumeration | RESOLVED | --- | DUPLICATE | 1121643 | 1260929, 1329996 | [fingerprinting][tor][tor-standalone] | |
| 751465 | Websockets leak DNS requests (Tor 5741) | RESOLVED | mozilla29 | FIXED | Jason Duell | 1260929, 971153 | [tor] | |
| 817255 | nsPluginHost::UnloadPlugins should send plugins-list-updated if there were any plugins to begin with (Tor 3547) | RESOLVED | --- | INACTIVE | 1260929 | [tor][tor-standalone] | ||
| 836439 | Handle downloads started in private browsing mode | RESOLVED | mozilla24 | FIXED | Raymond Lee [:raymondlee] | 825588, 1260929, 836483 | [tor] | |
| 863246 | resource:// URIs leak information (Tor 8725) | VERIFIED | mozilla57 | FIXED | Chung-Sheng Fu [:cfu] | 1395286, 1395486, 1433715 | 1260929, 1329996 | [tor][fingerprinting][fp:m3] |
| 867501 | Date.toLocaleFormat exposes OS locale (Tor 13019) | RESOLVED | mozilla46 | FIXED | Arthur Edelstein [:arthur] | 1629630 | 1260929 | [fingerprinting][tor] |
| 870346 | innerHeight of content window is not properly resized from extensions on startup | RESOLVED | --- | DUPLICATE | 1260929 | [tor][tor-standalone] | ||
| 939319 | Provide a drag-and-drop observer to allow event filtering | RESOLVED | mozilla29 | FIXED | Georg Koppen | 1260929 | [tor] | |
| 939354 | Meta-bug for additional third party tracking isolation options | RESOLVED | --- | DUPLICATE | 962326, 962365, 962374, 970092, 970136 | 1260929 | [tor] | |
| 962314 | Create nsIXULAppinfo.processID for obtaining Firefox PID | RESOLVED | mozilla31 | FIXED | Kathleen :Brade | 1260929 | [tor] | |
| 962358 | Provide an API/observer to close persistent connections | RESOLVED | mozilla44 | FIXED | Dave Huseby [:huseby] | 859050, 1260929 | lame-network [tor] | |
| 967812 | Permissions Manager writes to disk in Private Browsing Mode | RESOLVED | Firefox 41 | FIXED | Arthur Edelstein [:arthur] | 1194319 | 1260929 | [tor] |
| 967895 | Prompt (w/ Site Permission) before allowing content to extract canvas data (Tor 6253) | RESOLVED | mozilla58 | FIXED | Chung-Sheng Fu [:cfu] | 1260931, 1382111, 1412961, 1415874, 1431909, 1452391, 1453916 | 1260929, 1329996, 1422862, 1545527, 1376865 | [tor][fingerprinting][fp:m3][ux] |
| 967970 | Set NSDisablePersistence to prevent disk leaks for non-Firefox branded builds | RESOLVED | mozilla30 | FIXED | Mike Perry | 1260929, 1271713, 1405577 | [tor] [qa-] | |
| 967977 | Add a pref to disable SSL Session cache (Disable sending session IDs and sending session tickets) | RESOLVED | mozilla35 | FIXED | Arthur Edelstein [:arthur] | 1260929 | [tor] | |
| 967979 | Provide a pref to prevent "This Plugin is Disabled" barrier (Tor 8312) | RESOLVED | --- | INVALID | 1260929, 1277346 | [tor] | ||
| 1041818 | take steps to mitigate canvas fingerprinting | NEW | --- | 665630, 1502831, 1647906 | 1260929, 1329996 | [fingerprinting][tor][fp-triaged] | ||
| 1047105 | asmjscache: should not store cache entries when private browsing is enabled (Tor 19417) | RESOLVED | mozilla51 | FIXED | Kyle Machulis [:qdot] [:kmachulis] (INACTIVE) | 1260929 | [tor][OA] | |
| 1078657 | Add a Task library for mochitest chrome and plain | RESOLVED | mozilla42 | FIXED | Arthur Edelstein [:arthur] | 1186277, 1260929, 1187701 | [tor] | |
| 1115712 | make DataStorage for HPKP and HSTS enumerable via xpcom | RESOLVED | mozilla53 | FIXED | Jonathan Hao (inactive) [:jhao] | 775370 | 572803, 1260929, 1299996, 1290529, 1310959 | [psm-assigned] |
| 1121643 | Add an option to only expose whitelisted system fonts to avoid fontlist fingerprinting (Tor 13313) | RESOLVED | mozilla52 | FIXED | Arthur Edelstein [:arthur] | 1306715, 1426544, 1458364 | 1260929, 1329996, 1336208, 732096 | [gfx-noted] [tor][fingerprinting] |
| 1159826 | ensure_copy_recursive() leaks directory streams | RESOLVED | mozilla40 | FIXED | Robert Strong (they/them - no direct email) | 1260929 | [tor] | |
| 1173171 | Provide pref to disable download of remote jar files (Tor 12430) | RESOLVED | mozilla42 | FIXED | Arthur Edelstein [:arthur] | 1260929 | [tor] | |
| 1173199 | Add a pref to allow disabling MathML (Tor 13548) | RESOLVED | mozilla51 | FIXED | Jonathan Kingston [:jkt] he/him | 1260929, 1216893 | [tor] | |
| 1174386 | Internationalization on workers uses the wrong locale | RESOLVED | mozilla51 | FIXED | Jeff Walden [:Waldo] | 1309447 | 1260929 | [tor] |
| 1187701 | Implement add_task function for mochitest chrome and plain | RESOLVED | mozilla42 | FIXED | Arthur Edelstein [:arthur] | 1078657 | 1186277, 1260929, 1184186, 1256297 | [tor] |
| 1190590 | MinGW build fails with --enable-bundled-fonts | RESOLVED | mozilla42 | FIXED | Arthur Edelstein [:arthur] | 1260929 | [gfx-noted][tor] | |
| 1192643 | window.indexedDB throws when dom.indexedDB.enabled=false | RESOLVED | --- | WORKSFORME | 1488583 | 1260929 | [tor 21308] | |
| 1193593 | Test fingerprinting resistance for media queries in picture elements | RESOLVED | mozilla43 | FIXED | Arthur Edelstein [:arthur] | 1192090 | 1260929 | [tor][fingerprinting] |
| 1200802 | Accept SOCKS credentials in proxyInfo object | RESOLVED | mozilla45 | FIXED | Arthur Edelstein [:arthur] | 1228422, 1444532 | 122752, 1260929 | [tor] |
| 1205598 | Print preview doesn't honor Private Browsing Mode and writes to /tmp | NEW | --- | 1260929 | [tor][tor-standalone] | |||
| 1211567 | Add support for domain socket/fifo connection to proxy. | RESOLVED | mozilla51 | FIXED | Gary Chen [:xeonchen] | 892114 | 1260929, 1281296, 1294611 | [tor][necko-active][proxy] |
| 1213698 | error: undefined reference to 'dlsym' if building with ASan and GCC (Tor 17509) | REOPENED | --- | 1260929 | [tor][tor-standalone] | |||
| 1216882 | When "security.nocertdb" pref is true, HTTP Auth Dialog fails (Tor 14716) | NEW | --- | 1260929, 629558 | [tor][necko-backlog][tor-standalone] | |||
| 1216893 | Add pref to optionally disable SVG (Tor 12827) | RESOLVED | mozilla53 | FIXED | Jonathan Kingston [:jkt] he/him | 1330675, 1173199, 1295404, 1564208 | 1260929, 1409251, 1409253, 1330294 | [tor][tor-standalone] |
| 1217166 | OS X trying to run a profile from a mounted DMG file (read-only) shows error "Another copy of Firefox is running" (Tor 14631) | NEW | --- | 1260929 | [tor][tor-standalone] | |||
| 1217238 | Reduce precision of time exposed by Javascript (Tor 1517) | RESOLVED | mozilla55 | FIXED | Jonathan Hao (inactive) [:jhao] | 1430975, 1437266, 1442863 | 1260929, 1329996, 1360039, 1382545, 1424341 | [fingerprinting][tor][fp:m1] |
| 1217290 | Add fingerprinting resistance for WebGL (Tor 16005) | RESOLVED | mozilla57 | FIXED | Chung-Sheng Fu [:cfu] | 1260929, 1329996 | [tor][tor-standalone][fingerprinting][fp:m3] | |
| 1217985 | Don't depend on Windows crypto DLLs if not building the Windows Maintenance Service | RESOLVED | mozilla44 | FIXED | Arthur Edelstein [:arthur] | 1260929 | [tor] | |
| 1222285 | Keyboard layout is leaked by KeyboardEvent | RESOLVED | mozilla59 | FIXED | Tim Huang[:timhuang] | 1439784, 1470828, 1433592, 1438795 | 1260929, 1329996 | [tor 15646][tor 17009][tor-standalone][fingerprinting][fp:m3][fp-triaged] |
| 1230910 | Get sandbox compiled with mingw-w64 | RESOLVED | mozilla60 | FIXED | Tom Ritter [:tjr] | 1431621, 1431797, 1431801, 1431803, 1431807, 1431809, 1431825, 1432239, 1432295, 1432313, 1432319, 1432381, 1432505, 1432790 | 1260929, 1330608, 1498670 | [tor 16010][tor 23658][tor-standalone], sb- |
| 1235520 | Firefox 44 beta4: totally broken appearance in Linux/CentOS 6.7 i686 when ui.use_native_colors is set to false | RESOLVED | --- | WONTFIX | 1260929, 232227 | [tor][tor-standalone] | ||
| 1245470 | mingw-w64 compiled Firefox breaks with EMET (Tor 13893) | RESOLVED | --- | WORKSFORME | Georg Koppen | 1260929 | [tor][tor-standalone] | |
| 1264567 | Tests for first party isolation of localStorage (Tor 13749.1) | RESOLVED | mozilla51 | FIXED | Jonathan Hao (inactive) [:jhao] | 1289319 | 1249067, 1260929, 1299996 | [tor-testing][OA-testing][domsecurity-active][ETA 10/10] |
| 1266495 | Consider removing <isindex> from the parser and form submission [tor 18914] | RESOLVED | mozilla56 | FIXED | Henri Sivonen (:hsivonen) | 1356181, 1382269 | 1260929, 1356381, 1121467, 1330892, 1347643 | btpp-active [tor][fingerprinting] |
| 1275916 | Fix ICU cross-compilation with mingw-w64 | RESOLVED | --- | WORKSFORME | Georg Koppen | 1260929 | [tor] | |
| 1278037 | Make the ForgetAboutSite to forget a site not only for all userContextIds, but also for all originAttributes in general. | RESOLVED | mozilla51 | FIXED | Tim Huang[:timhuang] | 1195930, 1238183, 1296512 | 1260929 | [OA][domsecurity-active] |
| 1280628 | update badge shown after fallback to complete update (Tor 19411) | RESOLVED | --- | WORKSFORME | 1260929 | [tor][tor-standalone] | ||
| 1281949 | screen.orientation should be spoofed when privacy.resistFingerprinting is enabled (Tor 18958) | RESOLVED | mozilla50 | FIXED | Arthur Edelstein [:arthur] | 1260929 | [tor][fingerprinting] btpp-active | |
| 1281959 | Introduce pref to disable "open with" option in download dialog (Tor 17502) | VERIFIED | Firefox 50 | FIXED | Arthur Edelstein [:arthur] | 1260929 | [tor] | |
| 1281963 | Hide navigator.plugins and navigator.mimeTypes when resisting fingerprinting (Tor 17207) | RESOLVED | mozilla50 | FIXED | Dave Huseby [:huseby] | 1317846 | 1260929 | [tor][fingerprinting] |
| 1282279 | Make user certificates Origin Attribute aware | RESOLVED | mozilla53 | FIXED | Jonathan Hao (inactive) [:jhao] | 1315143, 1316283 | 1191418, 1260929 | [domsecurity-backlog3][userContextId][tor][OA] |
| 1284986 | JavaScript error: chrome://browser/content/pageinfo/permissions.js, line 224: Error: Callback received for bad URI: [xpconnect wrapped nsIURI @ 0x12cf99d40 (native @ 0x1356f7b08)] | NEW | --- | 1260929, 1233885 | [fxprivacy][OA][tor] | |||
| 1287994 | Implement named pipe support on option SocksPort for Windows users (Tor 14209) | NEW | --- | 1260929, 1288308 | [tor][necko-backlog][proxy] | |||
| 1288308 | Add support for named pipe connection to proxy. | RESOLVED | mozilla52 | FIXED | Gary Chen [:xeonchen] | 1287994, 1316116 | 1260929, 1294611, 1348841 | [tor][proxy][necko-active] |
| 1289319 | Add a test framework for the first party isolation tests. | RESOLVED | mozilla51 | FIXED | Tim Huang[:timhuang] | 1260929, 1299996, 1264560, 1264562, 1264567, 1264572, 1264573, 1264574, 1264577, 1264581, 1264593, 1264595 | [tor-testing][OA-testing][domsecurity-active] | |
| 1290529 | clear HSTS and HPKP for subdomains as well when bug 1115712 is fixed | RESOLVED | mozilla54 | FIXED | Jonathan Hao (inactive) [:jhao] | 1115712 | 1260929, 1299996, 1323644 | |
| 1299996 | [META] Support Tor first-party isolation | NEW | mozilla52 | 1315205, 1319346, 1321158, 1337868, 1357346, 1371651, 1398414, 1475811, 1495204, 1556212, 1558467, 1583891, 1628783, 1630869, 1676104, 444222, 744466, 962374, 1115712, 1260931, 1264556, 1264562, 1264564, 1264567, 1264571, 1264572, 1264573, 1264574, 1264577, 1264593, 1264595, 1268726, 1270680, 1274020, 1277803, 1282655, 1289319, 1290529, 1294866, 1300182, 1300671, 1300702, 1301406, 1301523, 1301530, 1301617, 1301623, 1301649, 1303062, 1304219, 1308607, 1311237, 1312541, 1312655, 1312794, 1312954, 1315602, 1315723, 1315927, 1316283, 1317927, 1319031, 1323644, 1330467, 1334468, 1334485, 1334690, 1334693, 1336867, 1337629, 1340949, 1344170, 1376971, 1376973, 1381197, 1384657, 1405884, 1473247, 1492607, 1494327, 1495241, 1506693, 1508355, 1542309, 1554805, 1558648, 1560580, 1645861 | 1260929 | [tor] [domsecurity-meta] [ETA 11/7] | ||
| 1301523 | Add a test that checks HTTP auth is isolated by first party domain (Tor 13900) | RESOLVED | mozilla52 | FIXED | Jonathan Hao (inactive) [:jhao] | 1308679 | 1191418, 1260929, 1299996 | [tor-testing][OA-testing][necko-next] |
| 1303456 | Implement Optimistic SOCKS variant | NEW | --- | 1260929 | [tor 3875][necko-backlog] | |||
| 1305144 | Spoof referrer when leaving a .onion domain (Tor 17334) | RESOLVED | mozilla54 | FIXED | Arthur Edelstein [:arthur] | 1357247, 1367564 | 1260929 | [tor][necko-would-take] |
| 1305177 | Provide observer notification to allow extensions to cancel external app launch (Tor 19273) | NEW | --- | 1260929 | [tor] | |||
| 1323644 | Isolate the HSTS and HPKP cache by first party domain. | RESOLVED | mozilla54 | FIXED | Jonathan Hao (inactive) [:jhao] | 1290529, 1336867, 1342178 | 1260929, 1299996 | [tor][tor 17965][necko-would-take][OA] |
| 1329996 | [META] Tor Uplift: Fingerprinting Resistance | NEW | mozilla54 | 572650, 755284, 1041818, 1314443, 1315203, 1330882, 1390465, 1397996, 1401493, 1403747, 1409974, 1414311, 1422482, 1422862, 1422890, 1428331, 1436226, 1439784, 1448046, 1450401, 1470828, 1472808, 1485249, 1485258, 1490728, 1492775, 1507280, 1507879, 1519122, 1542676, 1575690, 1586657, 1603332, 1621988, 1666160, 1671850, 1672093, 1677733, 1690038, 1709330, 1746668, 1772711, 1781277, 1787790, 1818894, 1823580, 1832845, 1834307, 1871789, 1876636, 1876810, 1891690, 267645, 461204, 467035, 527667, 583181, 654550, 680300, 732096, 779197, 811582, 863246, 903959, 967895, 1039069, 1047098, 1077986, 1121643, 1216800, 1217238, 1217290, 1222285, 1222924, 1233691, 1290481, 1308340, 1314448, 1320465, 1330876, 1330890, 1330892, 1333641, 1333651, 1333933, 1337157, 1337161, 1345322, 1354633, 1360039, 1363508, 1364261, 1367313, 1369303, 1369309, 1369319, 1369327, 1369328, 1369330, 1369357, 1372069, 1372072, 1372073, 1376865, 1382499, 1382533, 1382545, 1383495, 1384330, 1392844, 1393283, 1393662, 1394735, 1396468, 1397757, 1397994, 1398303, 1399279, 1400582, 1403099, 1404608, 1405810, 1405842, 1407366, 1408702, 1409809, 1409973, 1418537, 1420234, 1425130, 1432506, 1433592, 1433815, 1437266, 1437349, 1442863, 1446472, 1447592, 1450561, 1456378, 1459089, 1460145, 1461454, 1462115, 1466025, 1468957, 1478158, 1485266, 1485268, 1485280, 1486258, 1492587, 1492766, 1509829, 1511434, 1511763, 1515001, 1518839, 1529391, 1535761, 1538130, 1539503, 1560574, 1561322, 1564422, 1577243, 1581537, 1595823, 1601040, 1607027, 1607316, 1615419, 1615483, 1621433, 1625771, 1628373, 1635011, 1640449, 1670199, 1673237, 1680365, 1693861, 1708593, 1711179, 1745715, 1756280, 1758520, 1762390, 1781172, 1825378, 1827576, 1832598, 1885258 | 1260929, 1746815, 1827635 | [tor][fingerprinting][domsecurity-meta][fp-triaged] | ||
| 1330876 | use properly contrasting colors if the desktop theme specifies white on black for text colors [tor 6786] | RESOLVED | mozilla56 | FIXED | Chung-Sheng Fu [:cfu] | 1260929, 1329996 | [fingerprinting] gfx-noted [tor][fp:m2] | |
| 1330882 | When privacy.resistFingerprinting = true, set new windows to rounded dimensions [tor 19459] | REOPENED | mozilla55 | 1475973, 1600044, 1352141, 1352305, 1353894, 1355717, 1364398, 1401440, 1418537 | 1260929, 1329996 | [fingerprinting][tor][fp-triaged] | ||
| 1330890 | Use UTC timezone when privacy.resistFingerprinting = true [tor 16622] | RESOLVED | mozilla55 | FIXED | Tom Ritter [:tjr] | 1382840, 1385597, 1409973 | 1260929, 1329996, 1709867 | [fingerprinting][tor 16622][fp:m1][fp-triaged] |
| 1330892 | <isindex> leaks user locale | RESOLVED | --- | FIXED | 1266495 | 1260929, 1329996 | [fingerprinting][tor][fp:m3] | |
| 1334485 | Tracking using intermediate CA caching | RESOLVED | --- | FIXED | 1260929, 1299996 | [psm-backlog][tor] | ||
| 1336867 | Remove unsafeProcessHeader and isSecureHost in nsISiteSecurityService | RESOLVED | mozilla54 | FIXED | Jonathan Hao (inactive) [:jhao] | 1345612 | 1260929, 1299996, 1323644 | |
| 1337647 | Make a prototype of Fennec connecting to Tor network | RESOLVED | --- | WONTFIX | 1260929, 1357994 | [tor-mobile] | ||
| 1366202 | Randomize HTTP requests to defend against traffic fingerprinting (Tor 5282) | NEW | --- | 1340655 | 1260929 | [tor][necko-would-take] | ||
| 1369299 | Add a test to assure GeoIP/RegionDefault won't send whenGeoIP search is disabled | NEW | --- | 1260929 | [tor] | |||
| 1376621 | Enforce that Rust code is proxy-safe (doesn't call directly into libc networking functions) | RESOLVED | mozilla67 | FIXED | Tom Ritter [:tjr] | 1260929, 1433504, 1620045, 1524408, 1566938 | [tor 21862] | |
| 1432905 | Add pref to prevent localhost DNS lookup in nsProfileLock.cpp | RESOLVED | --- | DUPLICATE | 1260929, 1433504 | [tor 18800] | ||
| 1433350 | As defense in depth, don't load user's name etc. into memory | RESOLVED | Thunderbird 68.0 | FIXED | :aceman | 1541958 | 1260929, 1477576, 1552866 | [tor 13398][overhead:noted] |
| 1433504 | Add a build flag for proxy bypass protection | NEW | --- | 1470411, 1620045, 1376621, 1432905, 1432907, 1432983, 1433357, 1433507, 1433509, 1524408, 1636411 | 1260929 | [tor] | ||
| 1434660 | Automated test for updater cert pinning | NEW | --- | 1260929 | [tor 18912] | |||
| 1434666 | updater failing on Linux (cannot find libraries) | RESOLVED | --- | DUPLICATE | Arthur Edelstein [:arthur] | 1440783, 1441449 | 1260929 | [tor 18900] |
| 1434706 | Add a preference to disable FxA/Sync and hide their UI | RESOLVED | Firefox 60 | FIXED | Edouard Oger [:eoger] | 1440751, 1441965, 1443593, 1445028 | 1260929 | [tor 16488][tor 22564] |
| 1434772 | test to ensure CacheStorage is disabled in Private Browsing mode | RESOLVED | mozilla60 | FIXED | Arthur Edelstein [:arthur] | 1260929 | [tor 18995] | |
| 1437349 | Detect if user install certain software with external protocol | RESOLVED | --- | DUPLICATE | 1260929, 1329996 | [fingerprinting] | ||
| 1524408 | Enforce that Windows/Mac Rust code is proxy-safe (doesn't call directly into libc networking functions) | RESOLVED | --- | WONTFIX | Tom Ritter [:tjr] | 1376621 | 1260929, 1433504 | [tor 21862] |
| 1560896 | Cloudflare protected websites do not load properly with Tor proxy | RESOLVED | --- | DUPLICATE | 1260929 | [tor] | ||
| 1831879 | The "Save image" and "Download link" context menu items do not have a download confirmation prompt like other browsers, making it possible to leak private tabs by accident | NEW | --- | 1260929 |
93 Total; 18 Open (19.35%); 73 Resolved (78.49%); 2 Verified (2.15%);
