arthuredelstein / tor-browser Public

Bug 15029: Don't prompt to install missing plugins.

Call the pref svg.in-content.enabled.

Instead of using "runas" to try to elevate privileges, the updater
now fails if the user does not have permission to apply an update.
This avoids potential security issues such as CVE-2015-0833.

If the svg.inContent.enabled preference is false, disallow all use of
SVG within content pages.

In the following situations it is very difficult to determine if code
is executing within a chrome context or not:
  SVG hasFeature() API.
  SVG hasExtension() API.
  Use of SVG glyphs within custom OpenType fonts.
In these cases, everything is assumed to be content; that is, setting
the pref. to false will block use of the above features from chrome
as well. This is OK because these features are unlikely to be used by
core browser code.

To allow for localization, get profile-related error strings from Torbutton.
Use app display name ("Tor Browser") in profile-related error alerts.

Instead of always reporting that the profile is locked, display specific
messages for "access denied" and "read-only file system".

Prevent user tracking via HTTP Basic Authentication by
removing Authorization headers from third party requests.

This is a port of a piece of the Stanford SafeCache code that
previously was included in Torbutton.

If the pref "plugin.disable" is set, the user has to click an extra button to
cause Firefox to actually scan the filesystem for plugins.

Note: The strings for this patch are actually present in Torbutton.

Patch by bobnomnom.

This is a patch written by Jeff Gibat (iSECPartners) to disable the
jar: protocol handler via a preference. The preference is bound to the
security slider settings (#9387).

This test ensures that if first-party isolation is enabled
("privacy.thirdparty.isolate" pref is set to 2) then when a loaded file is cached,
it is indexed by the URL-bar domain.

In this test, a number of files are loaded (via IFRAME, LINK, SCRIPT, IMG, OBJECT,
EMBED, AUDIO, VIDEO, TRACK and XMLHttpRequest) by parent pages with different URL bar
domains. When isolation is active, we test to confirm that a separate copy of each file
is cached for each different parent domain. We also test to make sure that when
isolation is inactive, a single copy of the child page is cached and reused for all
parent domains.

Configure with --enable-signmar (build the signmar tool).
Configure with --enable-verify-mar (when updating, require a valid signature
  on the MAR file before it is applied).
Use the Tor Browser version instead of the Firefox version inside the
  MAR file info block (necessary to prevent downgrade attacks).
Use NSS on all platforms for checking MAR signatures (Mozilla plans to use
  OS-native APIs on Mac OS and they already do so on Windows).  So that the
  NSS and NSPR libraries the updater depends on can be found at runtime, we
  add the firefox directory to the shared library search path on all platforms.
Use SHA512-based MAR signatures instead of the SHA1-based ones that Mozilla
  uses.  This is implemented inside MAR_USE_SHA512_RSA_SIG #ifdef's and with
  a signature algorithm ID of 512 to help avoid collisions with future work
  Mozilla might do in this area.
  See: https://bugzilla.mozilla.org/show_bug.cgi?id=1105689

Backport reviewed patches from these two Mozilla bugs:
903135 - Link updater to NSS and enable MAR verification on Linux and OSX
903126 - Implement a platform independent way to determine which cert to use
	   for verifying mars
Configure browser build with --enable-signmar and --enable-verify-mar.

…urce files. r=rstrong

…. r=rstrong

Both the Inspector and PDF.js raise canvas prompts although they are no
danger as they are delivered with the browser itself and are no
untrusted content. This patch exempts both of them from canvas prompts,
too.

If calling `DescribeScriptedCaller` fails neither `scriptFile` nor
`scriptLine` are logged.

…nificant way. r=gps a=NPOTB"

This reverts commit 87d09ba. It seems
it breaks our deterministic build setup running |configure| again
during |make build|. The former does not like being run under
libfaketime but the latter needs to be in order to get reproducible
builds.

Changing the download folder on Win XP was crashing due to a mingw-w64
related Firefox bug. This is the backport of the fix provided in
https://bugzilla.mozilla.org/show_bug.cgi?id=1091594. Thanks to Jacek
Caban for the help.

On Windows, updater.exe failed to start if a copy of msvcr100.dll was not
installed in the system directory.  We now append to the PATH the directory
that contains our copy of msvcr100.dll; that is, the Browser/ directory that
contains firefox.exe.  That same directory contains a copy of libssp-0.dll,
which updater.exe also depends on; both DLL dependencies are now satisfied
from the Browser/ directory.  Previously, the libssp-0.dll dependency was being
satisifed from the .../Browser/TorBrowser/Tor directory which Tor Launcher
adds to the path (and typically the updater is run from within a browser
session or after a restart during which the PATH is preserved).

…S servers.

Includes the following Mozilla patches, some modified for Tor Browser:

Bug 744204 - Allow Key pining part 1 - Built-in Pinning Service. r=keeler

Bug 744204 - Allow Certificate key pinning Part 2 - Certverifier Interface. r=keeler

  --HG--
  extra : rebase_source : 2f9748ba0b241c697e22b7ff72f2f5a0fad4a2ca

Bug 998057: Add test pinset to the pin generator (r=cviecco)

  --HG--
  rename : security/manager/ssl/tests/unit/tlsserver/default-ee.der => security/manager/boot/src/default-ee.der

Bug 998057: Add tests for certificate pinning (r=cviecco,dkeeler)

Bug 1002696 - Minimum set of changes to make genHPKPStaticPins.js productionizable. r=cviecco, dkeeler

  --HG--
  rename : security/manager/boot/src/PreloadedHPKPins.json => security/manager/tools/PreloadedHPKPins.json
  rename : security/manager/boot/src/genHPKPStaticPins.js => security/manager/tools/genHPKPStaticPins.js

Bug 951315 - Add telemetry to PK pinning. r=dkeeler

Bug 1006107 - Disable pining by default, setup pinning for *.addons.mozilla.org. r=dkeeler

  Tor project: only patching two files:
  security/manager/ssl/src/nsNSSComponent.cpp
  netwerk/base/public/security-prefs.js

  --HG--
  extra : rebase_source : 93b1dbd5dc31490424060729a3941deffa8ee1d5

Bug 772756: Implement sha1 support, import Chrome's pinsets wholesale, add test mode (r=cviecco,keeler)

  Tor project, we only patch:
  security/manager/ssl/tests/unit/test_pinning.js
  security/manager/ssl/tests/unit/tlsserver/cmd/BadCertServer.cpp
  security/manager/ssl/tests/unit/tlsserver/default-ee.der
  security/manager/ssl/tests/unit/tlsserver/generate_certs.sh
  security/manager/ssl/tests/unit/tlsserver/other-test-ca.der
  security/manager/ssl/tests/unit/tlsserver/test-ca.der

Bug 1009720: Telemetry for CERT_PINNING_TEST_RESULTS (r=keeler)

Bug 1007844: Implement per-host telemetry for pin violations for AMO and aus4 (r=keeler)

  Only patching toolkit/components/telemetry/Histograms.json

Bug 1011269: Add CertVerifier::pinningEnforceTestMode (r=keeler)

  Tor project, only commit:
  security/certverifier/CertVerifier.cpp
  security/certverifier/CertVerifier.h
  security/manager/ssl/src/nsNSSComponent.cpp

Bug 1012882: Restrict pinning to desktop (r=keeler)

Bug 1066190 (see: Tor Bug #13684)

Tor Bug #11955: Backport certificate pinning

  Bring the following files up to date:

  security/manager/boot/src/PublicKeyPinningService.cpp
  security/manager/boot/src/PublicKeyPinningService.h
  security/manager/boot/src/StaticHPKPins.h
  security/manager/ssl/tests/unit/test_pinning.js
  security/manager/tools/PreloadedHPKPins.json
  security/manager/tools/genHPKPStaticPins.js
  security/pkix/include/pkix/Time.h
  security/pkix/lib/pkixtime.cpp

When updating via the background / timer-based check, the updater reported to
the user that some extensions were incompatible (not true).  The fix is to
check extension compatibility against the platformVersion in a few more places
(instead of against the appVersion, which is something like "4.0-alpha-3").

It turned out Web Workers ignored general.*.override values which
got fixed by Mozilla with
https://hg.mozilla.org/mozilla-central/rev/b0b831a03d9ch
https://hg.mozilla.org/mozilla-central/rev/eeb169601087 (bug 1062920
and 1060621).

This is an ESR 31 specific backport which was at least partly
necessary due to the big worker related patchset (bug 949325) which
landed in Firefox 32.

This patch prevents non-Chrome callers from using getComputedStyle() to
retrieve values for the -moz-osx-font-smoothing CSS property.  That property
can be used to detect whether the preference
layout.css.osx-font-smoothing.enabled is true of false (by default, it is
true on Mac OS and false elsewhere).