- Aug 18, 2016
-
-
Kathleen Brade authored
Remove the status bar panel (the status bar was removed in Firefox 4). Remove unused Firefox version check variables.
-
- Aug 17, 2016
-
-
Kathleen Brade authored
Remove some unused functions and commented out code. Remove toggle support from torbutton_set_timezone(). Rename torbutton_close_on_toggle() to torbutton_close_tabs_on_new_identity() and remove toggle support.
-
Kathleen Brade authored
Remove a lot of toggle logic, including extensions.torbutton.tor_enabled and related preferences. Remove the dual cookie jar support since Tor can no longer be turned off. Change the behavior of the "Restore Defaults" button in the Privacy and Security Settings window to no longer reset the browser's proxy preferences. Our general philosophy is that if Torbutton does not provide a GUI for changing a preference, Torbutton should not modify the preference. The exceptions are that Torbutton still supports the TOR_SOCKS_PORT and TOR_TRANSPROXY environment variables. Remove the outdated "Disable Torbutton to change these settings" message from the Firefox proxy settings dialog. Remove torbutton_check_socks_remote_dns() since SOCKS remote DNS is supported by all modern versions of Firefox. Remove torbutton_has_good_socks() since it was testing for Firefox 5 or newer.
-
- Aug 15, 2016
-
-
Kathleen Brade authored
Remove the remains of the Torbutton settings panel (which was hidden by the fix for bug 14630).
-
- Jul 29, 2016
-
-
Mike Perry authored
CHANGELOG update, version bump
-
- Jul 28, 2016
-
-
Mike Perry authored
-
- Jul 17, 2016
-
-
Georg Koppen authored
Remove remaining things needed for fixing #9901.
-
Display the external app confirmation dialog in response to the new "external-app-requested" observer service notification. Remove messy overrides of Mozilla components and console log filtering. Remove obsolete "on-modify-drag-list" observer and pre-Firefox 4.0 module registration code from the External App Handler component.
-
Georg Koppen authored
We are exempting `javascript.options.asmjs` from the Security Slider for now and set it to `false` by default (which is done by a separate Tor Browser patch). This is a stopgap until at least the linkability concerns in #19417 are addressed.
-
When displaying the "Are you sure you want to enable plugins?" prompt, always use the top-most browser window as the parent window. This avoids problems caused by using the Privacy and Security Settings dialog, which is closing, as the parent.
-
- Jul 16, 2016
-
-
Yawning Angel authored
The browser's behavior is different depending on if a given internal resource is available or not, regardless of the fact that the actual body will not load due to the various safeguards and checks. This normalizes the behavior by denying all redirects destined for URLs with proscribed browser internal schemes (`resource`, `about`, `chrome`).
-
- Jun 17, 2016
-
-
Georg Koppen authored
This patch clears the asmjscache (and the IndexedDB storage) on New Identity and during start-up. The latter is a suboptimal workaround we deploy until the asmjscache is Private Browsing Mode aware. InedxedDB storage is not so urgent as IndexedDB is not working in Private Browsing Mode anyway.
-
chrome://`Yawning Angel authored
Most addons do not set `contentaccessible=yes`, however behavior should be consistent even if such addons are installed. This does not affect any of the standard addons shipped with Tor Browser, but will break user installed addons that depend on actually being able to access `chrome://` URLs in this manner.
-
resource://`Yawning Angel authored
Based on ResourceFilter: A direct workaround for https://bugzil.la/863246 https://notabug.org/desktopd/no-resource-uri-leak/src/master/src/resource-filter/content-policy.js
-
- Jun 10, 2016
-
-
Additionally clear out the domain isolator state on `New Identity`. In theory this removes the need to explicitly issue a `NEWNYM` as new circuits will be used for all subsequent requests, including those made via the catch-all circuit.
-
When creating a domain isolation nonce, 128 bits of entropy is drawn from a cryptographic source and saved on a per-domain basis. The new circuit behavior is changed to regenerate the nonce, instead of incrementing a counter. This allows the "right thing" to happen when the same tor instance is used across multiple Tor Browser sessions, for example when using a system wide tor, or a magic anonymity box.
-
- Jun 04, 2016
-
-
Georg Koppen authored
CHANGELOG update, version bump
-
- May 31, 2016
-
-
Kathleen Brade authored
Remove default preferences that are not used.
-
Kathleen Brade authored
Remove unused property strings.
-
Kathleen Brade authored
Remove unused entities. Remove unused "about.xul" and associated entities.
-
- May 24, 2016
-
-
Georg Koppen authored
Thanks to cpwc for the patch.
-
- May 16, 2016
-
-
- May 09, 2016
-
-
- May 04, 2016
-
-
- Apr 22, 2016
-
-
Georg Koppen authored
Version bumps, changelog update
-
Georg Koppen authored
-
- Apr 07, 2016
-
-
Georg Koppen authored
Our usage of |let| does not work anymore since changes in Firefox 44 landed. See: https://bugzilla.mozilla.org/show_bug.cgi?id=589199.
-
-
-
- Mar 19, 2016
-
-
Add profileMigrationFailed string that is used by Tor Browser.
-
- Mar 16, 2016
-
-
Georg Koppen authored
-
Georg Koppen authored
-
Georg Koppen authored
We follow Mozilla's handling of the graphite library and apply it to all security slider levels.
-
- Mar 04, 2016
-
-
Georg Koppen authored
CHANGELOG update, translation update, version bump
-
Georg Koppen authored
-
Creates a hidden torbutton pref, which if set, allows Tor Browser to work with non-Tor proxies (by disabling our use of SOCKS u+p auth). Enabling this pref also enables NoScript ABE (to prevent proxied connections from hitting localhost/RFC1918) and executes New Identity.
-
- Mar 03, 2016
-
-
Georg Koppen authored
-
- Feb 19, 2016
-
-
Also, when logging, don't show a bunch of extra newlines. See https://trac.torproject.org/16990#comment:28
-
- Feb 01, 2016
-
-
Kathleen Brade authored
For the about:tor content window, use nsIDOMWindowUtils.screenPixelsPerCSSPixel instead of window.devicePixelRatio to compensate for a retina display and for content zoom (devicePixelRatio always returns 1.0 for content windows due to the fix for bug 13875).
-
- Jan 22, 2016
-
-
Georg Koppen authored
-