user/mikeperry/tor-browser, branch bug13375 Mike's Tor-Browser Repository fixup! Bug #4234: Use the Firefox Update Process for TBB. 2015-03-21T04:18:10+00:00 Mike Perry mikeperry-git@torproject.org 2015-03-18T00:07:22+00:00 1f5eaf1b7a165318bf77bf3435cd0052829a82b2 Bug 13375: Force full update for the start-tor-browser.desktop and launcher scripts. These files are likely to be commonly modified in the wild. 
Bug 13375: Force full update for the start-tor-browser.desktop and launcher
scripts. These files are likely to be commonly modified in the wild.
fixup! TB4: Tor Browser's Firefox preference overrides. 2015-03-21T04:16:23+00:00 Mike Perry mikeperry-git@torproject.org 2015-03-18T02:10:23+00:00 709dd9e8d74ac13a6a0e436c5d947b0564e3793d Bug 15029: Don't prompt to install missing plugins. 
Bug 15029: Don't prompt to install missing plugins.
fixup! Bug 12827: Create preference to disable SVG. 2015-03-21T02:40:18+00:00 Mike Perry mikeperry-git@torproject.org 2015-03-21T02:40:18+00:00 4029568bb2283ce1203d0cdff0e857f7da8bce42 Call the pref svg.in-content.enabled. 
Call the pref svg.in-content.enabled.
Merge branch 'bug12827-01' into tor-browser-31.5.0esr-4.5-1 2015-03-21T02:37:27+00:00 Mike Perry mikeperry-git@torproject.org 2015-03-21T02:37:27+00:00 2dbf9589bff621cd9fc88dafa26b20ccdbddf935 






Bug 15201: Windows: disable "runas" code path in updater.
2015-03-20T19:40:23+00:00

Kathy Brade
brade@pearlcrescent.com

2015-03-20T19:40:23+00:00

4a145590d0e636e3acdd1f00037429771e64e3b8

Instead of using "runas" to try to elevate privileges, the updater
now fails if the user does not have permission to apply an update.
This avoids potential security issues such as CVE-2015-0833.





Instead of using "runas" to try to elevate privileges, the updater
now fails if the user does not have permission to apply an update.
This avoids potential security issues such as CVE-2015-0833.







Bug 12827: Create preference to disable SVG.
2015-03-18T19:51:24+00:00

Kathy Brade
brade@pearlcrescent.com

2015-03-18T19:21:30+00:00

7dd093abb5c68728b5ba6c940cca224345d89f3e

If the svg.inContent.enabled preference is false, disallow all use of
SVG within content pages.

In the following situations it is very difficult to determine if code
is executing within a chrome context or not:
  SVG hasFeature() API.
  SVG hasExtension() API.
  Use of SVG glyphs within custom OpenType fonts.
In these cases, everything is assumed to be content; that is, setting
the pref. to false will block use of the above features from chrome
as well. This is OK because these features are unlikely to be used by
core browser code.





If the svg.inContent.enabled preference is false, disallow all use of
SVG within content pages.

In the following situations it is very difficult to determine if code
is executing within a chrome context or not:
  SVG hasFeature() API.
  SVG hasExtension() API.
  Use of SVG glyphs within custom OpenType fonts.
In these cases, everything is assumed to be content; that is, setting
the pref. to false will block use of the above features from chrome
as well. This is OK because these features are unlikely to be used by
core browser code.







Bug 14631: Improve profile access error msgs (strings).
2015-02-27T15:38:40+00:00

Kathy Brade
brade@pearlcrescent.com

2015-02-27T15:38:40+00:00

ce2343957e7617ffa47c5b2b8b2a3128916ac92e

To allow for localization, get profile-related error strings from Torbutton.
Use app display name ("Tor Browser") in profile-related error alerts.





To allow for localization, get profile-related error strings from Torbutton.
Use app display name ("Tor Browser") in profile-related error alerts.







Bug 14631: Improve profile access error messages.
2015-02-24T18:50:23+00:00

Kathy Brade
brade@pearlcrescent.com

2015-02-24T18:50:23+00:00

bebc69b8e8e919abec272f9cff6ab13fb9ea51f7

Instead of always reporting that the profile is locked, display specific
messages for "access denied" and "read-only file system".





Instead of always reporting that the profile is locked, display specific
messages for "access denied" and "read-only file system".







Bug 10895: Fix versioning for langpacks.
2015-02-18T23:18:20+00:00

Mike Perry
mikeperry-git@torproject.org

2015-01-09T21:20:41+00:00

ab596a0b49d8b16dcfb4e068a9f690d1ae87a109












Bug 13900: Remove 3rd party HTTP auth tokens.
2015-02-18T23:14:36+00:00

Kathy Brade
brade@pearlcrescent.com

2015-02-04T15:38:44+00:00

3f4ca27310bed8722c409decdc0cfab0f0093a88

Prevent user tracking via HTTP Basic Authentication by
removing Authorization headers from third party requests.

This is a port of a piece of the Stanford SafeCache code that
previously was included in Torbutton.





Prevent user tracking via HTTP Basic Authentication by
removing Authorization headers from third party requests.

This is a port of a piece of the Stanford SafeCache code that
previously was included in Torbutton.