user/richard/tor-browser, branch bug_32645_v1 Richard's tor-browser repository fixup! Bug 23247: Communicating security expectations for .onion 2020-01-31T13:02:09+00:00 Richard Pospesel richard@torproject.org 2020-01-31T12:53:26+00:00 637dd99341f99dcd21b0de7b3324653cb5af0063 






Revert "Bug 31764: Fix for error when navigating via 'Paste and go'"
2020-01-30T10:57:52+00:00

Nicolas Vigier
boklm@torproject.org

2020-01-30T10:57:52+00:00

45677fd3bc4fd9b69216bb25efadcbac3026672f

This reverts commit 59d89229b68f8fbaa46e910a9bd03a6b26e8403e.

With #32470 we backported Mozilla's fix for this issue.





This reverts commit 59d89229b68f8fbaa46e910a9bd03a6b26e8403e.

With #32470 we backported Mozilla's fix for this issue.







Bug 1590538 - Don't pass an empty object to urlbar-user-start-navigation because it doesn't handle it properly. r=Standard8
2020-01-30T10:56:04+00:00

Marco Bonardo
mbonardo@mozilla.com

2019-10-30T14:25:02+00:00

d361b0b2c8e51cec5088233006be152c340b6553

Differential Revision: https://phabricator.services.mozilla.com/D50634

--HG--
extra : moz-landing-system : lando





Differential Revision: https://phabricator.services.mozilla.com/D50634

--HG--
extra : moz-landing-system : lando







fixup! TB4: Tor Browser's Firefox preference overrides.
2020-01-28T23:34:48+00:00

Nicolas Vigier
boklm@torproject.org

2020-01-15T12:16:44+00:00

e8411693ccfa757557eecd97baaa8bb12a5c87dc

Bug 32948: Make referer behavior consistent regardless of private
           browing mode status





Bug 32948: Make referer behavior consistent regardless of private
           browing mode status







fixup! Regression tests for TB4: Tor Browser's Firefox preference overrides.
2020-01-28T18:22:40+00:00

Georg Koppen
gk@torproject.org

2020-01-08T15:30:20+00:00

77970cdee3ba6c294a7acfe9d9b5a2ae9511e579












fixup! TB4: Tor Browser's Firefox preference overrides.
2020-01-28T18:22:01+00:00

Georg Koppen
gk@torproject.org

2020-01-09T10:13:29+00:00

da7e8b35800a41249b5c2a847c4f931c4bf6582a

Remaining clean-up done in #27268.





Remaining clean-up done in #27268.







Bug 32414: Make Services.search.addEngine obey FPI
2020-01-28T17:19:14+00:00

Alex Catarineu
acat@torproject.org

2020-01-10T16:54:18+00:00

2197dad64e5c3752b1daeab0c676fda07880144c












Bug 461204 - Improve the random number generator for the boundaries in multipart/form-data r=smaug
2020-01-21T10:08:58+00:00

Alex Catarineu
acat@torproject.org

2020-01-13T20:41:14+00:00

3b2165b8be4f7fd7889c17cbb39a4348f7666bc8

Using a weak RNG for the form boundary allows a website operator to perform several
attacks on users (as outlined in https://trac.torproject.org/projects/tor/ticket/22919)

These include:
 - Identifying Windows users based on the unseeded RNG
 - Identify the number of form submissions that have occurred cross-origin between same-origin submissions

Additionally, a predictable boundary makes it possible to forge a boundary in the middle
of a file upload.

Differential Revision: https://phabricator.services.mozilla.com/D56056

--HG--
extra : moz-landing-system : lando





Using a weak RNG for the form boundary allows a website operator to perform several
attacks on users (as outlined in https://trac.torproject.org/projects/tor/ticket/22919)

These include:
 - Identifying Windows users based on the unseeded RNG
 - Identify the number of form submissions that have occurred cross-origin between same-origin submissions

Additionally, a predictable boundary makes it possible to forge a boundary in the middle
of a file upload.

Differential Revision: https://phabricator.services.mozilla.com/D56056

--HG--
extra : moz-landing-system : lando







fixup! Pick up latest Torbutton code
2020-01-08T19:15:39+00:00

Matthew Finkel
Matthew.Finkel@gmail.com

2020-01-04T22:05:57+00:00

78e8d897cd2ec1513f47d7443229b8a45f4a723a












Bug 1590526 - Temporarily allow node adoption across different docGroups for the content/content case r=smaug,zombie a=pascalc
2020-01-08T19:15:39+00:00

Sean Feng
sefeng@mozilla.com

2019-10-24T20:56:43+00:00

06b02a14aed59a13bd1634bf4b8171338236c181

As web extensions rely on this node adoption between content to content
documents, we want to continue allowing this capability to work for now.

Differential Revision: https://phabricator.services.mozilla.com/D50348

--HG--
extra : source : 78c33df33145bd63cd303264734d0b7d85151908
extra : histedit_source : 280627c1dba1ad7b8d82f5a315b5c2170bf3167b





As web extensions rely on this node adoption between content to content
documents, we want to continue allowing this capability to work for now.

Differential Revision: https://phabricator.services.mozilla.com/D50348

--HG--
extra : source : 78c33df33145bd63cd303264734d0b7d85151908
extra : histedit_source : 280627c1dba1ad7b8d82f5a315b5c2170bf3167b