user/richard/tor-browser, branch bug_32645_v2

fixup! Bug 23247: Communicating security expectations for .onion

2020-02-18T22:15:36+00:00

Revert "Bug 1603270 - Add telemetry for FirefoxPromoBannerRow user actions. r=VladBaicu, a=RyanVM"

2020-02-11T20:41:06+00:00

This reverts commit 334f572f8b2113c464bd65e1282b7085a1dfb5eb.

Revert "Bug 31764: Fix for error when navigating via 'Paste and go'"

2020-02-11T02:30:11+00:00

This reverts commit 59d89229b68f8fbaa46e910a9bd03a6b26e8403e.

With #32470 we backported Mozilla's fix for this issue.

Bug 1590538 - Don't pass an empty object to urlbar-user-start-navigation because it doesn't handle it properly. r=Standard8

2020-02-11T02:30:11+00:00

Differential Revision: https://phabricator.services.mozilla.com/D50634

--HG--
extra : moz-landing-system : lando

Bug 32414: Make Services.search.addEngine obey FPI

2020-02-11T02:30:11+00:00

Bug 461204 - Improve the random number generator for the boundaries in multipart/form-data r=smaug

2020-02-11T02:30:10+00:00

Using a weak RNG for the form boundary allows a website operator to perform several
attacks on users (as outlined in https://trac.torproject.org/projects/tor/ticket/22919)

These include:
 - Identifying Windows users based on the unseeded RNG
 - Identify the number of form submissions that have occurred cross-origin between same-origin submissions

Additionally, a predictable boundary makes it possible to forge a boundary in the middle
of a file upload.

Differential Revision: https://phabricator.services.mozilla.com/D56056

--HG--
extra : moz-landing-system : lando

Bug 30237: Add v3 onion services client authentication prompt

2020-02-11T02:30:10+00:00

When Tor informs the browser that client authentication is needed,
temporarily load about:blank instead of about:neterror and prompt
for the user's key.

If a correctly formatted key is entered, use Tor's ONION_CLIENT_AUTH_ADD
control port command to add the key (via Torbutton's control port
module) and reload the page.

If the user cancels the prompt, display the standard about:neterror
"Unable to connect" page. This requires a small change to
browser/actors/NetErrorChild.jsm to account for the fact that the
docShell no longer has the failedChannel information. The failedChannel
is used to extract TLS-related error info, which is not applicable
in the case of a canceled .onion authentication prompt.

Add a leaveOpen option to PopupNotifications.show so we can display
error messages within the popup notification doorhanger without
closing the prompt.

Add support for onion services strings to the TorStrings module.

Add support for Tor extended SOCKS errors (Tor proposal 304) to the
socket transport and SOCKS layers. Improved display of all of these
errors will be implemented as part of bug 30025.

Bug 1590526 - Temporarily allow node adoption across different docGroups for the content/content case r=smaug,zombie a=pascalc

2020-02-11T02:30:10+00:00

As web extensions rely on this node adoption between content to content
documents, we want to continue allowing this capability to work for now.

Differential Revision: https://phabricator.services.mozilla.com/D50348

--HG--
extra : source : 78c33df33145bd63cd303264734d0b7d85151908
extra : histedit_source : 280627c1dba1ad7b8d82f5a315b5c2170bf3167b

Bug 1467970 - Unsupport cross docGroup adoption r=smaug

2020-02-11T02:30:09+00:00

Differential Revision: https://phabricator.services.mozilla.com/D43135

--HG--
extra : moz-landing-system : lando

Bug #32405: Crash immediately after bootstrap on Android

2020-02-11T02:30:08+00:00