search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug #10640: Fix about:tor's pointer position for RTL languages.
[torbutton.git] / website / design / FF40_AUDIT
blob7830eb34470b55a429c1867897c83847cff3e032
1 - Review of https://developer.mozilla.org/en/Firefox_4_for_developers
2   - Potential proxy issues
3     - DocShell and plugins inside createHTMLDocument?
4       - https://developer.mozilla.org/en/DOM/DOMImplementation.createHTMLDocument
5     - WebSockets?
6     - Media attributes?
7       - "buffered"
8       - "preload"
9       - new codecs?
10     - What the hell is a blob url?
11       - https://developer.mozilla.org/en/DOM/window.createBlobURL
12       - https://developer.mozilla.org/en/DOM/window.revokeBlobURL
13       - Seems only relevent to FS injection..
14     - WebThreads are OK:
15       - https://developer.mozilla.org/En/Using_web_workers
16       - Network activity blocked by content policy
17   - Fingerprinting issues:
18     - New screen attributes
19       - https://developer.mozilla.org/en/DOM/window.mozInnerScreenX, Y
20     - High Res Animation Timers:
21       - https://developer.mozilla.org/en/DOM/window.mozAnimationStartTime
22       - https://developer.mozilla.org/en/DOM/Animations_using_MozBeforePaint
23         - 50-60hz max.. Can we leverage this?
24     - timeStamps on keystroke events
25       - https://developer.mozilla.org/en/DOM/event.timeStamp
26     - Bounding rectangles -> window sizes?
27       - Maybe not display sizes, but seems possible to fingerprint rendered
28         content size.. ugh.
29         - https://developer.mozilla.org/en/DOM/element.getBoundingClientRect
30         - https://developer.mozilla.org/en/dom:range
31     - CSS resize, media queries, etc..
32     - WebGL may also expose screen properties and video card properties:
33       - https://developer.mozilla.org/en/WebGL
34       - https://www.khronos.org/registry/webgl/specs/1.0/#5.2
35       - https://www.khronos.org/registry/webgl/specs/1.0/#5.11
36     - SVG needs auditing. It may also expose absolute coords, but appears OK
37       - https://developer.mozilla.org/en/SVG/SVG_animation_with_SMIL
38     - Mouse events reveal desktop coordinates
39       - https://bugzilla.mozilla.org/show_bug.cgi?id=503943
40       - https://developer.mozilla.org/en/DOM/Event/UIEvent/MouseEvent
41       - Actual screen dimensions not exposed
42   - Identifier Storage
43     - Content Secuity Properties may need clearing:
44       - https://developer.mozilla.org/en/Security/CSP
45     - STS cache needs clearing
46     - New window.history functions may allow state smuggling
47       - https://developer.mozilla.org/en/DOM/Manipulating_the_browser_history
48
49 - New Javascript hooking options may help improve Date() hooks:
50   - https://developer.mozilla.org/en/JavaScript/New_in_JavaScript/1.8.5