torbutton/en/design/FF40_AUDIT (1155d29bc) - tor-webwml.git

FF40_AUDIT

- Major compatibility issues:
  http://blog.mozilla.com/addons/2010/11/11/making-add-on-compatible-firefox-4/
  https://developer.mozilla.org/en/Extensions/Updating_extensions_for_Firefox_4
  https://developer.mozilla.org/en/XPCOM/XPCOM_changes_in_Gecko_2.0

- Key high level concerns:
  - WebThreads
    - https://developer.mozilla.org/En/Using_web_workers
    - Network activity blocked by content policy
  - What the hell is a blob url?
    - https://developer.mozilla.org/en/DOM/window.createBlobURL
    - https://developer.mozilla.org/en/DOM/window.revokeBlobURL
    - Seems only relevent to FS injection..
  - WebSockets
  - New window.history functions may allow state smuggling
    - https://developer.mozilla.org/en/DOM/Manipulating_the_browser_history
  - New screen attributes
    - https://developer.mozilla.org/en/DOM/window.mozInnerScreenX, Y
  - Bounding rectangles -> window sizes?
    - https://bugzilla.mozilla.org/show_bug.cgi?id=396392
  - Mouse events reveal desktop coordinates?
    - https://bugzilla.mozilla.org/show_bug.cgi?id=503943
    - https://developer.mozilla.org/en/DOM/Event/UIEvent/MouseEvent
  - DocShell and plugins inside createHTMLDocument?
    - https://developer.mozilla.org/en/DOM/DOMImplementation.createHTMLDocument
  - Media attributes
    - "buffered"
    - "preload"
    - new codecs?

- New fingerprinting threats:
  - Lots of things are now available to CSS :(

tor-webwml.git

Update FF bugs in design doc and add FF4.0 notes.