summaryrefslogtreecommitdiffstats
path: root/security
Commit message (Collapse)AuthorAgeLines
* Merge pull request #461 from trav90/HSTSMoonchild2018-06-07-64341/+42935
|\ | | | | Improve HSTS preload list generation
| * Regenerate the HSTS preload listtrav902018-06-07-64270/+42907
| |
| * Restore clearly-delimited format for the HSTS preload listtrav902018-06-06-65/+23
| |
| * Increase concurrent lookups to 15 when generating HSTS preload listtrav902018-06-05-1/+1
| |
| * Update HSTS preload list generation scripttrav902018-06-05-5/+4
| | | | | | | | | | | | | | | | Previous behavior: if an entry was in the previously-used list, and there would be an error connecting to or processing the host, it would adopt it using the previous status, with a new minimum required max age TTL. New behavior: if an entry is in the previously-used list, and there is an error connecting to or processing the host, it will be dropped from the preload list. The old behavior would allow entries to persist on the HSTS preload list when they drop off the 'net. Considering domain churn, it would cause issues for new owners for having a persisted HSTS entry preloaded in the browser. Bonus: it keeps our HSTS preload list lean.
* | Request NSS to use DBM as the storage file formatJustOff2018-06-06-5/+17
| |
* | Revert "Restore NSS default storage file format to DBM when no prefix is given."wolfbeast2018-06-06-98/+4
| | | | | | | | This reverts commit b2c78bbf83f75bf034028814329fdd43b6bfe885.
* | Restore NSS default storage file format to DBM when no prefix is given.NSS_3.35_TESTwolfbeast2018-06-05-4/+98
| |
* | Update NSS to 3.35-RTMwolfbeast2018-06-05-15971/+34294
|/
* Remove support and tests for HSTS priming from the tree. Fixes #384Gaming4JC2018-05-26-17/+0
|
* Remove MOZ_WIDGET_GONK [1/2]wolfbeast2018-05-12-6/+0
| | | | Tag #288
* Nuke the sandboxwolfbeast2018-05-03-87958/+0
|
* Remove sandbox ductwork conditional code.wolfbeast2018-05-03-6/+0
|
* Remove GMP sandbox code.wolfbeast2018-05-02-206/+0
|
* Remove content process sandbox code.wolfbeast2018-05-02-823/+0
|
* Fix unsafe "instanceof" negationsjanekptacijarabaci2018-05-02-3/+0
| | | | https://github.com/MoonchildProductions/Pale-Moon/pull/1173
* Partially revert 1ef526f0f - sftkpwd.cMatt A. Tobin2018-04-26-2/+2
| | | | #82 #265
* Revert "Update NSS to 3.35-RTM"wolfbeast2018-04-25-34294/+15971
| | | | This reverts commit f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.
* moebius#119: (Windows) Security - Certificate Stores - NSSCertDBTrustDomain ↵janekptacijarabaci2018-04-23-6/+31
| | | | | | allows end-entities to be their own trust anchors https://github.com/MoonchildProductions/moebius/pull/119
* Strengthen the use of the Master Password.wolfbeast2018-04-18-2/+2
| | | | | | | | - Use 30k iterations instead of 1. - Enforce minimum password length of 8 characters. - Adjust strength meter accordingly. This resolves #82.
* moebius#126: [very minor fix] Fix typo in a comment in NSSCertDBTrustDomain.cppjanekptacijarabaci2018-04-13-2/+2
| | | | https://github.com/MoonchildProductions/moebius/pull/126
* Remove base conditional code for crash reporter and injector.wolfbeast2018-03-30-6/+0
|
* Disable -Wimplicit-fallthrough for a chromium filetrav902018-03-04-2/+2
| | | | GCC 7 supports the clang option -Wimplicit-fallthrough.
* Fix build system translation errors.wolfbeast2018-03-04-1/+1
| | | | Follow-up to 11a8a39f6d2e057d51559c52c1bf0ba74bbfe189
* Merge pull request #34 from janekptacijarabaci/devtools_import-from-moebius_1Moonchild2018-03-02-1/+147
|\ | | | | Port across devtools enhancements
| * DevTools - network - security (improvements)janekptacijarabaci2018-03-01-1/+147
| | | | | | | | | | | | https://github.com/MoonchildProductions/moebius/pull/113 https://github.com/MoonchildProductions/moebius/pull/118 https://github.com/MoonchildProductions/moebius/pull/127
* | Use MOZ_FENNEC and MOZ_XULRUNNER instead of checking MOZ_BUILD_APP in most ↵Matt A. Tobin2018-03-01-1/+1
|/ | | | places
* Update NSS to 3.35-RTMwolfbeast2018-02-23-15971/+34294
|
* Update NSS to 3.32.1-RTMwolfbeast2018-02-06-16821/+83185
|
* Disable 3DES cipher by default + re-order a few things.wolfbeast2018-02-02-6/+9
| | | | Issue #4 point 4
* Add RSA-AES + SHA256/384 suites for web compatibility.wolfbeast2018-02-02-0/+8
| | | | | | Sites with these ciphers (commonly IIS) would otherwise fall back to weak 3DES that will be disabled by default. Issue #4 points 2 and 3
* Add Camellia to the active cipher suites.wolfbeast2018-02-02-0/+8
| | | | | | | Issue #4 point 1. Camellia is a strong, modern, safe cipher with no known weaknesses or reduced strength attacks. The cipher has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project.
* Use UTC where appropriate in python filesMatt A. Tobin2018-02-02-1/+1
|
* Remove kinto client, Firefox kinto storage adapter, blocklist update client ↵Matt A. Tobin2018-02-02-22/+3
| | | | and integration with sync, OneCRL and the custom time check for derives system time.
* Add m-esr52 at 52.6.0Matt A. Tobin2018-02-02-0/+1330400