Hello,

I tagged sandboxed-tor-browser 0.0.12 just now.

Changes in version 0.0.12 - 2017-08-01:

* Bug 22969: Disable the addon blocklist. * Bug 22984: Force IDNs to be displayed as punycode to thwart homograph attacks. * Bug 22967: Force disable crashdump reporting. * Bug 23058: Apply the SelfRando workaround to 7.5a3 as well. * Default disable `dom.securecontext.whitelist_onions`.

Rationale for the potentially controversial changes are as follows:

* Disabling the addon blocklist is done to thwart Mozilla from attempting to disable extensions critical to Tor Browser functionality.

While this would have a net negative impact on user security if non-standard addons had security problems that required emergency disabling, the sandbox was changed to exclude non-standard addons when creating the container as of 0.0.11.

Enabling non-standard addons in the sandbox would require altering the source code and rebuilding. Anyone who does that is on their own.

* Forcing IDNs to be displayed as punycode is the mitigation for #21961. Mozilla isn't fixing this, the Tor Browser developers are apparently busy, so the sandbox will do it.

* Force disabling crashdump reporting is a pre-emptive opt out from the GSOC crash reporting project. I do not have time to examine how crash dumps are sanitized, and until I do, I will treat them as a massive anonymity hazzard.

Till crashdumps are enabled (hopefully as an opt-in with lots of warning labels), this will have no effect.

* Default disabling `dom.securecontext.whitelist_onions` means that unless the user manually flips the pref, the `.onion` TLD will retain the existing 7.0.x behavior.

As I've said before, I'm firmly against any changes that blur the line between Onion Services and TLS with a CA signed cert. People are free to disagree, but I'm unlikely to change my mind.

Till the pref is actually implemented, this will have no effect.

Regards,