ToDo: diffs FF92-FF93

[earthlng]

FF93 is scheduled for release Oct. 5th

FF93 release notes [when ready] FF93 for developers FF93 security advisories

---

97 diffs ( 52 new, 30 gone, 15 different )

new in v93.0:

• 0807 pref("browser.urlbar.suggest.quicksuggest.sponsored", false);

removed, renamed or hidden in v93.0:

• [x] 7003 pref("security.ssl3.rsa_des_ede3_sha", true); 1724072 - https://github.com/arkenfox/user.js/commit/85438d00e457bff692303af519da618c6372476b

changed in v93.0:

• 0807 pref("browser.urlbar.suggest.quicksuggest", false); // prev: true

---

ignore

click me for details

==NEW ```js pref("browser.newtabpage.activity-stream.asrouter.disable-captive-portal-vpn-promo", false); pref("browser.places.interactions.scrolling_timeout_ms", 5000); pref("browser.tabs.remote.subframesPreferUsed", true); pref("browser.tabs.remote.systemTriggeredAboutBlankAnywhere", false); pref("browser.urlbar.merino.enabled", false); pref("browser.urlbar.merino.endpointURL", "https://merino.services.mozilla.com/api/v1/suggest"); pref("browser.urlbar.quicksuggest.remoteSettings.enabled", true); pref("browser.urlbar.quicksuggest.scenario", "history"); pref("dom.events.coalesce.mousemove", true); pref("dom.keyboardevent.init_key_event.enabled", false); pref("dom.keyboardevent.init_key_event.enabled_in_addons", true); pref("dom.quotaManager.checkQuotaInfoLoadTime", true); pref("dom.quotaManager.longQuotaInfoLoadTimeThresholdMs", 21000); pref("dom.quotaManager.unaccessedForLongTimeThresholdSec", 33696000); pref("dom.security.https_only_check_path_upgrade_downgrade_endless_loop", true); pref("dom.serviceWorkers.mitigations.group_usage_headroom_kb", 409600); pref("dom.webcomponents.elementInternals.enabled", true); pref("dom.weblocks.enabled", false); pref("gfx.webrender.debug.blob.paint-flashing", false); pref("gfx.webrender.debug.dl.dump-content", false); pref("gfx.webrender.debug.dl.dump-content-serialized", false); pref("gfx.webrender.debug.dl.dump-parent", false); pref("gfx.webrender.debug.enable-capture", false); pref("gfx.webrender.debug.highlight-painted-layers", false); pref("javascript.options.experimental.class_static_blocks", true); pref("javascript.options.mem.gc_malloc_threshold_base_mb", 38); pref("javascript.options.mem.gc_urgent_threshold_mb", 16); pref("javascript.options.use_fdlibm_for_sin_cos_tan", false); pref("layout.css.bucket-attribute-names.enabled", true); pref("layout.css.cascade-layers.enabled", false); pref("layout.css.color-mix.color-spaces.enabled", false); pref("layout.css.computed-style.new-invalid-pseudo-element-behavior", true); pref("layout.css.font-synthesis-small-caps.enabled", true); pref("layout.css.prefers-color-scheme.content-override", 2); pref("media.clearkey.test-key-systems.enabled", false); pref("media.eme.max-throughput-ms", 200); pref("network.auth.allow_multiple_challenges_same_line", true); pref("network.auth.use_new_parse_realm", true); pref("network.http.http3.max_data", 25165824); pref("network.http.http3.max_stream_data", 12582912); pref("network.http.referer.disallowCrossSiteRelaxingDefault.pbmode", true); pref("pdfjs.annotationMode", 2); pref("privacy.antitracking.cacheStorageAllowedForWindow", true); pref("privacy.antitracking.enableWebcompat", true); pref("security.crash_tracking.js_load_1.maxCrashes", 0); pref("security.crash_tracking.js_load_1.prevCrashes", 0); pref("security.disallow_privileged_data_subdocuments_loads", false); pref("security.disallow_privileged_https_subdocuments_loads", true); pref("security.ssl3.deprecated.rsa_des_ede3_sha", true); pref("webgl.auto-flush", true); pref("webgl.auto-flush.gl", false); ``` ==REMOVED or HIDDEN ```js pref("browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa", "{\"id\":\"cfr-fxa\",\"enabled\":true,\"type\":\"remote-settings\",\"bucket\":\"cfr-fxa\",\"updateCycleInMs\":3600000}"); pref("browser.newtabpage.activity-stream.filterAdult", true); pref("dom.event.coalesce_mouse_move", true); pref("gfx.basic_layer_manager.force_enabled", false); pref("gfx.use-glx-texture-from-pixmap", false); pref("gfx.webrender.blob.paint-flashing", false); pref("gfx.webrender.dl.dump-content", false); pref("gfx.webrender.dl.dump-content-serialized", false); pref("gfx.webrender.dl.dump-parent", false); pref("gfx.webrender.enable-capture", false); pref("gfx.webrender.fallback.basic", false); pref("gfx.webrender.force-legacy-layers", false); pref("gfx.webrender.highlight-painted-layers", false); pref("gfx.webrender.software.unaccelerated-widget.allow", true); pref("layers.enable-tiles-if-skia-pomtp", true); pref("layers.omtp.capture-limit", 26214400); pref("layers.omtp.dump-capture", false); pref("layers.omtp.enabled", false); pref("layers.omtp.paint-workers", -1); pref("layers.omtp.release-capture-on-main-thread", false); pref("layers.progressive-paint", false); pref("layout.css.bloom-filter-attribute-names.enabled", true); pref("layout.css.computed-style.throw-on-invalid-pseudo", false); pref("layout.css.DOMMatrix.enabled", true); pref("layout.css.DOMPoint.enabled", true); pref("layout.css.DOMQuad.enabled", true); pref("layout.css.is-and-where-better-error-recovery.enabled", true); pref("pdfjs.renderInteractiveForms", true); pref("privacy.storagePrincipal.enabledForTrackers", false); ``` ==CHANGED ```js pref("browser.contentblocking.features.strict", "tp,tpPrivate,cookieBehavior5,cookieBehaviorPBM5,cm,fp,stp,lvl2,rp"); // prev: "tp,tpPrivate,cookieBehavior5,cookieBehaviorPBM5,cm,fp,stp,lvl2" pref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiments", "{\"id\":\"messaging-experiments\",\"enabled\":true,\"type\":\"remote-experiments\",\"messageGroups\":[\"cfr\",\"whats-new-panel\",\"moments-page\",\"aboutwelcome\",\"infobar\",\"spotlight\"],\"updateCycleInMs\":3600000}"); // prev: "{\"id\":\"messaging-experiments\",\"enabled\":true,\"type\":\"remote-experiments\",\"messageGroups\":[\"cfr\",\"whats-new-panel\",\"moments-page\",\"cfr-fxa\",\"aboutwelcome\",\"infobar\"],\"updateCycleInMs\":3600000}" pref("browser.tabs.unloadOnLowMemory", true); // prev: false pref("browser.urlbar.quicksuggest.showOnboardingDialogAfterNRestarts", 0); // prev: 2 pref("devtools.target-switching.server.enabled", true); // prev: false pref("dom.block_download_insecure", true); // prev: false pref("dom.forms.datetime-local", true); // prev: false pref("dom.forms.datetime-local.widget", true); // prev: false pref("gfx.content.azure.backends", "skia"); // prev: "direct2d1.1,skia" pref("image.avif.compliance_strictness", 1); // prev: 0 pref("image.avif.enabled", true); // prev: false pref("pdfjs.enableXfa", true); // prev: false pref("security.sandbox.rdd.shadow-stack.enabled", true); // prev: false pref("security.sandbox.socket.shadow-stack.enabled", true); // prev: false ```

[earthlng]

some bugzilla tickets

* browser.contentblocking.features.strict Bug [1698843](https://bugzilla.mozilla.org/show_bug.cgi?id=1698843) - Part 3: Set content blocking category flag for cookieBehavior for the private mode. * browser.newtabpage.activity-stream.asrouter.disable-captive-portal-vpn-promo Bug [1730621](https://bugzilla.mozilla.org/show_bug.cgi?id=1730621) - avoid showing captive portal VPN promo in some cases, * browser.newtabpage.activity-stream.asrouter.providers.messaging-experiments Bug [1728420](https://bugzilla.mozilla.org/show_bug.cgi?id=1728420) - New messaging surface Spotlight Bug [1725131](https://bugzilla.mozilla.org/show_bug.cgi?id=1725131) - Remove messaging system code related to the Bookmark panel Bug [1709984](https://bugzilla.mozilla.org/show_bug.cgi?id=1709984) - Disable snippets by default. Bug [1685525](https://bugzilla.mozilla.org/show_bug.cgi?id=1685525) - Update or add a trigger capable of targeting newtab/homepage for messages * browser.places.interactions.scrolling_timeout_ms Bug [1717920](https://bugzilla.mozilla.org/show_bug.cgi?id=1717920) - Add scrolling metrics to history metadata * browser.tabs.remote.subframesPreferUsed Bug [1726865](https://bugzilla.mozilla.org/show_bug.cgi?id=1726865) - Prefer using existing content processes for subframes during process selection, * browser.tabs.remote.systemTriggeredAboutBlankAnywhere Bug [1725270](https://bugzilla.mozilla.org/show_bug.cgi?id=1725270) - Add testing pref to get old about:blank process selection behavior, * browser.tabs.unloadOnLowMemory Bug [1587762](https://bugzilla.mozilla.org/show_bug.cgi?id=1587762) - Enable browser.tabs.unloadOnLowMemory by default. * browser.urlbar.merino.enabled Bug [1727668](https://bugzilla.mozilla.org/show_bug.cgi?id=1727668) - Integrate Merino with Firefox Suggest/quick suggest. * browser.urlbar.merino.endpointURL Bug [1727668](https://bugzilla.mozilla.org/show_bug.cgi?id=1727668) - Integrate Merino with Firefox Suggest/quick suggest. * browser.urlbar.quicksuggest.remoteSettings.enabled Bug [1727668](https://bugzilla.mozilla.org/show_bug.cgi?id=1727668) - Integrate Merino with Firefox Suggest/quick suggest. * browser.urlbar.quicksuggest.scenario Bug [1729569](https://bugzilla.mozilla.org/show_bug.cgi?id=1729569) - Add a Nimbus variable for the Firefox Suggest scenario. * browser.urlbar.quicksuggest.showOnboardingDialogAfterNRestarts Bug [1727907](https://bugzilla.mozilla.org/show_bug.cgi?id=1727907) - Make Firefox Suggest an opt-in feature and update the onboarding dialog accordingly. Bug [1709088](https://bugzilla.mozilla.org/show_bug.cgi?id=1709088) - Allow QuickSuggest experiment to skip the opt-in modal * browser.urlbar.suggest.quicksuggest Bug [1728430](https://bugzilla.mozilla.org/show_bug.cgi?id=1728430) - Part 1: Add a separate pref for sponsored Firefox Suggest results. Bug [1727907](https://bugzilla.mozilla.org/show_bug.cgi?id=1727907) - Make Firefox Suggest an opt-in feature and update the onboarding dialog accordingly. Bug [1691776](https://bugzilla.mozilla.org/show_bug.cgi?id=1691776) - Implement a QuickSuggest Urlbar provider * browser.urlbar.suggest.quicksuggest.sponsored Bug [1728430](https://bugzilla.mozilla.org/show_bug.cgi?id=1728430) - Part 1: Add a separate pref for sponsored Firefox Suggest results. * devtools.target-switching.server.enabled Bug [1702715](https://bugzilla.mozilla.org/show_bug.cgi?id=1702715) - [devtools] Enable server side target switching. Bug [1644397](https://bugzilla.mozilla.org/show_bug.cgi?id=1644397) - [devtools] Create tab targets on process change via the Watcher Actor. * dom.block_download_insecure Bug [1685479](https://bugzilla.mozilla.org/show_bug.cgi?id=1685479) - Flip pref dom.block_download_insecure Bug [1723783](https://bugzilla.mozilla.org/show_bug.cgi?id=1723783): Enable Mixed Content Download Protection also in Early Beta * dom.events.coalesce.mousemove Bug [1688878](https://bugzilla.mozilla.org/show_bug.cgi?id=1688878) - Use StaticPrefs for dom.event.coalesce_mouse_move pref; * dom.forms.datetime-local Bug [1283388](https://bugzilla.mozilla.org/show_bug.cgi?id=1283388) - Implement datetime-local UI. * dom.forms.datetime-local.widget Bug [1283388](https://bugzilla.mozilla.org/show_bug.cgi?id=1283388) - Implement datetime-local UI. * dom.keyboardevent.init_key_event.enabled Bug [1727024](https://bugzilla.mozilla.org/show_bug.cgi?id=1727024) - Make `KeyboardEvent.initKeyEvent` is available in addons Bug [1717760](https://bugzilla.mozilla.org/show_bug.cgi?id=1717760) - Disable `KeyEvent.initKeyEvent` by default * dom.keyboardevent.init_key_event.enabled_in_addons Bug [1727024](https://bugzilla.mozilla.org/show_bug.cgi?id=1727024) - Make `KeyboardEvent.initKeyEvent` is available in addons * dom.quotaManager.checkQuotaInfoLoadTime Bug [1722668](https://bugzilla.mozilla.org/show_bug.cgi?id=1722668) - Speed up temporary storage initialization by archiving unaccessed origin directories; * dom.quotaManager.longQuotaInfoLoadTimeThresholdMs Bug [1722668](https://bugzilla.mozilla.org/show_bug.cgi?id=1722668) - Speed up temporary storage initialization by archiving unaccessed origin directories; * dom.quotaManager.unaccessedForLongTimeThresholdSec Bug [1722668](https://bugzilla.mozilla.org/show_bug.cgi?id=1722668) - Speed up temporary storage initialization by archiving unaccessed origin directories; * dom.security.https_only_check_path_upgrade_downgrade_endless_loop Bug [1725800](https://bugzilla.mozilla.org/show_bug.cgi?id=1725800) - Also check if the uri path is the same when doing upgrade and downgrade loop check, * dom.serviceWorkers.mitigations.group_usage_headroom_kb Bug [1722502](https://bugzilla.mozilla.org/show_bug.cgi?id=1722502) - P3 Quota usage mitigation algorithm implementation. * dom.webcomponents.elementInternals.enabled Bug [1723521](https://bugzilla.mozilla.org/show_bug.cgi?id=1723521) - Part 3: Implement and ship ElementInternals.shadowRoot; * dom.weblocks.enabled Bug [1725734](https://bugzilla.mozilla.org/show_bug.cgi?id=1725734) - Basic Web Locks implementation * gfx.basic_layer_manager.force_enabled Bug [1726063](https://bugzilla.mozilla.org/show_bug.cgi?id=1726063) - Remove option to use BasicLayerManager. Bug [1722258](https://bugzilla.mozilla.org/show_bug.cgi?id=1722258) - Add FallbackRenderer to replace BasicLayerManager usage. * gfx.content.azure.backends Bug [1728401](https://bugzilla.mozilla.org/show_bug.cgi?id=1728401) - Disable direct2d as the content backend on Windows. * gfx.use-glx-texture-from-pixmap Bug [1728350](https://bugzilla.mozilla.org/show_bug.cgi?id=1728350) - Remove remaining texture-from-pixmap usage. * gfx.webrender.blob.paint-flashing Bug [1726118](https://bugzilla.mozilla.org/show_bug.cgi?id=1726118) - Prefix all webrender debug prefs with gfx.webrender.debug. * gfx.webrender.debug.blob.paint-flashing Bug [1726118](https://bugzilla.mozilla.org/show_bug.cgi?id=1726118) - Prefix all webrender debug prefs with gfx.webrender.debug. * gfx.webrender.debug.dl.dump-content Bug [1726118](https://bugzilla.mozilla.org/show_bug.cgi?id=1726118) - Prefix all webrender debug prefs with gfx.webrender.debug. * gfx.webrender.debug.dl.dump-content-serialized Bug [1726118](https://bugzilla.mozilla.org/show_bug.cgi?id=1726118) - Prefix all webrender debug prefs with gfx.webrender.debug. * gfx.webrender.debug.dl.dump-parent Bug [1726118](https://bugzilla.mozilla.org/show_bug.cgi?id=1726118) - Prefix all webrender debug prefs with gfx.webrender.debug. * gfx.webrender.debug.enable-capture Bug [1726118](https://bugzilla.mozilla.org/show_bug.cgi?id=1726118) - Prefix all webrender debug prefs with gfx.webrender.debug. * gfx.webrender.debug.highlight-painted-layers Bug [1726118](https://bugzilla.mozilla.org/show_bug.cgi?id=1726118) - Prefix all webrender debug prefs with gfx.webrender.debug. * gfx.webrender.dl.dump-content Bug [1726118](https://bugzilla.mozilla.org/show_bug.cgi?id=1726118) - Prefix all webrender debug prefs with gfx.webrender.debug. * gfx.webrender.dl.dump-content-serialized Bug [1726118](https://bugzilla.mozilla.org/show_bug.cgi?id=1726118) - Prefix all webrender debug prefs with gfx.webrender.debug. * gfx.webrender.dl.dump-parent Bug [1726118](https://bugzilla.mozilla.org/show_bug.cgi?id=1726118) - Prefix all webrender debug prefs with gfx.webrender.debug. * gfx.webrender.enable-capture Bug [1726118](https://bugzilla.mozilla.org/show_bug.cgi?id=1726118) - Prefix all webrender debug prefs with gfx.webrender.debug. * gfx.webrender.fallback.basic Bug [1725388](https://bugzilla.mozilla.org/show_bug.cgi?id=1725388) - Remove pref/envvars that can disable WebRender. Bug [1721191](https://bugzilla.mozilla.org/show_bug.cgi?id=1721191) - Disable fallback from WR/SW-WR to basic. * gfx.webrender.force-legacy-layers Bug [1725388](https://bugzilla.mozilla.org/show_bug.cgi?id=1725388) - Remove pref/envvars that can disable WebRender. Bug [1722055](https://bugzilla.mozilla.org/show_bug.cgi?id=1722055) - Rename gfx.webrender.force-disabled. * gfx.webrender.highlight-painted-layers Bug [1726118](https://bugzilla.mozilla.org/show_bug.cgi?id=1726118) - Prefix all webrender debug prefs with gfx.webrender.debug. * gfx.webrender.software.unaccelerated-widget.allow Bug [1726562](https://bugzilla.mozilla.org/show_bug.cgi?id=1726562) - Remove option to disable software webrender for popups. * image.avif.compliance_strictness Bug [1727449](https://bugzilla.mozilla.org/show_bug.cgi?id=1727449) - Restore standard AVIF compliance strictness. Bug [1727448](https://bugzilla.mozilla.org/show_bug.cgi?id=1727448) - Temporarily relax AVIF compliance strictness. * image.avif.enabled Bug [1682995](https://bugzilla.mozilla.org/show_bug.cgi?id=1682995) - Revert Enable AVIF support by default. Bug [1682995](https://bugzilla.mozilla.org/show_bug.cgi?id=1682995) - Enable AVIF support by default. * javascript.options.experimental.class_static_blocks Bug [1725689](https://bugzilla.mozilla.org/show_bug.cgi?id=1725689) - Pref on class static blocks by default * javascript.options.mem.gc_malloc_threshold_base_mb Bug [1725584](https://bugzilla.mozilla.org/show_bug.cgi?id=1725584) - Add browser prefs for more GC parameters * javascript.options.mem.gc_urgent_threshold_mb Bug [1725584](https://bugzilla.mozilla.org/show_bug.cgi?id=1725584) - Add browser prefs for more GC parameters * javascript.options.use_fdlibm_for_sin_cos_tan Bug [531915](https://bugzilla.mozilla.org/show_bug.cgi?id=531915) - part 6 - optionally use fdlibm's sin, cos, and tan in jsmath * layers.enable-tiles-if-skia-pomtp Bug [1727603](https://bugzilla.mozilla.org/show_bug.cgi?id=1727603) - Remove gfxVars::UseOMTP. * layers.omtp.capture-limit Bug [1727644](https://bugzilla.mozilla.org/show_bug.cgi?id=1727644) - Remove unused layers.omtp.capture-limit pref. * layers.omtp.dump-capture Bug [1727644](https://bugzilla.mozilla.org/show_bug.cgi?id=1727644) - Remove unused layers.omtp.dump-capture pref. * layers.omtp.enabled Bug [1727644](https://bugzilla.mozilla.org/show_bug.cgi?id=1727644) - Remove unused layers.omtp.enabled pref. Bug [1694248](https://bugzilla.mozilla.org/show_bug.cgi?id=1694248) - Disable OMTP. * layers.omtp.paint-workers Bug [1727700](https://bugzilla.mozilla.org/show_bug.cgi?id=1727700) - Remove unused layers.omtp.paint-workers pref. * layers.omtp.release-capture-on-main-thread Bug [1727644](https://bugzilla.mozilla.org/show_bug.cgi?id=1727644) - Remove unused layers.omtp.release-capture-on-main-thread pref. * layers.progressive-paint Bug [1727676](https://bugzilla.mozilla.org/show_bug.cgi?id=1727676) - Remove APZ support code for progressive painting. * layout.css.bloom-filter-attribute-names.enabled Bug [1728851](https://bugzilla.mozilla.org/show_bug.cgi?id=1728851) - Add attributes to the rule hash. * layout.css.bucket-attribute-names.enabled Bug [1728851](https://bugzilla.mozilla.org/show_bug.cgi?id=1728851) - Add attributes to the rule hash. * layout.css.cascade-layers.enabled Bug [1728633](https://bugzilla.mozilla.org/show_bug.cgi?id=1728633) - Hook up basic @layer rule parsing. * layout.css.color-mix.color-spaces.enabled Bug [1703356](https://bugzilla.mozilla.org/show_bug.cgi?id=1703356) - Support color-mix() in non-sRGB color spaces * layout.css.computed-style.new-invalid-pseudo-element-behavior Bug [1726396](https://bugzilla.mozilla.org/show_bug.cgi?id=1726396) - Update getComputedStyle pseudo-element behavior. * layout.css.computed-style.throw-on-invalid-pseudo Bug [1726396](https://bugzilla.mozilla.org/show_bug.cgi?id=1726396) - Update getComputedStyle pseudo-element behavior. Bug [1724674](https://bugzilla.mozilla.org/show_bug.cgi?id=1724674) - Disable bug [1723921](https://bugzilla.mozilla.org/show_bug.cgi?id=1723921) for now due to compat issues. a=noop+expectation-fix Bug [1723921](https://bugzilla.mozilla.org/show_bug.cgi?id=1723921) - Throw on invalid pseudo-elements in getComputedStyle() as per spec. * layout.css.DOMMatrix.enabled Bug [1723224](https://bugzilla.mozilla.org/show_bug.cgi?id=1723224) - Remove layout.css.DOMPoint.enabled, layout.css.DOMMatrix.enabled, and layout.css.DOMQuad.enabled. * layout.css.DOMPoint.enabled Bug [1723224](https://bugzilla.mozilla.org/show_bug.cgi?id=1723224) - Remove layout.css.DOMPoint.enabled, layout.css.DOMMatrix.enabled, and layout.css.DOMQuad.enabled. * layout.css.DOMQuad.enabled Bug [1723224](https://bugzilla.mozilla.org/show_bug.cgi?id=1723224) - Remove layout.css.DOMPoint.enabled, layout.css.DOMMatrix.enabled, and layout.css.DOMQuad.enabled. * layout.css.font-synthesis-small-caps.enabled Bug [1706080](https://bugzilla.mozilla.org/show_bug.cgi?id=1706080) - [css-fonts] Implement 'font-synthesis: small-caps'. * layout.css.is-and-where-better-error-recovery.enabled Bug [1727537](https://bugzilla.mozilla.org/show_bug.cgi?id=1727537) - Remove layout.css.is-and-where-better-error-recovery.enabled. * layout.css.prefers-color-scheme.content-override Bug [1722886](https://bugzilla.mozilla.org/show_bug.cgi?id=1722886) - Add a way to override prefers-color-scheme for content without messing with widget values. * media.clearkey.test-key-systems.enabled Bug [1724781](https://bugzilla.mozilla.org/show_bug.cgi?id=1724781) - Add org.mozilla.clearkey_with_protection_query keysystem to key system access code. * media.eme.max-throughput-ms Bug [1718223](https://bugzilla.mozilla.org/show_bug.cgi?id=1718223) - Allow pref to control max throughput of EME decryption * network.auth.allow_multiple_challenges_same_line Bug [669675](https://bugzilla.mozilla.org/show_bug.cgi?id=669675) - Use Tokenizer in ParseRealm * network.auth.use_new_parse_realm Bug [669675](https://bugzilla.mozilla.org/show_bug.cgi?id=669675) - Use Tokenizer in ParseRealm * network.http.http3.max_data Bug [1723218](https://bugzilla.mozilla.org/show_bug.cgi?id=1723218) - Change flow control limits in HTTP/3 * network.http.http3.max_stream_data Bug [1723218](https://bugzilla.mozilla.org/show_bug.cgi?id=1723218) - Change flow control limits in HTTP/3 * network.http.referer.disallowCrossSiteRelaxingDefault.pbmode Bug [1727505](https://bugzilla.mozilla.org/show_bug.cgi?id=1727505) - Part 1: Enable restrict relaxing default referrer policy in ETP strict mode and private browsing mode. Bug [1727503](https://bugzilla.mozilla.org/show_bug.cgi?id=1727503) - Part 1: Add the pref 'network.http.referer.disallowCrossSiteRelaxingDefault.pbmode' for private browsing mode. * pdfjs.annotationMode Bug [1729049](https://bugzilla.mozilla.org/show_bug.cgi?id=1729049) - Switch from deprecated pref renderInteractiveForms to annotationMode. * pdfjs.enableXfa Bug [1720402](https://bugzilla.mozilla.org/show_bug.cgi?id=1720402) - Enable XFA support in the PDF viewer. * pdfjs.renderInteractiveForms Bug [1729049](https://bugzilla.mozilla.org/show_bug.cgi?id=1729049) - Switch from deprecated pref renderInteractiveForms to annotationMode. Bug [1673086](https://bugzilla.mozilla.org/show_bug.cgi?id=1673086) - Enable PDF forms by default on release. Bug [1652145](https://bugzilla.mozilla.org/show_bug.cgi?id=1652145) - Only enable PDF forms for early beta or earlier. * privacy.antitracking.cacheStorageAllowedForWindow Bug [1724386](https://bugzilla.mozilla.org/show_bug.cgi?id=1724386) - Cache InternalStorageAllowedCheck on inner window. Bug [1706292](https://bugzilla.mozilla.org/show_bug.cgi?id=1706292) - Cache InternalStorageAllowedCheck on inner window. * privacy.antitracking.enableWebcompat Bug [1683165](https://bugzilla.mozilla.org/show_bug.cgi?id=1683165) - Add a pref to control anti-tracking webcompat features. * privacy.storagePrincipal.enabledForTrackers Bug [1710241](https://bugzilla.mozilla.org/show_bug.cgi?id=1710241) - Remove privacy.storagePrincipal.enabledForTrackers pref. * security.crash_tracking.js_load_1.maxCrashes Bug [1727500](https://bugzilla.mozilla.org/show_bug.cgi?id=1727500): Disable crash reporting now that we have some data Bug [1723204](https://bugzilla.mozilla.org/show_bug.cgi?id=1723204): Wire up a crash for Javascript Load Telemetry * security.crash_tracking.js_load_1.prevCrashes Bug [1723204](https://bugzilla.mozilla.org/show_bug.cgi?id=1723204): Wire up a crash for Javascript Load Telemetry * security.disallow_privileged_data_subdocuments_loads Bug [1725339](https://bugzilla.mozilla.org/show_bug.cgi?id=1725339) - Restrict systemprincipal from loading type *SUBDOCUMENT* via HTTP, HTTPS and data schemes (data restriction preffed OFF). * security.disallow_privileged_https_subdocuments_loads Bug [1725339](https://bugzilla.mozilla.org/show_bug.cgi?id=1725339) - Restrict systemprincipal from loading type *SUBDOCUMENT* via HTTP, HTTPS and data schemes (data restriction preffed OFF). * security.sandbox.rdd.shadow-stack.enabled Bug [1727742](https://bugzilla.mozilla.org/show_bug.cgi?id=1727742): Let CET compatible modules only for the RDD process ride the trains. Bug [1727739](https://bugzilla.mozilla.org/show_bug.cgi?id=1727739): Let CET compatible modules only for the socket process ride the trains. Bug [1724195](https://bugzilla.mozilla.org/show_bug.cgi?id=1724195): Turn on CET compatible modules only for the rdd process on Nightly. Bug [1722326](https://bugzilla.mozilla.org/show_bug.cgi?id=1722326): Turn on CET compatible modules only for the socket process on Nightly. Bug [1716024](https://bugzilla.mozilla.org/show_bug.cgi?id=1716024) p1: Change CET support to compatible modules only. * security.sandbox.socket.shadow-stack.enabled Bug [1727739](https://bugzilla.mozilla.org/show_bug.cgi?id=1727739): Let CET compatible modules only for the socket process ride the trains. Bug [1722326](https://bugzilla.mozilla.org/show_bug.cgi?id=1722326): Turn on CET compatible modules only for the socket process on Nightly. Bug [1716024](https://bugzilla.mozilla.org/show_bug.cgi?id=1716024) p1: Change CET support to compatible modules only. * security.ssl3.deprecated.rsa_des_ede3_sha Bug [1724072](https://bugzilla.mozilla.org/show_bug.cgi?id=1724072) - allow enabling 3DES only when deprecated versions of TLS are enabled * security.ssl3.rsa_des_ede3_sha Bug [1724072](https://bugzilla.mozilla.org/show_bug.cgi?id=1724072) - allow enabling 3DES only when deprecated versions of TLS are enabled * webgl.auto-flush Bug [1527181](https://bugzilla.mozilla.org/show_bug.cgi?id=1527181) - Add webgl.auto-flush:true. * webgl.auto-flush.gl Bug [1527181](https://bugzilla.mozilla.org/show_bug.cgi?id=1527181) - Add webgl.auto-flush:true.

[Thorin-Oakenpants]

interesting

wonder what rp is? referrer protection?

pref("browser.contentblocking.features.strict"
 now: tp,tpPrivate,cookieBehavior5,cookieBehaviorPBM5,cm,fp,stp,lvl2,rp
prev: tp,tpPrivate,cookieBehavior5,cookieBehaviorPBM5,cm,fp,stp,lvl2

pref("browser.urlbar.suggest.quicksuggest", false); // prev: true

• this is being discussed in #1257

[rusty-snake]

// Possible values for browser.contentblocking.features.strict pref:
//   Tracking Protection:
//     "tp": tracking protection enabled
//     "-tp": tracking protection disabled
//   Tracking Protection in private windows:
//     "tpPrivate": tracking protection in private windows enabled
//     "-tpPrivate": tracking protection in private windows disabled
//   Fingerprinting:
//     "fp": fingerprinting blocking enabled
//     "-fp": fingerprinting blocking disabled
//   Cryptomining:
//     "cm": cryptomining blocking enabled
//     "-cm": cryptomining blocking disabled
//   Social Tracking Protection:
//     "stp": social tracking protection enabled
//     "-stp": social tracking protection disabled
//   Level 2 Tracking list:
//     "lvl2": Level 2 tracking list enabled
//     "-lvl2": Level 2 tracking list disabled
//   Restrict relaxing default referrer policy:
//     "rp": Restrict relaxing default referrer policy enabled
//     "-rp": Restrict relaxing default referrer policy disabled
//   OCSP cache partitioning:
//     "ocsp": OCSP cache partitioning enabled
//     "-ocsp": OCSP cache partitioning disabled
//   Cookie behavior:
//     "cookieBehavior0": cookie behaviour BEHAVIOR_ACCEPT
//     "cookieBehavior1": cookie behaviour BEHAVIOR_REJECT_FOREIGN
//     "cookieBehavior2": cookie behaviour BEHAVIOR_REJECT
//     "cookieBehavior3": cookie behaviour BEHAVIOR_LIMIT_FOREIGN
//     "cookieBehavior4": cookie behaviour BEHAVIOR_REJECT_TRACKER
//     "cookieBehavior5": cookie behaviour BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN
//   Cookie behavior for private windows:
//     "cookieBehaviorPBM0": cookie behaviour BEHAVIOR_ACCEPT
//     "cookieBehaviorPBM1": cookie behaviour BEHAVIOR_REJECT_FOREIGN
//     "cookieBehaviorPBM2": cookie behaviour BEHAVIOR_REJECT
//     "cookieBehaviorPBM3": cookie behaviour BEHAVIOR_LIMIT_FOREIGN
//     "cookieBehaviorPBM4": cookie behaviour BEHAVIOR_REJECT_TRACKER
//     "cookieBehaviorPBM5": cookie behaviour BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN
// One value from each section must be included in the browser.contentblocking.features.strict pref.
pref("browser.contentblocking.features.strict", "tp,tpPrivate,cookieBehavior5,cookieBehaviorPBM5,cm,fp,stp,lvl2,rp,ocsp");

https://searchfox.org/mozilla-central/source/browser/app/profile/firefox.js#1762-1802

[Thorin-Oakenpants]

oscp is 94+ (or 95+ I don't have a current 94, Beta update says stay on 93, and nightly is already 95, but only in the last 12 hours, so I'm assuming 94 was when it was added) if only I had waited 20 minutes ... just updated Dev to 94, yes oscp was added in 94

edit: there's also some sort of FP protection to be added - not RFP specifically, but the font vis pref

[Thorin-Oakenpants]

what the heck is a sheep doing in the new prefs?

[rusty-snake]

pref("javascript.options.use_fdlibm_for_sin_cos_tan", false);

Do we want to add this to "8000: DON'T BOTHER: NON-RFP"?

When privacy.resistFingerprinting is true, this pref is ignored and fdlibm is used anyway.

edit: also non-rfp related: layout.css.prefers-color-scheme.content-override

[Thorin-Oakenpants]

nope

[Thorin-Oakenpants]

fyi: article about pdf.js xda forms

[Jee-Hex]

what the heck is a sheep doing in the new prefs?

https://github.com/mozilla-services/merino#about-the-name

[fxbrit]

FYI, since nobody linked it and referrer policy (rp) was being discussed -> https://blog.mozilla.org/security/2021/10/05/firefox-93-features-an-improved-smartblock-and-new-referrer-tracking-protections/

basically when in strict mode:

With the release of version 93, Firefox will ignore less restrictive referrer policies for cross-site requests, such as ‘no-referrer-when-downgrade’, ‘origin-when-cross-origin’, and ‘unsafe-url’ and hence renders such privacy violations ineffective. In other words, Firefox will always trim the HTTP referrer for cross-site requests, regardless of the website’s settings.