ToDo: diffs FF113-FF114

[earthlng]

FF114 is scheduled for release Jun. 6th

FF114 release notes FF114 for developers FF114 security advisories

---

65 diffs ( 40 new, 12 gone, 13 different )

• 4501 pref("privacy.resistFingerprinting.pbmode", false); - https://github.com/arkenfox/user.js/pull/1680/commits/cecb83345332122c6ada94352ddb3efde9812e60
• FYI: these are FPP, ignore for now
  • pref("privacy.fingerprintingProtection", false);
  • pref("privacy.fingerprintingProtection.overrides", "");
  • pref("privacy.fingerprintingProtection.pbmode", false);
• FYI
  • pref("media.peerconnection.ice.proxy_only_if_pbmode", false); - 1825826
  • pref("browser.urlbar.weather.ignoreVPN", false); // when weather featuregate gets turned on, we'll turn that off

removed, renamed or hidden in v114.0:

• 1501 pref("extensions.formautofill.heuristics.enabled", true); - 1829670
• 2816 pref("privacy.clearsitedata.cache.enabled", false); - 1821651
• 4505 pref("privacy.resistFingerprinting.testGranularityMask", 0); - 1824235 pref remains but does nothing

---

ignore

click me for details

==NEW ```js pref("apz.rounded_external_scroll_offset", false); pref("browser.device-migration.help-menu.hidden", false); pref("browser.newtabpage.activity-stream.discoverystream.onboardingExperience.dismissed", false); pref("browser.newtabpage.activity-stream.discoverystream.onboardingExperience.enabled", true); pref("browser.newtabpage.activity-stream.discoverystream.region-bff-config", "FR,IT,ES"); pref("browser.urlbar.weather.minKeywordLength", 0); pref("dom.enable_largest_contentful_paint", false); pref("extensions.browser_style_mv3.same_as_mv2", true); pref("extensions.browser_style_mv3.supported", true); pref("fission.disableSessionHistoryInParent", false); pref("gfx.webrender.flip-sequential", false); pref("gfx.webrender.super-resolution.nvidia", false); pref("gfx.webrender.svg-shapes", true); pref("javascript.options.jithints", true); pref("layout.css.import-supports.enabled", false); pref("layout.css.inverted-colors.enabled", false); pref("layout.css.text-transform.uppercase-eszett.enabled", false); pref("media.gmp.decoder.decode_batch", false); pref("media.gmp.decoder.multithreaded", false); pref("mousewheel.scroll_series_timeout", 80); pref("network.allow_redirect_to_data", false); pref("network.cookie.fixup_on_db_load", true); pref("network.trr_ui.show_fallback_warning_option", false); pref("places.frecency.origins.alternative.featureGate", false); pref("security.osclientcerts.assume_rsa_pss_support", true); pref("security.webauthn.webauthn_enable_android_fido2.residentkey", false); pref("signon.firefoxRelay.manage_url", "https://relay.firefox.com"); pref("svg.use-element.recursive-clone-limit", 8); pref("svg.use-element.recursive-clone-limit.enabled", 2); pref("threads.lower_mainthread_priority_in_background.enabled", false); pref("timer.maximum_firing_delay_tolerance_ms", "0.0"); pref("timer.minimum_firing_delay_tolerance_ms", "1.0"); pref("widget.gtk.non-native-menu-styling", true); pref("widget.windows.apply-dwm-resize-hack", 2); ``` ==REMOVED, RENAMED or HIDDEN ```js pref("browser.urlbar.searchEngagementTelemetry.enabled", false); pref("dom.mozImageSmoothingEnabled.enabled", false); pref("extensions.formautofill.section.enabled", true); pref("fission.sessionHistoryInParent", false); pref("layout.css.cascade-layers.enabled", true); pref("privacy.resistFingerprintingLite", false); pref("privacy.resistFingerprintingLite.overrides", ""); pref("privacy.trackingprotection.origin_telemetry.enabled", false); pref("security.webauth.u2f", false); pref("telemetry.origin_telemetry_test_mode.enabled", false); ``` ==CHANGED ```js pref("app.update.background.messaging.targeting.snapshot.intervalSec", 3600); // prev: 1800 pref("browser.newtabpage.activity-stream.discoverystream.endpoints", "https://getpocket.cdn.mozilla.net/,https://firefox-api-proxy.cdn.mozilla.net/,https://spocs.getpocket.com/"); // prev: "https://getpocket.cdn.mozilla.net/,https://spocs.getpocket.com/" pref("browser.newtabpage.activity-stream.discoverystream.region-spocs-config", "US,CA,DE,GB,FR,IT,ES"); // prev: "US,CA,DE,GB" pref("browser.newtabpage.activity-stream.discoverystream.region-stories-block", ""); // prev: "FR" pref("browser.newtabpage.activity-stream.discoverystream.region-stories-config", "US,DE,CA,GB,IE,CH,AT,BE,IN,FR,IT,ES"); // prev: "US,DE,CA,GB,IE,CH,AT,BE,IN" pref("dom.workers.modules.enabled", true); // prev: false pref("gfx.color_management.native_srgb", false); // prev: true pref("layout.css.nan-inf.enabled", true); // prev: false pref("media.getusermedia.camera.macavf.enabled", true); // prev: false pref("media.videocontrols.picture-in-picture.urlbar-button.enabled", true); // prev: false pref("network.webtransport.datagrams.enabled", true); // prev: false pref("network.webtransport.enabled", true); // prev: false pref("security.webauthn.ctap2", true); // prev: false ```

[earthlng]

some bugzilla tickets

* app.update.background.messaging.targeting.snapshot.intervalSec Bug [1825823](https://bugzilla.mozilla.org/show_bug.cgi?id=1825823) - reduce timer wake-ups caused by BackgroundUpdates.sys.mjs, * apz.rounded_external_scroll_offset Bug [1826452](https://bugzilla.mozilla.org/show_bug.cgi?id=1826452) - Use non-rounded external scroll offsets behind a pref. * browser.device-migration.help-menu.hidden Bug [1828114](https://bugzilla.mozilla.org/show_bug.cgi?id=1828114) - Add new help menu item for switching devices * browser.newtabpage.activity-stream.discoverystream.onboardingExperience.dismissed Bug [1812690](https://bugzilla.mozilla.org/show_bug.cgi?id=1812690) - Pocket newtab enabling onboarding experience for new users seeing the Pocket section for the first time. * browser.newtabpage.activity-stream.discoverystream.onboardingExperience.enabled Bug [1830913](https://bugzilla.mozilla.org/show_bug.cgi?id=1830913) - Pocket new tab turn on new regions. Bug [1812690](https://bugzilla.mozilla.org/show_bug.cgi?id=1812690) - Pocket newtab enabling onboarding experience for new users seeing the Pocket section for the first time. * browser.newtabpage.activity-stream.discoverystream.region-bff-config Bug [1812689](https://bugzilla.mozilla.org/show_bug.cgi?id=1812689) - Pocket newtab new regions implementation * browser.newtabpage.activity-stream.discoverystream.region-spocs-config Bug [1831378](https://bugzilla.mozilla.org/show_bug.cgi?id=1831378) - Pocket newtab turn on spoc pref for new regions. * browser.newtabpage.activity-stream.discoverystream.region-stories-block Bug [1814794](https://bugzilla.mozilla.org/show_bug.cgi?id=1814794) - Pocket newtab update stories region block list * browser.newtabpage.activity-stream.discoverystream.region-stories-config Bug [1830913](https://bugzilla.mozilla.org/show_bug.cgi?id=1830913) - Pocket new tab turn on new regions. * browser.urlbar.searchEngagementTelemetry.enabled Bug [1824253](https://bugzilla.mozilla.org/show_bug.cgi?id=1824253): Set enabling/disabling urlbar engagement telemetry via Server Knobs Bug [1797265](https://bugzilla.mozilla.org/show_bug.cgi?id=1797265): Implement the engagement event. * browser.urlbar.weather.ignoreVPN Bug [1831689](https://bugzilla.mozilla.org/show_bug.cgi?id=1831689) - Add a pref for the weather suggestion to ignore VPNs and fetch anyway. * browser.urlbar.weather.minKeywordLength Bug [1831657](https://bugzilla.mozilla.org/show_bug.cgi?id=1831657) - Implement the "Show less frequently" weather suggestion command. * dom.enable_largest_contentful_paint Bug [1830794](https://bugzilla.mozilla.org/show_bug.cgi?id=1830794) - Add the WebIDL support for LargestContentfulPaint * dom.mozImageSmoothingEnabled.enabled Bug [1228850](https://bugzilla.mozilla.org/show_bug.cgi?id=1228850) - Remove mozImageSmoothingEnabled. Bug [1822955](https://bugzilla.mozilla.org/show_bug.cgi?id=1822955) - Disable mozImageSmoothingEnabled by default. * dom.workers.modules.enabled Bug [1812591](https://bugzilla.mozilla.org/show_bug.cgi?id=1812591) - Ship Module Workers; * extensions.browser_style_mv3.same_as_mv2 Bug [1827910](https://bugzilla.mozilla.org/show_bug.cgi?id=1827910) - Show deprecation warnings for browser_style in MV3 * extensions.browser_style_mv3.supported Bug [1827910](https://bugzilla.mozilla.org/show_bug.cgi?id=1827910) - Show deprecation warnings for browser_style in MV3 * extensions.formautofill.heuristics.enabled Bug [1829670](https://bugzilla.mozilla.org/show_bug.cgi?id=1829670) - Some code refactoring in FormAutofillHandler * extensions.formautofill.section.enabled Bug [1829670](https://bugzilla.mozilla.org/show_bug.cgi?id=1829670) - Some code refactoring in FormAutofillHandler * fission.disableSessionHistoryInParent Bug [1804140](https://bugzilla.mozilla.org/show_bug.cgi?id=1804140) - Enable SHIP by default on desktop, whether or not Fission is disabled. * fission.sessionHistoryInParent Bug [1804140](https://bugzilla.mozilla.org/show_bug.cgi?id=1804140) - Enable SHIP by default on desktop, whether or not Fission is disabled. * gfx.color_management.native_srgb Bug [1832215](https://bugzilla.mozilla.org/show_bug.cgi?id=1832215) - Use display-color-profile by default on Windows. (again) * gfx.webrender.flip-sequential Bug [1830792](https://bugzilla.mozilla.org/show_bug.cgi?id=1830792) - [1/4] Revert default to DXGI_SWAP_EFFECT_FLIP_SEQUENTIAL Bug [1830792](https://bugzilla.mozilla.org/show_bug.cgi?id=1830792) - Revert default to DXGI_SWAP_EFFECT_FLIP_SEQUENTIAL. Bug [1820066](https://bugzilla.mozilla.org/show_bug.cgi?id=1820066) [3/3] - Default to DXGI_SWAP_EFFECT_FLIP_SEQUENTIAL on Win10+ * gfx.webrender.super-resolution.nvidia Bug [1823135](https://bugzilla.mozilla.org/show_bug.cgi?id=1823135) - Initial support for NVIDIA RTX Video Super Resolution * gfx.webrender.svg-shapes Bug [1814398](https://bugzilla.mozilla.org/show_bug.cgi?id=1814398) - SVGImageElement should not derive from SVGGeometryElement Bug [1818157](https://bugzilla.mozilla.org/show_bug.cgi?id=1818157): Backout changeset 510d250fd545 (bug [1814398](https://bugzilla.mozilla.org/show_bug.cgi?id=1814398)) and e44b3ab61ae4 (bug [1817212](https://bugzilla.mozilla.org/show_bug.cgi?id=1817212)) for introducing a performance regression. CLOSED TREE * javascript.options.jithints Bug [1831572](https://bugzilla.mozilla.org/show_bug.cgi?id=1831572): Enable javascript.options.jithints pref for all channels. Bug [1829547](https://bugzilla.mozilla.org/show_bug.cgi?id=1829547): Remove nightly ifdef guards for the jit hints cache and toggle the static pref based on the build instead. Bug [1824772](https://bugzilla.mozilla.org/show_bug.cgi?id=1824772): part 1 - Add jit option and static pref to toggle eager baseline hints. * layout.css.cascade-layers.enabled Bug [1828183](https://bugzilla.mozilla.org/show_bug.cgi?id=1828183) - Remove cascade layers pref. * layout.css.import-supports.enabled Bug [1427715](https://bugzilla.mozilla.org/show_bug.cgi?id=1427715) - Implement supports() syntax for @import rules * layout.css.inverted-colors.enabled Bug [1794628](https://bugzilla.mozilla.org/show_bug.cgi?id=1794628) - Implement inverted-colors media feature * layout.css.nan-inf.enabled Bug [1830759](https://bugzilla.mozilla.org/show_bug.cgi?id=1830759) - Enable CSS inf/nan by default * layout.css.text-transform.uppercase-eszett.enabled Bug [1697980](https://bugzilla.mozilla.org/show_bug.cgi?id=1697980) - Implement new uppercase mapping of eszett (U+00DF) to U+1E9E, but preffed-off by default due to inconsistent font support. * media.getusermedia.camera.macavf.enabled Bug [1806604](https://bugzilla.mozilla.org/show_bug.cgi?id=1806604) - Enable VideoCaptureAvFoundation by default. * media.gmp.decoder.decode_batch Bug [1827703](https://bugzilla.mozilla.org/show_bug.cgi?id=1827703) - Improve integration with OpenH264 decoder. * media.gmp.decoder.multithreaded Bug [1827703](https://bugzilla.mozilla.org/show_bug.cgi?id=1827703) - Improve integration with OpenH264 decoder. * media.peerconnection.ice.proxy_only_if_pbmode Bug [1825826](https://bugzilla.mozilla.org/show_bug.cgi?id=1825826): Create a PBM-only pref for ice.proxy_only * media.videocontrols.picture-in-picture.urlbar-button.enabled Bug [1821725](https://bugzilla.mozilla.org/show_bug.cgi?id=1821725) - Enable PiP urlbar button. Bug [1811318](https://bugzilla.mozilla.org/show_bug.cgi?id=1811318) - Urlbar entry point for PiP. * mousewheel.scroll_series_timeout Bug [1806591](https://bugzilla.mozilla.org/show_bug.cgi?id=1806591): Consume wheel event as long as being able to handle the event as the same series * network.allow_redirect_to_data Bug [1691658](https://bugzilla.mozilla.org/show_bug.cgi?id=1691658) - block http redirects to data: protocol, * network.cookie.fixup_on_db_load Bug [1828126](https://bugzilla.mozilla.org/show_bug.cgi?id=1828126) - Add a mechanism to fix cookies with invalid future createdAt timestamp * network.trr_ui.show_fallback_warning_option Bug [1610741](https://bugzilla.mozilla.org/show_bug.cgi?id=1610741) - DoH setting UI * network.webtransport.datagrams.enabled Bug [1831073](https://bugzilla.mozilla.org/show_bug.cgi?id=1831073): Enable WebTransport Bug [1818754](https://bugzilla.mozilla.org/show_bug.cgi?id=1818754): Enable WebTransport by default * network.webtransport.enabled Bug [1831073](https://bugzilla.mozilla.org/show_bug.cgi?id=1831073): Enable WebTransport Bug [1818754](https://bugzilla.mozilla.org/show_bug.cgi?id=1818754): Enable WebTransport by default * places.frecency.origins.alternative.featureGate Bug [1823450](https://bugzilla.mozilla.org/show_bug.cgi?id=1823450) - Introduce code to recalculate alternative frecency for origins. * privacy.clearsitedata.cache.enabled Bug [1821651](https://bugzilla.mozilla.org/show_bug.cgi?id=1821651) - remove privacy.clearsitedata.cache.enabled from code base. * privacy.fingerprintingProtection Bug [1824235](https://bugzilla.mozilla.org/show_bug.cgi?id=1824235): Remove testGranularityMask from RFP and rename RFPLite * privacy.fingerprintingProtection.pbmode Bug [1824235](https://bugzilla.mozilla.org/show_bug.cgi?id=1824235): Remove testGranularityMask from RFP and rename RFPLite * privacy.resistFingerprinting.pbmode Bug [1824235](https://bugzilla.mozilla.org/show_bug.cgi?id=1824235): Remove testGranularityMask from RFP and rename RFPLite * privacy.resistFingerprintingLite Bug [1824235](https://bugzilla.mozilla.org/show_bug.cgi?id=1824235): Remove testGranularityMask from RFP and rename RFPLite Bug [1815307](https://bugzilla.mozilla.org/show_bug.cgi?id=1815307): Lay the groundwork for the IsRFPEnabledFor function * privacy.trackingprotection.origin_telemetry.enabled Bug [1830161](https://bugzilla.mozilla.org/show_bug.cgi?id=1830161) - Remove remaining references to Origin Telemetry. * security.osclientcerts.assume_rsa_pss_support Bug [1828968](https://bugzilla.mozilla.org/show_bug.cgi?id=1828968) - osclientcerts: make RSA-PSS support configurable via pref * security.webauth.u2f Bug [1737205](https://bugzilla.mozilla.org/show_bug.cgi?id=1737205) - remove the legacy U2F javascript API. Bug [1814487](https://bugzilla.mozilla.org/show_bug.cgi?id=1814487) - Pause rollout of CTAP2 support in 113. Bug [1814487](https://bugzilla.mozilla.org/show_bug.cgi?id=1814487) - Pause rollout of CTAP2 support in 112. Bug [1814487](https://bugzilla.mozilla.org/show_bug.cgi?id=1814487) - Enable CTAP2 support. * security.webauthn.ctap2 Bug [1828215](https://bugzilla.mozilla.org/show_bug.cgi?id=1828215) - Remove U2FHIDTokenManager. Bug [1814487](https://bugzilla.mozilla.org/show_bug.cgi?id=1814487) - Pause rollout of CTAP2 support in 113. Bug [1814487](https://bugzilla.mozilla.org/show_bug.cgi?id=1814487) - Pause rollout of CTAP2 support in 112. Bug [1814487](https://bugzilla.mozilla.org/show_bug.cgi?id=1814487) - Enable CTAP2 support. * security.webauthn.webauthn_enable_android_fido2.residentkey Bug [1554397](https://bugzilla.mozilla.org/show_bug.cgi?id=1554397) - Implement residentKey support on GeckoView. * signon.firefoxRelay.manage_url Bug [1828524](https://bugzilla.mozilla.org/show_bug.cgi?id=1828524) - [Relay] Manage masks button leads to SUMO instead of relay.firefox.com * svg.use-element.recursive-clone-limit Bug [1827960](https://bugzilla.mozilla.org/show_bug.cgi?id=1827960) - Add a <svg:use> recursion limit in the parent process. * svg.use-element.recursive-clone-limit.enabled Bug [1827960](https://bugzilla.mozilla.org/show_bug.cgi?id=1827960) - Add a <svg:use> recursion limit in the parent process. * telemetry.origin_telemetry_test_mode.enabled Bug [1830161](https://bugzilla.mozilla.org/show_bug.cgi?id=1830161) - Remove remaining references to Origin Telemetry. * threads.lower_mainthread_priority_in_background.enabled Bug [1805932](https://bugzilla.mozilla.org/show_bug.cgi?id=1805932) - Put the main thread in the background when the ProcessPriorityManager sets background priority. * timer.maximum_firing_delay_tolerance_ms Bug [1830139](https://bugzilla.mozilla.org/show_bug.cgi?id=1830139) - Increased the maximum timer delay from 100ms to 10000ms Bug [1783405](https://bugzilla.mozilla.org/show_bug.cgi?id=1783405) - Longer duration timers can have longer firing delays Bug [1783405](https://bugzilla.mozilla.org/show_bug.cgi?id=1783405) - Don't wake up in AddTimer() if the currently-scheduled wake-up time can work * timer.minimum_firing_delay_tolerance_ms Bug [1783405](https://bugzilla.mozilla.org/show_bug.cgi?id=1783405) - Longer duration timers can have longer firing delays Bug [1783405](https://bugzilla.mozilla.org/show_bug.cgi?id=1783405) - Don't wake up in AddTimer() if the currently-scheduled wake-up time can work * widget.gtk.non-native-menu-styling Bug [1828413](https://bugzilla.mozilla.org/show_bug.cgi?id=1828413) - Use more non-native rendering of menus. * widget.windows.apply-dwm-resize-hack Bug [1830792](https://bugzilla.mozilla.org/show_bug.cgi?id=1830792) - [4/4] Flicker-resize the window on first fullscreen entry

[Jee-Hex]

Not that it really matters, but RFP no longer seem to apply to extensions (and their outgoing connections) in 114+. Should we stick a warning somewhere reminding users to vet the code of any random extension they might have installed?

[Thorin-Oakenpants]

As per OP, which I edited 4 hrs ago

• 4505 pref("privacy.resistFingerprinting.testGranularityMask", 0); - 1824235 pref remains but does nothing
• also see PR commit https://github.com/arkenfox/user.js/pull/1680/commits/9a7d54d2512fa6548ac26a822e6f387d68920a0d over a month ago

no need for a warning - the pref was labelled experimental and we do not recommend any extensions that would be affected

[Thorin-Oakenpants]

https://phabricator.services.mozilla.com/D174014

bool isExemptDomain = false;
  // Exclude internal schemes and web extensions
  if (aURI->SchemeIs("about") || aURI->SchemeIs("chrome") ||
      aURI->SchemeIs("resource") || aURI->SchemeIs("view-source") ||
      aURI->SchemeIs("moz-extension")) {
    return false;
  }

extensions should be exempt. Can you elaborate on why you think they are not exempted - @Jee-Hex

edit: tom ritter said it's possible there's a hole in the extension-exempting logic, so test in Nightly

[atomGit]

is there any info on privacy.fingerprintingProtection? is it for non-RFP users?

[Thorin-Oakenpants]

I wrote something about it at https://github.com/arkenfox/user.js/issues/1661#issue-1679505411

[Jee-Hex]

extensions should be exempt.

That's what I meant– extensions are now exempted from RFP by default (not that you can override them AFAIK) and some users may not have expected that when they turned RFP on.

[Thorin-Oakenpants]

ahh ok, and no, no warning needed - users should be vetting extensions anyway, and we only recommend a tiny few

[Thorin-Oakenpants]

I just did a little test drive in FF115 with privacy.resistFingerprinting.pbmode, seems to work as advertised

so privacy.resistFingerprinting false and privacy.resistFingerprinting.pbmode true ... starting in normal mode .. new PB window sticks to new window sizes and applies all the RFP protections

I think there are better solutions/configs coming, but maybe someone would like non RFP in normal mode (maybe use CanvasBlocker for some subtle canvas rando), and RFP in PB mode

[Thorin-Oakenpants]

@rusty-snake

• https://searchfox.org/mozilla-central/source/browser/components/preferences/privacy.js#826

so network.trr_ui.show_fallback_warning_option true adds some extra UI

• 
• 

the checkbox is for the pref network.trr.display_fallback_warning

Is this worth exposing, or should we just wait? Should we add network.trr.display_fallback_warning ?

I'm open to a little more DoH stuff being added now it's been twenty years since the last kerfuffle and it's matured - note we can do it next release, so we don't have to hold this one up - please advise

[rusty-snake]

How does the warning look like IDK (tested it now) and IDC yet. When is it shown

• if you use mode 2 (opportunistic mode) or 0 (rollout; maybe, did not tested).
• and if the canary domain is blocked
  • Actually if any heuristic from network.trr.fallback_warning_heuristic_list triggers. But there is only canary in it ATM. Was wrong on that point, there are other ways too.

On the opposite this means it is not shown if you use mode 3 (strict mode). This mode has it's own warning.

If you want to actively use DoH, you should use mode 3 like you should use https_only rather than https_first.

Mode 3 has site-exceptions with a nice UI on the error page. Unlike mode 2 + warning pref which has https://bugzilla.mozilla.org/show_bug.cgi?id=1833828.

TL;DR: Until https://bugzilla.mozilla.org/show_bug.cgi?id=1833828 is fixed, no. After that recommending mode 3 + site-exceptions is still better IMHO.

[rusty-snake]

I'm open to a little more DoH stuff being added now

FWIW https://codeberg.org/rusty-snake/firefox-config/src/commit/fa47a46877db42af83bd91d52aa57301a793af4c/assets/user-overrides.js#L51-L56