ToDo: diffs FF119-FF120

[earthlng]

FF120 release date: Nov. 21st 2023

FF120 release notes FF120 for developers FF120 security advisories

---

93 diffs ( 53 new, 26 gone, 14 different )

new in v120.0:

• FYI
  • pref("dom.cache.privateBrowsing.enabled", false);
    • is enabled by default in FF122+
    • making PB mode more compat + match normal mode: IDB, Cache API, Service Workers
    • 1835300, 1864684, 1639542, 1366318, 1320796
  • pref("privacy.globalprivacycontrol.pbmode.enabled", true);
  • pref("privacy.fingerprintingProtection.granularOverrides", ""); // FPP stuff
  • this is the 🔥 button in PB mode, coming soon - let it bake (currently nightly only)
    • pref("browser.privatebrowsing.resetPBM.enabled", false);
    • pref("browser.privatebrowsing.resetPBM.showConfirmationDialog", true);
    • 

ignore

click me for details

==NEW ```js pref("browser.migrate.chrome.get_permissions.enabled", true); pref("browser.newtabpage.activity-stream.system.showSponsored", false); pref("browser.search.newSearchConfig.enabled", false); pref("browser.shell.checkDefaultPDF", true); pref("browser.shell.checkDefaultPDF.silencedByUser", false); pref("browser.shopping.experience2023.ads.exposure", false); pref("browser.startup.windowsLaunchOnLogin.disableLaunchOnLoginPrompt", false); pref("browser.startup.windowsLaunchOnLogin.enabled", false); pref("browser.theme.windows.accent-color-in-tabs.enabled", false); pref("browser.urlbar.quicksuggest.rustEnabled", false); pref("browser.urlbar.suggest.recentsearches", true); pref("browser.urlbar.switchTabs.searchAllContainers", false); pref("clipboard.imageAsFile.enabled", true); pref("cookiebanners.bannerClicking.pollingInterval", 500); pref("cookiebanners.bannerClicking.timeoutAfterDOMContentLoaded", 20000); pref("cookiebanners.bannerClicking.timeoutAfterLoad", 5000); pref("cookiebanners.service.enableGlobalRules.subFrames", true); pref("dom.iframe_lazy_loading.enabled", false); pref("dom.security.https_first_schemeless", false); pref("dom.w3c_pointer_events.getcoalescedevents_only_in_securecontext", false); pref("dom.webgpu.testing.assert-hardware-adapter", false); pref("dom.webgpu.workers.enabled", false); pref("editor.block_inline_check.use_computed_style", false); pref("extensions.formautofill.heuristics.interactivityCheckMode", "focusability"); pref("extensions.script_about_blank_without_permission", false); pref("gfx.canvas.remote.allow-in-parent", false); pref("gfx.canvas.remote.texture-timeout-ms", 10000); pref("gfx.canvas.remote.worker-threads", -1); pref("gfx.font_rendering.fallback.unassigned_chars", false); pref("gfx.video.convert-yuv-to-nv12.image-host-win", true); pref("image.mem.max_legal_imgframe_size_kb", -1); pref("javascript.options.wasm_tail_calls", false); pref("layout.css.always_underline_links", false); pref("layout.css.text-wrap-balance-after-clamp.enabled", true); pref("layout.css.text-wrap-balance.enabled", false); pref("layout.css.text-wrap-balance.limit", 10); pref("layout.css.zoom.enabled", false); pref("layout.details.force-block-layout", true); pref("media.wmf.hevc.enabled", 0); pref("messaging-system.askForFeedback", true); pref("network.auth.use_redirect_for_retries", false); pref("network.http.http2.move_to_pending_list_after_network_change", false); pref("network.url.strict_protocol_setter", true); pref("print.enabled", true); pref("privacy.fingerprintingProtection.WebCompatService.logLevel", "Error"); pref("privacy.query_stripping.strip_on_share.enableTestMode", false); pref("toolkit.shopping.environment", "prod"); pref("webgl.gl_khr_no_error", false); ``` ==REMOVED, RENAMED or HIDDEN ```js pref("browser.display.focus_background_color", "#117722"); pref("browser.display.focus_ring_on_anything", false); pref("browser.display.focus_ring_style", 1); pref("browser.display.focus_ring_width", 1); pref("browser.display.focus_text_color", "#ffffff"); pref("browser.display.use_focus_colors", false); pref("browser.migrate.content-modal.enabled", true); pref("browser.urlbar.bestMatch.blockingEnabled", true); pref("browser.urlbar.bestMatch.enabled", false); pref("browser.urlbar.eventTelemetry.enabled", false); pref("browser.urlbar.merino.enabled", true); pref("browser.urlbar.quicksuggest.blockingEnabled", true); pref("browser.urlbar.quicksuggest.remoteSettings.enabled", true); pref("browser.urlbar.resultMenu", true); pref("browser.urlbar.suggest.bestmatch", true); pref("cookiebanners.bannerClicking.timeout", 3000); pref("extensions.formautofill.firstTimeUse", true); pref("gfx.webrender.blob-images", true); pref("layout.css.computed-style.styles-outside-flat-tree", false); pref("media.audiograph.single_thread.enabled", true); pref("media.clockdrift.buffering", 50); pref("network.http.useragent.forceRVOnly", 109); pref("network.websocket.auto-follow-http-redirects", false); pref("privacy.partition.bloburl_per_agent_cluster", false); pref("security.webauth.webauthn_enable_android_fido2", false); pref("widget.windows.titlebar-accent.enabled", false); ``` ==CHANGED ```js pref("browser.newtabpage.activity-stream.discoverystream.config", "{\"api_key_pref\":\"extensions.pocket.oAuthConsumerKey\",\"collapsible\":true,\"enabled\":true}"); // prev: "{\"api_key_pref\":\"extensions.pocket.oAuthConsumerKey\",\"collapsible\":true,\"enabled\":true,\"show_spocs\":false,\"hardcoded_layout\":true,\"layout_endpoint\":\"https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic\"}" pref("browser.theme.toolbar-theme", 2); // prev: 1 pref("devtools.performance.recording.features", "[\"js\",\"stackwalk\",\"cpu\",\"screenshots\"]"); // prev: "[\"js\",\"leaf\",\"stackwalk\",\"cpu\",\"screenshots\"]" pref("devtools.performance.recording.features.remote", "[\"js\",\"stackwalk\",\"cpu\",\"screenshots\",\"java\"]"); // prev: "[\"js\",\"leaf\",\"stackwalk\",\"cpu\",\"screenshots\",\"java\"]" pref("dom.window.sizeToContent.enabled", false); // prev: true pref("javascript.options.gc_delay.interslice", 250); // prev: 100 pref("javascript.options.wasm_function_references", true); // prev: false pref("javascript.options.wasm_gc", true); // prev: false pref("layout.css.light-dark.enabled", true); // prev: false pref("network.early-hints.preconnect.enabled", true); // prev: false pref("pdfjs.enableStampEditor", true); // prev: false pref("privacy.globalprivacycontrol.functionality.enabled", true); // prev: false pref("privacy.query_stripping.strip_on_share.enabled", true); // prev: false pref("security.enterprise_roots.enabled", true); // prev: false ```

[earthlng]

some bugzilla tickets

* browser.display.focus_background_color Bug [1857915](https://bugzilla.mozilla.org/show_bug.cgi?id=1857915) - Remove about:PreferenceStyleSheet. * browser.display.focus_ring_on_anything Bug [1857915](https://bugzilla.mozilla.org/show_bug.cgi?id=1857915) - Remove about:PreferenceStyleSheet. * browser.display.focus_ring_style Bug [1857915](https://bugzilla.mozilla.org/show_bug.cgi?id=1857915) - Remove about:PreferenceStyleSheet. * browser.display.focus_ring_width Bug [1857915](https://bugzilla.mozilla.org/show_bug.cgi?id=1857915) - Remove about:PreferenceStyleSheet. * browser.display.focus_text_color Bug [1857915](https://bugzilla.mozilla.org/show_bug.cgi?id=1857915) - Remove about:PreferenceStyleSheet. * browser.display.use_focus_colors Bug [1857915](https://bugzilla.mozilla.org/show_bug.cgi?id=1857915) - Remove about:PreferenceStyleSheet. * browser.migrate.chrome.get_permissions.enabled Bug [1818237](https://bugzilla.mozilla.org/show_bug.cgi?id=1818237) - Make it possible to request permission to access Chrome-browser profiles. * browser.migrate.content-modal.enabled Bug [1855280](https://bugzilla.mozilla.org/show_bug.cgi?id=1855280) - Remove the ability to switch to the old migration wizard. Bug [1837009](https://bugzilla.mozilla.org/show_bug.cgi?id=1837009) - Enable variant 2 of the new migration wizard to ride out by default. Bug [1821744](https://bugzilla.mozilla.org/show_bug.cgi?id=1821744) - Enable the new migration wizard by default on Nightly. * browser.privatebrowsing.resetPBM.enabled Bug [1856896](https://bugzilla.mozilla.org/show_bug.cgi?id=1856896) - Enable browser.privatebrowsing.resetPBM.enabled in Nightly. Bug [1846498](https://bugzilla.mozilla.org/show_bug.cgi?id=1846498) - Add a restart PBM session button and panel for private windows. * browser.privatebrowsing.resetPBM.showConfirmationDialog Bug [1846498](https://bugzilla.mozilla.org/show_bug.cgi?id=1846498) - Add a restart PBM session button and panel for private windows. * browser.search.newSearchConfig.enabled Bug [1855084](https://bugzilla.mozilla.org/show_bug.cgi?id=1855084) - Set up SearchService to be able to switch to a new configuration and schema. * browser.shell.checkDefaultPDF Bug [1854504](https://bugzilla.mozilla.org/show_bug.cgi?id=1854504) - Add DECLINE_DEFAULT_PDF_HANDLER message action * browser.shell.checkDefaultPDF.silencedByUser Bug [1854504](https://bugzilla.mozilla.org/show_bug.cgi?id=1854504) - Add DECLINE_DEFAULT_PDF_HANDLER message action * browser.shopping.experience2023.ads.exposure Bug [1858470](https://bugzilla.mozilla.org/show_bug.cgi?id=1858470) - Record ads exposure counter for opted-in users * browser.startup.windowsLaunchOnLogin.disableLaunchOnLoginPrompt Bug [1849252](https://bugzilla.mozilla.org/show_bug.cgi?id=1849252) - Added UI components and notification for Firefox launch on Windows login * browser.startup.windowsLaunchOnLogin.enabled Bug [1843202](https://bugzilla.mozilla.org/show_bug.cgi?id=1843202) - Added Nimbus experiment to Windows autostart on login * browser.theme.toolbar-theme Bug [1857743](https://bugzilla.mozilla.org/show_bug.cgi?id=1857743) - Default toolbar-theme to 2 on Windows and macOS. * browser.theme.windows.accent-color-in-tabs.enabled Bug [1857743](https://bugzilla.mozilla.org/show_bug.cgi?id=1857743) - Move system-accent-color-in-tabs pref to the front-end. * browser.urlbar.bestMatch.blockingEnabled Bug [1857391](https://bugzilla.mozilla.org/show_bug.cgi?id=1857391) - Remove Firefox Suggest "best match" as its own separate feature. Bug [1827904](https://bugzilla.mozilla.org/show_bug.cgi?id=1827904) - Enable the result menu by default on all channels. Bug [1815889](https://bugzilla.mozilla.org/show_bug.cgi?id=1815889) - Enable quick suggest and best match blocking in Nightly and Earyl Beta. * browser.urlbar.bestMatch.enabled Bug [1857391](https://bugzilla.mozilla.org/show_bug.cgi?id=1857391) - Remove Firefox Suggest "best match" as its own separate feature. * browser.urlbar.eventTelemetry.enabled Bug [1853910](https://bugzilla.mozilla.org/show_bug.cgi?id=1853910) - Remove Legacy Event Telemetry Dependencies. * browser.urlbar.merino.enabled Bug [1858553](https://bugzilla.mozilla.org/show_bug.cgi?id=1858553) - Remove the merinoEnabled Nimbus variable and fallback pref. * browser.urlbar.quicksuggest.blockingEnabled Bug [1858547](https://bugzilla.mozilla.org/show_bug.cgi?id=1858547) - Remove the quickSuggestBlockingEnabled Nimbus variable and fallback pref. Bug [1827904](https://bugzilla.mozilla.org/show_bug.cgi?id=1827904) - Enable the result menu by default on all channels. Bug [1815889](https://bugzilla.mozilla.org/show_bug.cgi?id=1815889) - Enable quick suggest and best match blocking in Nightly and Earyl Beta. * browser.urlbar.quicksuggest.remoteSettings.enabled Bug [1858549](https://bugzilla.mozilla.org/show_bug.cgi?id=1858549) - Remove the quickSuggestRemoteSettingsEnabled Nimbus variable and fallback pref. * browser.urlbar.quicksuggest.rustEnabled Bug [1854059](https://bugzilla.mozilla.org/show_bug.cgi?id=1854059) - Convert Suggest remote settings component to a BaseFeature. * browser.urlbar.resultMenu Bug [1827966](https://bugzilla.mozilla.org/show_bug.cgi?id=1827966) - Part 4: Remove resultMenu pref and support for dismiss and help buttons. Bug [1827904](https://bugzilla.mozilla.org/show_bug.cgi?id=1827904) - Enable the result menu by default on all channels. Bug [1813517](https://bugzilla.mozilla.org/show_bug.cgi?id=1813517) - Add hidden pref for allowing Tab to skip over the menu button. Bug [1811870](https://bugzilla.mozilla.org/show_bug.cgi?id=1811870) - Enable urlbar result menu in Nightly. * browser.urlbar.suggest.bestmatch Bug [1857391](https://bugzilla.mozilla.org/show_bug.cgi?id=1857391) - Remove Firefox Suggest "best match" as its own separate feature. * browser.urlbar.suggest.recentsearches Bug [1852848](https://bugzilla.mozilla.org/show_bug.cgi?id=1852848) - Implement recent searches provider. * browser.urlbar.switchTabs.searchAllContainers Bug [1479858](https://bugzilla.mozilla.org/show_bug.cgi?id=1479858) - Added option for UrlBar search open tabs to ignore userContextId.r=mak,dao * clipboard.imageAsFile.enabled Bug [1854747](https://bugzilla.mozilla.org/show_bug.cgi?id=1854747) - Stop exposing the image data as file to clipboard; * cookiebanners.bannerClicking.timeout Bug [1855177](https://bugzilla.mozilla.org/show_bug.cgi?id=1855177) - Do not run cookie banner clicking query selectors on every mutation. Bug [1812369](https://bugzilla.mozilla.org/show_bug.cgi?id=1812369) - Refactor cookie banner handling clicking timeouts. Bug [1783045](https://bugzilla.mozilla.org/show_bug.cgi?id=1783045) - Part 3: Implementing CookieBanner JSWindowActor to handle the cookie banner. * cookiebanners.bannerClicking.timeoutAfterDOMContentLoaded Bug [1812369](https://bugzilla.mozilla.org/show_bug.cgi?id=1812369) - Refactor cookie banner handling clicking timeouts. * cookiebanners.bannerClicking.timeoutAfterLoad Bug [1812369](https://bugzilla.mozilla.org/show_bug.cgi?id=1812369) - Refactor cookie banner handling clicking timeouts. * cookiebanners.service.enableGlobalRules.subFrames Bug [1855178](https://bugzilla.mozilla.org/show_bug.cgi?id=1855178) - Add a pref to disable sub-frame cookie banner rule clicking for global rules. * devtools.performance.recording.features Bug [1858420](https://bugzilla.mozilla.org/show_bug.cgi?id=1858420): Remove the old "leaf" feature from the profiler features prefs * devtools.performance.recording.features.remote Bug [1858420](https://bugzilla.mozilla.org/show_bug.cgi?id=1858420): Remove the old "leaf" feature from the profiler features prefs * dom.cache.privateBrowsing.enabled Bug [1835300](https://bugzilla.mozilla.org/show_bug.cgi?id=1835300): New pref to enable CacheAPI support for PBM.r=dom-storage-reviewers,asuth,janv * dom.iframe_lazy_loading.enabled Bug [1860057](https://bugzilla.mozilla.org/show_bug.cgi?id=1860057) - Turn dom.iframe_lazy_loading.enabled to nightly only Bug [1622090](https://bugzilla.mozilla.org/show_bug.cgi?id=1622090) - Implement loading=lazy for <iframe> * dom.security.https_first_schemeless Bug [1812192](https://bugzilla.mozilla.org/show_bug.cgi?id=1812192) - Store schemeless address bar loads in loadinfo and upgrade to https with fallback * dom.w3c_pointer_events.getcoalescedevents_only_in_securecontext Bug [1858434](https://bugzilla.mozilla.org/show_bug.cgi?id=1858434) - Expose getCoalescedEvents only on SecureContext, * dom.webgpu.testing.assert-hardware-adapter Bug [1853952](https://bugzilla.mozilla.org/show_bug.cgi?id=1853952) - Add a pref to assert that wgpu tests run on hardware. * dom.webgpu.workers.enabled Bug [1858732](https://bugzilla.mozilla.org/show_bug.cgi?id=1858732) - Allow WebGPU to be enabled on DOM workers via a pref, disabled by default. * dom.window.sizeToContent.enabled Bug [1855348](https://bugzilla.mozilla.org/show_bug.cgi?id=1855348) - Disable Window.sizeToContent by default. * editor.block_inline_check.use_computed_style Bug [1851951](https://bugzilla.mozilla.org/show_bug.cgi?id=1851951) - Make `HTMLEditor` refer computed `display` instead of the HTML default style at considering block or inline element * extensions.formautofill.firstTimeUse Bug [1847888](https://bugzilla.mozilla.org/show_bug.cgi?id=1847888) - P1. Remove first time use preference * extensions.formautofill.heuristics.interactivityCheckMode Bug [1847687](https://bugzilla.mozilla.org/show_bug.cgi?id=1847687) - Enable checking a credit card or address field's focusability by calling Services.focus.elementIsFocusable before autofilling - * extensions.script_about_blank_without_permission Bug [1853409](https://bugzilla.mozilla.org/show_bug.cgi?id=1853409) - Part 2: Require "all urls" match pattern for top-level match_about_blank * gfx.canvas.remote.allow-in-parent Bug [1852144](https://bugzilla.mozilla.org/show_bug.cgi?id=1852144) - Disable remote canvas globally in case of unrecoverable error. * gfx.canvas.remote.texture-timeout-ms Bug [1852145](https://bugzilla.mozilla.org/show_bug.cgi?id=1852145) - Part 3. Make PCanvasManager manage PCanvas. * gfx.canvas.remote.worker-threads Bug [1852145](https://bugzilla.mozilla.org/show_bug.cgi?id=1852145) - Part 2. Spawn worker threads in CanvasRenderThread. * gfx.font_rendering.fallback.unassigned_chars Bug [1862182](https://bugzilla.mozilla.org/show_bug.cgi?id=1862182) - Create a pref to allow font fallback for unassigned Unicode codepoints. * gfx.video.convert-yuv-to-nv12.image-host-win Bug [1857385](https://bugzilla.mozilla.org/show_bug.cgi?id=1857385) - Enable uploading yuv video to NV12 ID3D11Texture2D at WebRenderImageHost on Windows until release Bug [1856516](https://bugzilla.mozilla.org/show_bug.cgi?id=1856516) - Enable uploading yuv video to NV12 ID3D11Texture2D at WebRenderImageHost on Windows until early beta Bug [1855277](https://bugzilla.mozilla.org/show_bug.cgi?id=1855277) - Add a capability to upload yuv video to NV12 ID3D11Texture2D at WebRenderImageHost on Windows * gfx.webrender.blob-images Bug [1611626](https://bugzilla.mozilla.org/show_bug.cgi?id=1611626) - Remove gfx.webrender.blob-images. * image.mem.max_legal_imgframe_size_kb Bug [1853026](https://bugzilla.mozilla.org/show_bug.cgi?id=1853026). Add a pref for fuzzers to limit image size so fuzzing can proceed more quickly. * javascript.options.gc_delay.interslice Bug [1856574](https://bugzilla.mozilla.org/show_bug.cgi?id=1856574) - Run GC/CC slices before page load only if GC/CC is ongoing, and increase the slice delays, * javascript.options.wasm_function_references Bug [1845373](https://bugzilla.mozilla.org/show_bug.cgi?id=1845373) - Enable Wasm GC proposal in release. * javascript.options.wasm_gc Bug [1845373](https://bugzilla.mozilla.org/show_bug.cgi?id=1845373) - Enable Wasm GC proposal in release. * layout.css.always_underline_links Bug [1858397](https://bugzilla.mozilla.org/show_bug.cgi?id=1858397) - Pref for always underlining links. * layout.css.computed-style.styles-outside-flat-tree Bug [1851087](https://bugzilla.mozilla.org/show_bug.cgi?id=1851087) - Remove layout.css.computed-style.styles-outside-flat-tree pref * layout.css.light-dark.enabled Bug [1856999](https://bugzilla.mozilla.org/show_bug.cgi?id=1856999) - Enable light-dark() by default. * layout.css.text-wrap-balance.enabled Bug [1731541](https://bugzilla.mozilla.org/show_bug.cgi?id=1731541) - Add CSS property text-wrap: auto | stable | balance. * layout.css.text-wrap-balance.limit Bug [1731541](https://bugzilla.mozilla.org/show_bug.cgi?id=1731541) - Implement text-wrap: balance for nsBlockFrame reflow. * layout.css.text-wrap-balance-after-clamp.enabled Bug [1855763](https://bugzilla.mozilla.org/show_bug.cgi?id=1855763) - Disable -moz-transform and enable zoom on Nightly. Bug [1731541](https://bugzilla.mozilla.org/show_bug.cgi?id=1731541) - When line-clamp is in effect, make text-wrap:balance consider only the lines up to the clamp limit. * layout.css.zoom.enabled Bug [1855763](https://bugzilla.mozilla.org/show_bug.cgi?id=1855763) - Disable -moz-transform and enable zoom on Nightly. Bug [1854441](https://bugzilla.mozilla.org/show_bug.cgi?id=1854441) - Initial zoom property implementation. * layout.details.force-block-layout Bug [1856374](https://bugzilla.mozilla.org/show_bug.cgi?id=1856374) - Add a pref to stop forcing details elements to be blocks. * media.audiograph.single_thread.enabled Bug [1859201](https://bugzilla.mozilla.org/show_bug.cgi?id=1859201) hide media.audiograph.single_thread.enabled pref * media.clockdrift.buffering Bug [1844181](https://bugzilla.mozilla.org/show_bug.cgi?id=1844181) - Remove the media.clockdrift.buffering pref. * media.wmf.hevc.enabled Bug [1857097](https://bugzilla.mozilla.org/show_bug.cgi?id=1857097) - turn on HEVC decoding by default on Windows Firefox Nightly. Bug [1853448](https://bugzilla.mozilla.org/show_bug.cgi?id=1853448) - part4 : modify pref to allow more flexible strategy for enabling HEVC. Bug [1849392](https://bugzilla.mozilla.org/show_bug.cgi?id=1849392) - part4 : add HEVC support in the media engine. * messaging-system.askForFeedback Bug [1858254](https://bugzilla.mozilla.org/show_bug.cgi?id=1858254) - Add a new user pref to control messaging requests for user feedback. * network.auth.use_redirect_for_retries Bug [1820807](https://bugzilla.mozilla.org/show_bug.cgi?id=1820807) - Enable pref network.auth.use_redirect_for_retries for early beta. Bug [1820807](https://bugzilla.mozilla.org/show_bug.cgi?id=1820807) - Open redirected channel for auth retries in OnStopRequest. Bug [1820807](https://bugzilla.mozilla.org/show_bug.cgi?id=1820807) - redirect channel for auth retries. Bug [1820807](https://bugzilla.mozilla.org/show_bug.cgi?id=1820807): redirect channel for auth retries. * network.early-hints.preconnect.enabled Bug [1858712](https://bugzilla.mozilla.org/show_bug.cgi?id=1858712) - Enable Early Hints Preconnect * network.http.http2.move_to_pending_list_after_network_change Bug [1706377](https://bugzilla.mozilla.org/show_bug.cgi?id=1706377) - Always create new connection after network change, * network.http.useragent.forceRVOnly Bug [1806690](https://bugzilla.mozilla.org/show_bug.cgi?id=1806690) - Remove "rv:109.0" UA workaround for IE11. * network.url.strict_protocol_setter Bug [1851426](https://bugzilla.mozilla.org/show_bug.cgi?id=1851426) - Add pref to reland protocol setter to be more restrictive. * network.websocket.auto-follow-http-redirects Bug [1052909](https://bugzilla.mozilla.org/show_bug.cgi?id=1052909) - Remove network.websocket.auto-follow-http-redirects pref * pdfjs.enableStampEditor Bug [1859806](https://bugzilla.mozilla.org/show_bug.cgi?id=1859806) - Enable pdfjs.enableStampEditor in 120 Bug [1859365](https://bugzilla.mozilla.org/show_bug.cgi?id=1859365) - Register pdfjs.enableStampEditor with Nimbus Bug [1843054](https://bugzilla.mozilla.org/show_bug.cgi?id=1843054) - Enable pdfjs.enableStampEditor on Release Bug [1843052](https://bugzilla.mozilla.org/show_bug.cgi?id=1843052) - Enable adding images in a pdf in nightly and early beta * print.enabled Bug [1854298](https://bugzilla.mozilla.org/show_bug.cgi?id=1854298) - Implement PrintingEnabled policy * privacy.fingerprintingProtection.granularOverrides Bug [1834274](https://bugzilla.mozilla.org/show_bug.cgi?id=1834274) - Part 2: Implement the FingerprintingWebCompatService. * privacy.fingerprintingProtection.WebCompatService.logLevel Bug [1834274](https://bugzilla.mozilla.org/show_bug.cgi?id=1834274) - Part 2: Implement the FingerprintingWebCompatService. * privacy.globalprivacycontrol.functionality.enabled Bug [1830623](https://bugzilla.mozilla.org/show_bug.cgi?id=1830623), part 2 - Add UI in about:preferences for GPC - * privacy.globalprivacycontrol.pbmode.enabled Bug [1857593](https://bugzilla.mozilla.org/show_bug.cgi?id=1857593) - Enable GPC in Private Browsing Mode by default - * privacy.partition.bloburl_per_agent_cluster Bug [1851211](https://bugzilla.mozilla.org/show_bug.cgi?id=1851211) - Remove privacy.partition.bloburl_per_agent_cluster pref Bug [1854403](https://bugzilla.mozilla.org/show_bug.cgi?id=1854403) - Set privacy.partition.bloburl_per_double_partition_key pref to be true. * privacy.query_stripping.strip_on_share.enabled Bug [1825584](https://bugzilla.mozilla.org/show_bug.cgi?id=1825584) - Integrate clean copy into QueryStringStripper. * privacy.query_stripping.strip_on_share.enableTestMode Bug [1842581](https://bugzilla.mozilla.org/show_bug.cgi?id=1842581) - Added tests to ensure functionality of clean copy and modified StripOnShare.json. * security.enterprise_roots.enabled Bug [1848815](https://bugzilla.mozilla.org/show_bug.cgi?id=1848815) - Add a user-facing setting to enable enterprise roots import, and enable it by default. * security.webauth.webauthn_enable_android_fido2 Bug [1857336](https://bugzilla.mozilla.org/show_bug.cgi?id=1857336) - expose an nsIWebAuthnService on Android. Bug [1838526](https://bugzilla.mozilla.org/show_bug.cgi?id=1838526) - Add a CTAP2 capable virtual authenticator for tests. Bug [1813982](https://bugzilla.mozilla.org/show_bug.cgi?id=1813982) - XPCOM interface to authenticator-rs. * toolkit.shopping.environment Bug [1849401](https://bugzilla.mozilla.org/show_bug.cgi?id=1849401) - Allow switching between shopping prod, stage, and test environments via a pref. * webgl.gl_khr_no_error Bug [1841050](https://bugzilla.mozilla.org/show_bug.cgi?id=1841050) - Disable webgl.gl_khr_no_error on Windows. Bug [1841050](https://bugzilla.mozilla.org/show_bug.cgi?id=1841050) - Add pref webgl.gl_khr_no_error:true. * widget.windows.titlebar-accent.enabled Bug [1857743](https://bugzilla.mozilla.org/show_bug.cgi?id=1857743) - Move system-accent-color-in-tabs pref to the front-end. Bug [1843044](https://bugzilla.mozilla.org/show_bug.cgi?id=1843044) - Make titlebar system colors on windows and macOS reflect reality.

[Dynamic5912]

Will we see the other new features in 120 enabled by ArkenFox?

Namely

Copy Link Without Site Tracking

Global Privacy Control

The cookie banner and URL protection

https://www.mozilla.org/en-US/firefox/120.0/releasenotes/

[Thorin-Oakenpants]

• Copy Link Without Site Tracking = already enabled
• Global Privacy Control = the api is enabled, but you have to opt in
  • AF won't be opting you in - it is FPable and (mostly) pointless (IMO) since we already have state partitioning and we sanitize on close (and you should be masking your IP) - also, not sure on who would respect it (legally binding or not) . I say mostly because it may help e.g. on some sites you sign into all the time. We will stick to FF defaults
• Cookie Banners
  • this is an annoyance, not a privacy issue (we partition and we sanitize)
  • cookiebanners.ui.desktop.enabled enables a UI in about:preferences#privacy
    • user_pref("cookiebanners.service.mode.privateBrowsing", 1); is what is set when I toggle the UI
    • cookiebanners.service.mode is not changed, but I would "guess" this is the settings for all windows
    • there are different settings, auto accept, auto reject etc
  • am happy to just will just let it ride the train with Firefox for now
• URL Tracking Protection
  • it can ride the train - not adding it

not adding things that are in the midst of being rolled out or still being worked on - less items to maintain, answer questions about, cause breakage, etc

[Thorin-Oakenpants]

What CVEs? This is a threat level that doesn't seem justified, even if there is a threat.

FWIW, it is fingerprintable, but not exactly friendly so super unlikely to be used: when disabled it will instantly return otherwise it only returns when the print dialog is closed (or never, e.g. you close the tab) - the unfriendly scare-away-users part is the print dialog opening. This is a bit like DRM enabled testing, when disabled it will cause an install prompt in FF

[theltalpha]

FWIW, it is fingerprintable

Hi, please allow a secondary question: How can one discern if a setting is fingerprintable or not? Thanks in advance.

[Thorin-Oakenpants]

How can one discern if a setting is fingerprintable or not

I wrote a big ass long reply and then decided it was way too long. The short answer is you test it

Depending on what it is, you test in different ways, but the first thing you check are properties (and their typeof or value): e.g. window properties, HTMLElement, SVG etc

e.g. here is how I test you are at least v117

if (CanvasRenderingContext2D.prototype.hasOwnProperty("fontStretch")) return 117

now that doesn't have any prefs to turn it on or off, but if it did, that's how you would detect it. After that it you dig a little deeper

You also need to be careful of running things in console vs a page script, and check the scheme (e.g some things require secure context), and often it pays to always close all existing tabs and open a new one between tests, or even restart the session

[theltalpha]

Thank you very much!

I wrote a big ass long reply and then decided it was way too long.

Maybe you want consider this to become an Appendix to the wiki some day?!

[Thorin-Oakenpants]

I will be writing some docs/parts-of-docs/blogs for Tor Browser on a bunch of FPing issues - sort of an intro and over-arching viewpoint, how we analyze it, how we mitigate it (strategies), and how to not fucking use online tests to check entropy

I had planned for ages to setup an arkenfox/blog where I could post things - e.g. how you can't hide your engine etc and FPing basics, so I wouldn't have to keep repeating myself - and in the last big wiki revamp about 2 years ago https://github.com/arkenfox/user.js/wiki/Appendix-B-Test-Sites-[Fingerprinting]#-foreword was going to point to that if I got around to it - but at the time I just settled for "not interested in discussing it" note in the wiki and I try to avoid the topic like the plague here

but now I'm part of Tor Project core .. and the last two meetups (april, oct) not only has FPing documentation been brought up, but also revamping the entire TB document (it's so out of date, e.g. flash, ftp, etc) so that's getting done. Also with Mullvad Browser now on board, we feel there is a need for some articles/docs/lesarn_mores (even a built in interface for FP checks) etc - dumbed down for lack of better words, simple etc to explain some things - in fact, much bigger than that - a guide with expandable sections if you wish to dive a little deeper

and I've been designated - so as much as I've been putting it off for 3 or more years, I'll have to start doing it - and peer reviewed of course