ToDo: diffs FF67-FF68 - Githubissues

FF68 is scheduled for release July 9th

FF68 release notes [when ready] FF68 for developers FF68 compatibility FF68 security advisories

237 diffs ( 133 new, 76 gone, 28 different )

new in v68.0:

[x] recommended extension/theme discovery in about:addons - https://github.com/ghacksuserjs/ghacks-user.js/commit/31567c7938f1d86497c1e34ce967a0d8980587ee , https://github.com/ghacksuserjs/ghacks-user.js/commit/11dcc54b61b84d4d3cc0d82d44857ce3e4be2921
- pref("extensions.getAddons.discovery.api_url", "https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%");
- pref("extensions.htmlaboutaddons.discover.enabled", true);
- pref("extensions.htmlaboutaddons.recommendations.enabled", true);
[x] pref("toolkit.legacyUserProfileCustomizations.stylesheets", false); - https://github.com/ghacksuserjs/ghacks-user.js/commit/27bd07d496f00247c49c140a13717b15f2324635
[x] pref("view_source.tab", true); - https://github.com/ghacksuserjs/ghacks-user.js/commit/8f40c97fd1c2cd8400357da6575e304626015415
- back from the dead! Hooray!
[x] no longer hidden - https://github.com/ghacksuserjs/ghacks-user.js/commit/23c884a5f838a5dcf0feb7d8c196056413f1a16f
- pref("dom.allow_cut_copy", true); 2403
- pref("privacy.window.maxInnerHeight", 1000); 4502
- pref("privacy.window.maxInnerWidth", 1000); 4502

removed, renamed or hidden in v68.0:

ALL DONE - https://github.com/ghacksuserjs/ghacks-user.js/commit/9aa8e27ef4d77f1de07e7d765b75fa075eb320d9

[x] pref("browser.aboutHomeSnippets.updateUrl", "https://snippets.cdn.mozilla.net/..."); 0105b - 1540939
[x] pref("browser.newtabpage.activity-stream.disableSnippets", false); 0105b - 1546190
[x] pref("lightweightThemes.update.enabled", true); 0307 - 1525762 (part 3b)
[x] pref("security.csp.experimentalEnabled", false); 2682 - 1386214

changed in v68.0:

[x] pref("dom.popup_allowed_events", 2212 - https://github.com/ghacksuserjs/ghacks-user.js/commit/42281a9e52211b4eab6b1fae8d7b0af3b9bb2910
- diff: added auxclick
pref("extensions.webextensions.restrictedDomains", 2662
- diff: removed input.mozilla.org
pref("webchannel.allowObject.urlWhitelist", 2612
- diff: removed https://input.mozilla.org

pref("security.certerrors.mitm.auto_enable_enterprise_roots", true); // prev: false
pref("trailhead.firstrun.branches", "join-privacy"); // prev: "control"

ignore

click me for details

==NEW ```js pref("app.update.BITS.enabled", true); pref("apz.fixed-margin-override.bottom", 0); pref("apz.fixed-margin-override.enabled", false); pref("apz.fixed-margin-override.top", 0); pref("browser.contentblocking.features.strict", "tp,tpPrivate,cookieBehavior4,cm,fp"); pref("browser.contentblocking.maxIntroCount", 5); pref("browser.in-content.dark-mode", false); pref("browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa", "{\"id\":\"cfr-fxa\",\"enabled\":true,\"type\":\"remote-settings\",\"bucket\":\"cfr-fxa\",\"frequency\":{\"custom\":[{\"period\":\"daily\",\"cap\":1}]}}"); pref("browser.safebrowsing.prefixset_max_array_size", 524288); pref("corroborator.enabled", false); pref("devtools.aboutdebugging.local-tab-debugging", false); pref("devtools.aboutdebugging.process-debugging", true); pref("devtools.aboutdebugging.showHiddenAddons", false); pref("devtools.browserconsole.contentMessages", false); pref("devtools.browserconsole.filterContentMessages", false); pref("devtools.debugger.log-actions", false); pref("devtools.inspector.inactive.css.enabled", false); pref("devtools.netmonitor.requestBodyLimit", 1048576); pref("devtools.webconsole.input.autocomplete", true); pref("dom.file.createInChild", false); pref("dom.ipc.cancel_content_js_when_navigating", false); pref("dom.keyboardevent.keypress.hack.dispatch_non_printable_keys.addl", ""); pref("dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode.addl", ""); pref("dom.largeAllocation.forceEnable", false); pref("dom.link.disabled_attribute.enabled", true); pref("dom.metaElement.setCookie.allowed", false); pref("dom.mouseevent.click.hack.use_legacy_non-primary_dispatch", ""); pref("dom.presentation.testing.simulate-receiver", false); pref("dom.storage.snapshot_gradual_prefill", 4096); pref("dom.vr.process.enabled", true); pref("dom.window.open.noreferrer.enabled", true); pref("extensions.abuseReport.enabled", true); pref("extensions.abuseReport.url", "https://addons.mozilla.org/api/v4/abuse/report/addon/"); pref("extensions.cookiesBehavior.overrideOnTopLevel", false); pref("extensions.htmlaboutaddons.inline-options.enabled", true); pref("extensions.recommendations.privacyPolicyUrl", "https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=privacy-policy-link#addons"); pref("extensions.recommendations.themeRecommendationUrl", "https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-footer-link"); pref("fission.autostart", false); pref("fission.preserve_browsing_contexts", false); pref("fission.rebuild_frameloaders_on_remoteness_change", false); pref("font.size.monospace.ar", 13); pref("font.size.monospace.el", 13); pref("font.size.monospace.he", 13); pref("font.size.monospace.ja", 16); pref("font.size.monospace.ko", 16); pref("font.size.monospace.th", 13); pref("font.size.monospace.x-armn", 13); pref("font.size.monospace.x-beng", 13); pref("font.size.monospace.x-cans", 13); pref("font.size.monospace.x-cyrillic", 13); pref("font.size.monospace.x-devanagari", 13); pref("font.size.monospace.x-ethi", 13); pref("font.size.monospace.x-geor", 13); pref("font.size.monospace.x-gujr", 13); pref("font.size.monospace.x-guru", 13); pref("font.size.monospace.x-khmr", 13); pref("font.size.monospace.x-knda", 13); pref("font.size.monospace.x-math", 13); pref("font.size.monospace.x-mlym", 13); pref("font.size.monospace.x-orya", 13); pref("font.size.monospace.x-sinh", 13); pref("font.size.monospace.x-tamil", 13); pref("font.size.monospace.x-telu", 13); pref("font.size.monospace.x-tibt", 13); pref("font.size.monospace.x-unicode", 13); pref("font.size.monospace.x-western", 13); pref("font.size.monospace.zh-CN", 16); pref("font.size.monospace.zh-HK", 16); pref("font.size.monospace.zh-TW", 16); pref("gfx.direct3d11.use-double-buffering", false); pref("gfx.logging.slow-frames.enabled", false); pref("gfx.webrender.split-render-roots", false); pref("intl.hyphenate-capitalized.de-1901", true); pref("intl.hyphenate-capitalized.de-1996", true); pref("intl.hyphenate-capitalized.de-CH", true); pref("javascript.options.experimental.await_fix", false); pref("javascript.options.mem.nursery.min_kb", 256); pref("layout.css.line-height-moz-block-height.content.enabled", false); pref("layout.css.resizeobserver.enabled", false); pref("layout.css.shared-memory-ua-sheets.enabled", false); pref("layout.css.simple-moz-gradient.enabled", true); pref("layout.css.webkit-line-clamp.enabled", true); pref("media.audiograph.single_thread.enabled", false); pref("media.cache_readahead_limit.cellular", 30); pref("media.cache_resume_threshold.cellular", 10); pref("media.cache_size.cellular", 32768); pref("media.devices.insecure.enabled", true); pref("media.getusermedia.insecure.enabled", false); pref("media.videocontrols.picture-in-picture.enabled", false); pref("media.videocontrols.picture-in-picture.video-toggle.enabled", false); pref("media.videocontrols.picture-in-picture.video-toggle.flyout-enabled", false); pref("media.videocontrols.picture-in-picture.video-toggle.flyout-wait-ms", 5000); pref("network.cookie.staleThreshold", 60); pref("network.delay.tracking.load", 0); pref("network.dns.resolver_shutdown_timeout_ms", 2000); pref("network.http.enforce-framing.strict_chunked_encoding", true); pref("network.protocol-handler.external.ie.http", false); pref("network.protocol-handler.external.iehistory", false); pref("network.protocol-handler.external.ierss", false); pref("network.ssl_tokens_cache_capacity", 2048); pref("network.ssl_tokens_cache_enabled", false); pref("network.traffic_analyzer.enabled", true); pref("network.trr.excluded-domains", "localhost,local"); pref("network.trr.resolvers", "[{ \"name\": \"Cloudflare\", \"url\": \"https://mozilla.cloudflare-dns.com/dns-query\" }]"); pref("privacy.annotate_channels.strict_list.enabled", false); pref("privacy.file_unique_origin", true); pref("privacy.storagePrincipal.enabledForTrackers", false); pref("privacy.trackingprotection.origin_telemetry.enabled", false); pref("remote.enabled", false); pref("remote.force-local", true); pref("remote.log.level", "Info"); pref("security.tls.enable_post_handshake_auth", false); pref("services.settings.security.onecrl.bucket", "security-state"); pref("services.settings.security.onecrl.checked", 0); pref("services.settings.security.onecrl.collection", "onecrl"); pref("services.settings.security.onecrl.signer", "onecrl.content-signature.mozilla.org"); pref("services.sync.prefs.dangerously_allow_arbitrary", false); pref("services.sync.prefs.sync.browser.contentblocking.features.strict", true); pref("signon.management.page.enabled", false); pref("signon.showAutoCompleteOrigins", false); pref("telemetry.origin_telemetry_test_mode.enabled", false); pref("toolkit.content-background-hang-monitor.disabled", false); pref("toolkit.telemetry.ecosystemtelemetry.enabled", false); pref("ui.android.mouse_as_touch", 1); pref("xul.panel-animations.enabled", true); ``` ==REMOVED or HIDDEN ```js pref("browser.newtabpage.activity-stream.darkModeMessage", false); pref("browser.newtabpage.activity-stream.discoverystream.optOut.0", false); pref("browser.security.newcerterrorpage.enabled", true); pref("devtools.aboutdebugging.network", false); pref("devtools.aboutdebugging.showSystemAddons", false); pref("devtools.aboutdebugging.wifi", false); pref("devtools.inspector.flexboxHighlighter.combine", false); pref("devtools.recordreplay.timeline.enabled", false); pref("extensions.webextensions.themes.icons.buttons", "back,forward,reload,stop,bookmark_star,bookmark_menu,downloads,home,app_menu,cut,copy,paste,new_window,new_private_window,save_page,print,history,full_screen,find,options,addons,developer,synced_tabs,open_file,sidebars,share_page,subscribe,text_encoding,email_link,forget,pocket"); pref("extensions.webextensions.themes.icons.enabled", false); pref("features.normandy-remote-settings.enabled", false); pref("font.size.fixed.ar", 13); pref("font.size.fixed.el", 13); pref("font.size.fixed.he", 13); pref("font.size.fixed.ja", 16); pref("font.size.fixed.ko", 16); pref("font.size.fixed.th", 13); pref("font.size.fixed.x-armn", 13); pref("font.size.fixed.x-beng", 13); pref("font.size.fixed.x-cans", 13); pref("font.size.fixed.x-cyrillic", 13); pref("font.size.fixed.x-devanagari", 13); pref("font.size.fixed.x-ethi", 13); pref("font.size.fixed.x-geor", 13); pref("font.size.fixed.x-gujr", 13); pref("font.size.fixed.x-guru", 13); pref("font.size.fixed.x-khmr", 13); pref("font.size.fixed.x-knda", 13); pref("font.size.fixed.x-math", 13); pref("font.size.fixed.x-mlym", 13); pref("font.size.fixed.x-orya", 13); pref("font.size.fixed.x-sinh", 13); pref("font.size.fixed.x-tamil", 13); pref("font.size.fixed.x-telu", 13); pref("font.size.fixed.x-tibt", 13); pref("font.size.fixed.x-unicode", 13); pref("font.size.fixed.x-western", 13); pref("font.size.fixed.zh-CN", 16); pref("font.size.fixed.zh-HK", 16); pref("font.size.fixed.zh-TW", 16); pref("gfx.webrender.debug.texture-cache.disable-shrink", false); pref("gfx.webrender.program-binary", true); pref("image.animated.generate-full-frames", true); pref("layout.css.prefixes.gradients", true); pref("lightweightThemes.recommendedThemes", "[{\"id\":\"recommended-1\",\"homepageURL\":\"https://addons.mozilla.org/firefox/addon/a-web-browser-renaissance/\",\"headerURL\":\"resource:///chrome/browser/content/browser/defaultthemes/1.header.jpg\",\"textcolor\":\"#000000\",\"accentcolor\":\"#834d29\",\"iconURL\":\"resource:///chrome/browser/content/browser/defaultthemes/1.icon.jpg\",\"previewURL\":\"resource:///chrome/browser/content/browser/defaultthemes/1.preview.jpg\",\"author\":\"Sean.Martell\",\"version\":\"0\"},{\"id\":\"recommended-2\",\"homepageURL\":\"https://addons.mozilla.org/firefox/addon/space-fantasy/\",\"headerURL\":\"resource:///chrome/browser/content/browser/defaultthemes/2.header.jpg\",\"textcolor\":\"#ffffff\",\"accentcolor\":\"#d9d9d9\",\"iconURL\":\"resource:///chrome/browser/content/browser/defaultthemes/2.icon.jpg\",\"previewURL\":\"resource:///chrome/browser/content/browser/defaultthemes/2.preview.jpg\",\"author\":\"fx5800p\",\"version\":\"1.0\"},{\"id\":\"recommended-4\",\"homepageURL\":\"https://addons.mozilla.org/firefox/addon/pastel-gradient/\",\"headerURL\":\"resource:///chrome/browser/content/browser/defaultthemes/4.header.png\",\"textcolor\":\"#000000\",\"accentcolor\":\"#000000\",\"iconURL\":\"resource:///chrome/browser/content/browser/defaultthemes/4.icon.png\",\"previewURL\":\"resource:///chrome/browser/content/browser/defaultthemes/4.preview.png\",\"author\":\"darrinhenein\",\"version\":\"1.0\"}]"); pref("lightweightThemes.selectedThemeID", "default-theme@mozilla.org"); pref("media.peerconnection.capture_delay", 50); pref("network.cookie.same-site.enabled", true); pref("performance.adjust_to_machine", false); pref("performance.low_end_machine", false); pref("prio.enabled", false); pref("security.signed_content.CSP.default", "script-src 'self'; style-src 'self'"); pref("services.blocklist.onecrl.checked", 0); pref("services.blocklist.onecrl.collection", "certificates"); pref("services.blocklist.onecrl.signer", "onecrl.content-signature.mozilla.org"); pref("services.settings.changes.path", "/buckets/monitor/collections/changes/records"); pref("services.settings.default_signer", "remote-settings.content-signature.mozilla.org"); pref("services.sync.prefs.sync.browser.safebrowsing.downloads.enabled", true); pref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", true); pref("services.sync.prefs.sync.browser.safebrowsing.passwords.enabled", true); pref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", true); pref("services.sync.prefs.sync.extensions.personas.current", true); pref("services.sync.prefs.sync.lightweightThemes.selectedThemeID", true); pref("services.sync.prefs.sync.lightweightThemes.usedThemes", true); pref("services.sync.prefs.sync.pref.advanced.images.disable_button.view_image", true); pref("services.sync.prefs.sync.pref.advanced.javascript.disable_button.advanced", true); pref("services.sync.prefs.sync.security.OCSP.enabled", true); pref("services.sync.prefs.sync.security.OCSP.require", true); pref("services.sync.prefs.sync.security.tls.version.max", true); pref("services.sync.prefs.sync.security.tls.version.min", true); pref("services.sync.prefs.sync.xpinstall.whitelist.required", true); pref("webgl.bypass-shader-validation", false); ``` ==CHANGED ```js pref("browser.history.maxStateObjectSize", 2097152); // prev: 655360 pref("browser.newtabpage.activity-stream.asrouter.providers.cfr", "{\"id\":\"cfr\",\"enabled\":true,\"type\":\"remote-settings\",\"bucket\":\"cfr\",\"frequency\":{\"custom\":[{\"period\":\"daily\",\"cap\":1}]},\"categories\":[\"cfrAddons\",\"cfrFeatures\"],\"updateCycleInMs\":3600000}"); // prev: "{\"id\":\"cfr\",\"enabled\":true,\"type\":\"local\",\"localProvider\":\"CFRMessageProvider\",\"frequency\":{\"custom\":[{\"period\":\"daily\",\"cap\":1}]},\"categories\":[\"cfrAddons\",\"cfrFeatures\"]}" pref("browser.newtabpage.activity-stream.discoverystream.config", "{\"api_key_pref\":\"extensions.pocket.oAuthConsumerKey\",\"collapsible\":true,\"enabled\":false,\"show_spocs\":false,\"hardcoded_layout\":true,\"personalized\":false,\"layout_endpoint\":\"https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic\"}"); // prev: "{\"api_key_pref\":\"extensions.pocket.oAuthConsumerKey\",\"enabled\":false,\"show_spocs\":false,\"layout_endpoint\":\"https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic\"}" pref("browser.newtabpage.activity-stream.telemetry.structuredIngestion", true); // prev: false pref("browser.tabs.unloadOnLowMemory", false); // prev: true pref("browser.urlbar.quantumbar", true); // prev: false pref("devtools.debugger.prefs-schema-version", "1.0.9"); // prev: "1.0.0" pref("devtools.netmonitor.har.defaultFileName", "%hostname_Archive [%date]"); // prev: "Archive %date" pref("dom.vr.external.enabled", true); // prev: false pref("dom.vr.openvr.action_input", true); // prev: false pref("dom.xhr.standard_content_type_normalization", true); // prev: false pref("extensions.htmlaboutaddons.enabled", true); // prev: false pref("extensions.webextensions.performanceCountersMaxAge", 5000); // prev: 1000 pref("extensions.webextensions.userScripts.enabled", true); // prev: false pref("javascript.options.bigint", true); // prev: false pref("layout.css.scroll-snap-v1.enabled", true); // prev: false pref("layout.css.scroll-snap.enabled", false); // prev: true pref("layout.scroll.root-frame-containers", false); // prev: 0 pref("network.trr.wait-for-portal", false); // prev: true pref("privacy.trackingprotection.cryptomining.annotate.enabled", true); // prev: false pref("privacy.trackingprotection.fingerprinting.annotate.enabled", true); // prev: false pref("prompts.authentication_dialog_abuse_limit", 2); // prev: 3 pref("urlclassifier.trackingAnnotationTable", "test-track-simple,ads-track-digest256,social-track-digest256,analytics-track-digest256,content-track-digest256"); // prev: "test-track-simple,base-track-digest256" ```

some bugzilla tickets

* app.update.BITS.enabled Bug [1520321](https://bugzilla.mozilla.org/show_bug.cgi?id=1520321) - Use BITS in nsUpdateService * apz.fixed-margin-override.bottom Bug [1546139](https://bugzilla.mozilla.org/show_bug.cgi?id=1546139) - Add support for setting fixed layer margins in a reftest. * apz.fixed-margin-override.enabled Bug [1546139](https://bugzilla.mozilla.org/show_bug.cgi?id=1546139) - Add support for setting fixed layer margins in a reftest. * apz.fixed-margin-override.top Bug [1546139](https://bugzilla.mozilla.org/show_bug.cgi?id=1546139) - Add support for setting fixed layer margins in a reftest. * browser.aboutHomeSnippets.updateUrl Bug [1540939](https://bugzilla.mozilla.org/show_bug.cgi?id=1540939) - Remove SnippetsFeed and related components * browser.contentblocking.features.strict Bug [1529517](https://bugzilla.mozilla.org/show_bug.cgi?id=1529517) - Add prefs for defining expected values in each content blocking category. Bug [1543280](https://bugzilla.mozilla.org/show_bug.cgi?id=1543280) - Enable FP and CM in strict in all channel, enable FP and CM in standard for nightly and early beta. * browser.contentblocking.maxIntroCount BUG [1448932](https://bugzilla.mozilla.org/show_bug.cgi?id=1448932) - Added: Prefs for tracking protection intro * browser.history.maxStateObjectSize Bug [1542673](https://bugzilla.mozilla.org/show_bug.cgi?id=1542673), increase history.state size limit, * browser.in-content.dark-mode Bug [1545029](https://bugzilla.mozilla.org/show_bug.cgi?id=1545029) - Flip 'browser.in-content.dark-mode' on by default in Nightly builds. Bug [1519548](https://bugzilla.mozilla.org/show_bug.cgi?id=1519548) - Introduce dark mode in-content page preference. * browser.newtabpage.activity-stream.asrouter.providers.cfr Bug [1517306](https://bugzilla.mozilla.org/show_bug.cgi?id=1517306) - keep the original provider ID for the remote settings provider Bug [1517306](https://bugzilla.mozilla.org/show_bug.cgi?id=1517306) - Switch CFR messages pref to remote settings Bug [1528953](https://bugzilla.mozilla.org/show_bug.cgi?id=1528953) - Add pref to opt out of recommended features Bug [1518321](https://bugzilla.mozilla.org/show_bug.cgi?id=1518321) - Pref on CFR in release Bug [1518321](https://bugzilla.mozilla.org/show_bug.cgi?id=1518321) - Pref on CFR in release. * browser.safebrowsing.prefixset_max_array_size Bug [1542744](https://bugzilla.mozilla.org/show_bug.cgi?id=1542744) - P2. Improve performance of MakePrefixSet by using different algorithm according to the number of prefixes. * browser.security.newcerterrorpage.enabled Bug [1530348](https://bugzilla.mozilla.org/show_bug.cgi?id=1530348) - Unfork aboutNetError.{xhtml,css}. Bug [1530327](https://bugzilla.mozilla.org/show_bug.cgi?id=1530327) - Enable new certificate error pages on Release. * browser.urlbar.quantumbar Bug [1557051](https://bugzilla.mozilla.org/show_bug.cgi?id=1557051) - Enable QuantumBar for release users. Bug [1548031](https://bugzilla.mozilla.org/show_bug.cgi?id=1548031) - Enable the QuantumBar on Nightly and early Beta. * corroborator.enabled Bug [1515712](https://bugzilla.mozilla.org/show_bug.cgi?id=1515712) - add default pref and start corroborator if enabled * devtools.aboutdebugging.local-tab-debugging Bug [1528781](https://bugzilla.mozilla.org/show_bug.cgi?id=1528781) - Hide tabs for This Firefox behind a preference;r=Ola,daisuke * devtools.aboutdebugging.network Bug [1487581](https://bugzilla.mozilla.org/show_bug.cgi?id=1487581) - Remove preference to disable network locations section;r=ladybenko Bug [1507708](https://bugzilla.mozilla.org/show_bug.cgi?id=1507708) - Add default values for aboutdebugging wifi and network features;r=ladybenko Bug [1482054](https://bugzilla.mozilla.org/show_bug.cgi?id=1482054) - Create module to manage network locations;r=daisuke * devtools.aboutdebugging.process-debugging Bug [1546629](https://bugzilla.mozilla.org/show_bug.cgi?id=1546629) - Enable process category by default in about:debugging;r=Harald,daisuke Bug [1522062](https://bugzilla.mozilla.org/show_bug.cgi?id=1522062) - Add Processes category to debug the main process on remote runtimes * devtools.aboutdebugging.showHiddenAddons Bug [1544372](https://bugzilla.mozilla.org/show_bug.cgi?id=1544372) - part2: filter out hidden webextensions by default in about:debugging * devtools.aboutdebugging.showSystemAddons Bug [1544372](https://bugzilla.mozilla.org/show_bug.cgi?id=1544372) - part2: filter out hidden webextensions by default in about:debugging Bug [1425347](https://bugzilla.mozilla.org/show_bug.cgi?id=1425347) - Hide system add-ons by default in about:debugging * devtools.aboutdebugging.wifi Bug [1487581](https://bugzilla.mozilla.org/show_bug.cgi?id=1487581) - Remove the wifi debugging preference;r=ladybenko Bug [1507708](https://bugzilla.mozilla.org/show_bug.cgi?id=1507708) - Add default values for aboutdebugging wifi and network features;r=ladybenko * devtools.browserconsole.contentMessages Bug [1260877](https://bugzilla.mozilla.org/show_bug.cgi?id=1260877) - Display a Show content messages checkbox in Browser Console. * devtools.browserconsole.filterContentMessages Bug [1260877](https://bugzilla.mozilla.org/show_bug.cgi?id=1260877) - Display a Show content messages checkbox in Browser Console. * devtools.inspector.flexboxHighlighter.combine Bug [1536096](https://bugzilla.mozilla.org/show_bug.cgi?id=1536096) - Unship the combined flexbox highlighter Bug [1521612](https://bugzilla.mozilla.org/show_bug.cgi?id=1521612) - Add pref for combined flexbox highlighter * devtools.inspector.inactive.css.enabled Bug [1552116](https://bugzilla.mozilla.org/show_bug.cgi?id=1552116) - Move devtools.inspector.inactive.css.enabled to devtools shared preferences Bug [1306054](https://bugzilla.mozilla.org/show_bug.cgi?id=1306054) - Display an indicator on properties with inactive CSS * devtools.netmonitor.har.defaultFileName Bug [1533144](https://bugzilla.mozilla.org/show_bug.cgi?id=1533144) - Include hostname from parent/window in HAR save default filename. * devtools.recordreplay.timeline.enabled Bug [1543273](https://bugzilla.mozilla.org/show_bug.cgi?id=1543273) - Remove unnecessary pref. * devtools.webconsole.input.autocomplete Bug [1512400](https://bugzilla.mozilla.org/show_bug.cgi?id=1512400) - Make console autocomplete optional. * dom.allow_cut_copy Bug [1548253](https://bugzilla.mozilla.org/show_bug.cgi?id=1548253) - Port pref cache variables of nsContentUtils to StaticPrefs - dom.allow_cut_copy, * dom.file.createInChild Bug [1534712](https://bugzilla.mozilla.org/show_bug.cgi?id=1534712) - Port FileCreatorHelper to PBackground, * dom.ipc.cancel_content_js_when_navigating Bug [1493225](https://bugzilla.mozilla.org/show_bug.cgi?id=1493225), part 1 - Cancel content JS when navigating through history to prevent hangs * dom.keyboardevent.keypress.hack.dispatch_non_printable_keys.addl Merge mozilla central to mozilla inbound on a CLOSED TREE Bug [1548587](https://bugzilla.mozilla.org/show_bug.cgi?id=1548587) - Add addl preferences for dom keyboard hacks. * dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode.addl Merge mozilla central to mozilla inbound on a CLOSED TREE Bug [1548587](https://bugzilla.mozilla.org/show_bug.cgi?id=1548587) - Add addl preferences for dom keyboard hacks. * dom.largeAllocation.forceEnable Bug [1548253](https://bugzilla.mozilla.org/show_bug.cgi?id=1548253) - Port pref cache variables of nsContentUtils to StaticPrefs - dom.largeAllocation.forceEnable, * dom.link.disabled_attribute.enabled Bug [1281135](https://bugzilla.mozilla.org/show_bug.cgi?id=1281135) - Make <link disabled> work and HTMLLinkElement.disabled reflect that attribute. * dom.metaElement.setCookie.allowed Bug [1457503](https://bugzilla.mozilla.org/show_bug.cgi?id=1457503) - Removal of http-equiv cookies. draft, * dom.mouseevent.click.hack.use_legacy_non-primary_dispatch Bug [1379466](https://bugzilla.mozilla.org/show_bug.cgi?id=1379466) - Add override pref to restore legacy non-primary click dispatch on specific domains. * dom.popup_allowed_events Bug [1379466](https://bugzilla.mozilla.org/show_bug.cgi?id=1379466) - Set EventPopupControlState of auxclick as 'openControlled'. * dom.presentation.testing.simulate-receiver Bug [1548253](https://bugzilla.mozilla.org/show_bug.cgi?id=1548253) - Port pref cache variables of nsContentUtils to StaticPrefs - dom_presentation_testing_simulate_receiver, * dom.storage.next_gen Bug [1539835](https://bugzilla.mozilla.org/show_bug.cgi?id=1539835) - Flip pref on for LSNG for (non-early) Beta and Release; Bug [1517090](https://bugzilla.mozilla.org/show_bug.cgi?id=1517090) - Enable Next Generation Local Storage Implementation on Nightly (second try); * dom.storage.snapshot_gradual_prefill Bug [1513915](https://bugzilla.mozilla.org/show_bug.cgi?id=1513915) - LSNG: LoadItem could return more items (up to the prefill limit); * dom.vr.openvr.action_input Bug [1545808](https://bugzilla.mozilla.org/show_bug.cgi?id=1545808) - Enable dom.vr.openvr.action_input in Release. * dom.vr.process.enabled Bug [1476092](https://bugzilla.mozilla.org/show_bug.cgi?id=1476092) - Enable VR process by default in Windows Release. * dom.window.open.noreferrer.enabled Bug [1527287](https://bugzilla.mozilla.org/show_bug.cgi?id=1527287) - Add support for "noreferrer" feature argument to window.open(); * extensions.abuseReport.enabled Bug [1543377](https://bugzilla.mozilla.org/show_bug.cgi?id=1543377) - Add the abuse reporting WebComponents. * extensions.abuseReport.url Bug [1543377](https://bugzilla.mozilla.org/show_bug.cgi?id=1543377) - Add abuse report submission helpers. * extensions.cookiesBehavior.overrideOnTopLevel Bug [1525917](https://bugzilla.mozilla.org/show_bug.cgi?id=1525917) - Do not override cookieBehavior to accept for an extension top level principal. * extensions.getAddons.discovery.api_url Bug [1546248](https://bugzilla.mozilla.org/show_bug.cgi?id=1546248) - Add discopane to about:addons HTML view * extensions.htmlaboutaddons.discover.enabled Bug [1546248](https://bugzilla.mozilla.org/show_bug.cgi?id=1546248) - Put HTML discopane behind separate pref * extensions.htmlaboutaddons.inline-options.enabled Bug [1532724](https://bugzilla.mozilla.org/show_bug.cgi?id=1532724) - Part 1: Inline options browser for HTML about:addons details Bug [1532726](https://bugzilla.mozilla.org/show_bug.cgi?id=1532726) - Open add-on prefs in tab about:addons HTML * extensions.webextensions.performanceCountersMaxAge Bug [1548540](https://bugzilla.mozilla.org/show_bug.cgi?id=1548540), reduce how often performance counters are sent to the parent process, * extensions.webextensions.restrictedDomains Bug [1512511](https://bugzilla.mozilla.org/show_bug.cgi?id=1512511) - Remove extra-privileges for input.mozilla.org. * extensions.webextensions.themes.icons.buttons Bug [1548769](https://bugzilla.mozilla.org/show_bug.cgi?id=1548769) - Remove WebExtensions icons theming support. * extensions.webextensions.themes.icons.enabled Bug [1548769](https://bugzilla.mozilla.org/show_bug.cgi?id=1548769) - Remove WebExtensions icons theming support. * extensions.webextensions.userScripts.enabled Bug [1514809](https://bugzilla.mozilla.org/show_bug.cgi?id=1514809) - Enable userScripts API on release by default * features.normandy-remote-settings.enabled Bug [1541469](https://bugzilla.mozilla.org/show_bug.cgi?id=1541469) - Don't write default values to feature gate preferences Bug [1519276](https://bugzilla.mozilla.org/show_bug.cgi?id=1519276) - Use Feature Gates for Remote Settings integration * fission.preserve_browsing_contexts Bug [1540839](https://bugzilla.mozilla.org/show_bug.cgi?id=1540839) - Add pref for preserving browsing contexts; * fission.rebuild_frameloaders_on_remoteness_change Bug [1551993](https://bugzilla.mozilla.org/show_bug.cgi?id=1551993) - Pref frameloader rebuilding off; Bug [1542415](https://bugzilla.mozilla.org/show_bug.cgi?id=1542415) - Pref on frameloader rebuilding by default; r!nika * font.size.fixed.ar Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.el Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.he Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.ja Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.ko Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.th Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.x-armn Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.x-beng Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.x-cans Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.x-cyrillic Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.x-devanagari Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.x-ethi Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.x-geor Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.x-gujr Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.x-guru Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.x-khmr Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.x-knda Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.x-math Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.x-mlym Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.x-orya Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.x-sinh Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.x-tamil Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.x-telu Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.x-tibt Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.x-unicode Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.x-western Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.zh-CN Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.zh-HK Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.fixed.zh-TW Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.ar Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.el Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.he Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.ja Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.ko Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.th Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.x-armn Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.x-beng Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.x-cans Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.x-cyrillic Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.x-devanagari Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.x-ethi Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.x-geor Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.x-gujr Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.x-guru Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.x-khmr Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.x-knda Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.x-math Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.x-mlym Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.x-orya Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.x-sinh Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.x-tamil Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.x-telu Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.x-tibt Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.x-unicode Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.x-western Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.zh-CN Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.zh-HK Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * font.size.monospace.zh-TW Bug [1537594](https://bugzilla.mozilla.org/show_bug.cgi?id=1537594) - Make the fixed generic family a parse-time alias to monospace. * gfx.direct3d11.use-double-buffering Bug [1555956](https://bugzilla.mozilla.org/show_bug.cgi?id=1555956) - Disable double buffering on non-Nightly. Bug [1547775](https://bugzilla.mozilla.org/show_bug.cgi?id=1547775): Enable double buffering on D3D11 compositors. * gfx.logging.slow-frames.enabled Bug [1550504](https://bugzilla.mozilla.org/show_bug.cgi?id=1550504) - Add pref to allow slow frames logging, disabled by default. * gfx.webrender.debug.texture-cache.disable-shrink Bug [1538710](https://bugzilla.mozilla.org/show_bug.cgi?id=1538710) - Remove disable-shrink pref * gfx.webrender.program-binary Bug [1535745](https://bugzilla.mozilla.org/show_bug.cgi?id=1535745) - Eliminate gfx.webrender.program-binary. * gfx.webrender.split-render-roots Bug [1441308](https://bugzilla.mozilla.org/show_bug.cgi?id=1441308) - Core renderroot splitting changes * image.animated.generate-full-frames Bug [1530774](https://bugzilla.mozilla.org/show_bug.cgi?id=1530774) - Part 1. Remove support in FrameAnimator for blending partial/paletted frames. * intl.hyphenate-capitalized.de-1901 Bug [1550532](https://bugzilla.mozilla.org/show_bug.cgi?id=1550532) - Avoid auto-hyphenating capitalized words, except for German. * intl.hyphenate-capitalized.de-1996 Bug [1550532](https://bugzilla.mozilla.org/show_bug.cgi?id=1550532) - Avoid auto-hyphenating capitalized words, except for German. * intl.hyphenate-capitalized.de-CH Bug [1550532](https://bugzilla.mozilla.org/show_bug.cgi?id=1550532) - Avoid auto-hyphenating capitalized words, except for German. * javascript.options.bigint Bug [1527902](https://bugzilla.mozilla.org/show_bug.cgi?id=1527902) - Enable javascript.options.bigint by default Bug [1531293](https://bugzilla.mozilla.org/show_bug.cgi?id=1531293) - Enable javascript.options.bigint on Nightly * javascript.options.experimental.await_fix Bug [1495072](https://bugzilla.mozilla.org/show_bug.cgi?id=1495072) - Part 2: Add pref for the await fix. * javascript.options.mem.nursery.min_kb Bug [1532838](https://bugzilla.mozilla.org/show_bug.cgi?id=1532838) - Set minimum nursery size to 256KB Bug [1532838](https://bugzilla.mozilla.org/show_bug.cgi?id=1532838) - Add a pref for the minimum nursery size * layout.css.line-height-moz-block-height.content.enabled Bug [1540093](https://bugzilla.mozilla.org/show_bug.cgi?id=1540093) - Unship line-height: -moz-block-height. * layout.css.prefixes.gradients Bug [1547939](https://bugzilla.mozilla.org/show_bug.cgi?id=1547939) - Add a pref for a simpler -moz- gradient parsing. * layout.css.resizeobserver.enabled Bug [1272409](https://bugzilla.mozilla.org/show_bug.cgi?id=1272409) - Part 2: Add ResizeObserver webidl and implementation. * layout.css.scroll-snap.enabled Bug [1531228](https://bugzilla.mozilla.org/show_bug.cgi?id=1531228) - Enable the new scroll snap and disable the old scroll snap on nightly. * layout.css.scroll-snap-v1.enabled Bug [1528639](https://bugzilla.mozilla.org/show_bug.cgi?id=1528639) - Implement scroll-margin parser and serializer. * layout.css.shared-memory-ua-sheets.enabled Bug [1474793](https://bugzilla.mozilla.org/show_bug.cgi?id=1474793) - Part 13: Build and use shared memory user agent style sheets in parent and content processes. * layout.css.simple-moz-gradient.enabled Bug [1547939](https://bugzilla.mozilla.org/show_bug.cgi?id=1547939) - Add a pref for a simpler -moz- gradient parsing. * layout.css.webkit-line-clamp.enabled Bug [866102](https://bugzilla.mozilla.org/show_bug.cgi?id=866102) - Implement -webkit-line-clamp. * layout.scroll.root-frame-containers Bug [1552040](https://bugzilla.mozilla.org/show_bug.cgi?id=1552040) - Make layout.scroll.root-frame-containers a regular (not override) pref. * lightweightThemes.recommendedThemes Bug [1525511](https://bugzilla.mozilla.org/show_bug.cgi?id=1525511): Part 2b - Delete recommended theme gunk. * lightweightThemes.selectedThemeID Bug [1525762](https://bugzilla.mozilla.org/show_bug.cgi?id=1525762): Part 2b - Migrate selected lightweight theme when installing built-in themes. * lightweightThemes.update.enabled Bug [1525762](https://bugzilla.mozilla.org/show_bug.cgi?id=1525762): Part 3b - Get rid of LWT update code. * media.audiograph.single_thread.enabled Bug [1551855](https://bugzilla.mozilla.org/show_bug.cgi?id=1551855) - Add a dedicated pref for enabling GraphRunner. * media.cache_readahead_limit.cellular Bug [1540573](https://bugzilla.mozilla.org/show_bug.cgi?id=1540573) - P4. Use larger MediaCache sizes when on cellular connection. * media.cache_resume_threshold.cellular Bug [1540573](https://bugzilla.mozilla.org/show_bug.cgi?id=1540573) - P4. Use larger MediaCache sizes when on cellular connection. * media.cache_size.cellular Bug [1540573](https://bugzilla.mozilla.org/show_bug.cgi?id=1540573) - P4. Use larger MediaCache sizes when on cellular connection. * media.devices.insecure.enabled Bug [1335740](https://bugzilla.mozilla.org/show_bug.cgi?id=1335740) - getUserMedia() Add 2 prefs to control A) NotAllowedError in http (pref'd on), and B) [SecureContext] navigator.mediaDevices (pref'd off) Bug [1335740](https://bugzilla.mozilla.org/show_bug.cgi?id=1335740) - getUserMedia() NotAllowedError in http (pref'd on), & [SecureContext] navigator.mediaDevices (pref'd off) * media.peerconnection.capture_delay Bug [1506884](https://bugzilla.mozilla.org/show_bug.cgi?id=1506884) - Remove capture_delay pref; * media.videocontrols.picture-in-picture.enabled Bug [1527925](https://bugzilla.mozilla.org/show_bug.cgi?id=1527925) - Enable User-Initiated Picture-in-Picture on Windows, Nightly-only. Bug [1539567](https://bugzilla.mozilla.org/show_bug.cgi?id=1539567) - Move Picture-in-Picture prefs outside of MOZ_WEBRTC ifdef block. Bug [1535748](https://bugzilla.mozilla.org/show_bug.cgi?id=1535748) - Remove NIGHTLY_BUILD build-time switches for Picture-in-Picture. Bug [1520329](https://bugzilla.mozilla.org/show_bug.cgi?id=1520329) - Add messaging infrastructure for opening videos in a Picture in Picture window. * media.videocontrols.picture-in-picture.video-toggle.enabled Bug [1527925](https://bugzilla.mozilla.org/show_bug.cgi?id=1527925) - Enable User-Initiated Picture-in-Picture on Windows, Nightly-only. Bug [1539567](https://bugzilla.mozilla.org/show_bug.cgi?id=1539567) - Move Picture-in-Picture prefs outside of MOZ_WEBRTC ifdef block. Bug [1535354](https://bugzilla.mozilla.org/show_bug.cgi?id=1535354) - Add a toggle to trigger Picture-in-Picture that appears over top of <video> elements. Disabled by default. * media.videocontrols.picture-in-picture.video-toggle.flyout-enabled Bug [1539567](https://bugzilla.mozilla.org/show_bug.cgi?id=1539567) - Move Picture-in-Picture prefs outside of MOZ_WEBRTC ifdef block. Bug [1535354](https://bugzilla.mozilla.org/show_bug.cgi?id=1535354) - Add a toggle to trigger Picture-in-Picture that appears over top of <video> elements. Disabled by default. * media.videocontrols.picture-in-picture.video-toggle.flyout-wait-ms Bug [1539567](https://bugzilla.mozilla.org/show_bug.cgi?id=1539567) - Move Picture-in-Picture prefs outside of MOZ_WEBRTC ifdef block. Bug [1535354](https://bugzilla.mozilla.org/show_bug.cgi?id=1535354) - Add a toggle to trigger Picture-in-Picture that appears over top of <video> elements. Disabled by default. * network.cookie.same-site.enabled Bug [1551821](https://bugzilla.mozilla.org/show_bug.cgi?id=1551821) - Get rid of pref network.cookie.same-site.enabled, * network.cookie.staleThreshold Bug [1551826](https://bugzilla.mozilla.org/show_bug.cgi?id=1551826) - Use StaticPrefs for network.cookie.staleThreshold in nsCookie, * network.delay.tracking.load Bug [1541238](https://bugzilla.mozilla.org/show_bug.cgi?id=1541238) - add pref to delay 3rd-party tracker; * network.dns.resolver_shutdown_timeout_ms Bug [1542384](https://bugzilla.mozilla.org/show_bug.cgi?id=1542384) - reduce timeout of shutdown resolver threads and make it prefable * network.http.enforce-framing.strict_chunked_encoding Bug [1531344](https://bugzilla.mozilla.org/show_bug.cgi?id=1531344) - Be strict about incorrect chunked encoding. * network.protocol-handler.external.ie.http Bug [1552627](https://bugzilla.mozilla.org/show_bug.cgi?id=1552627) - pt 2, * network.protocol-handler.external.iehistory Bug [1552627](https://bugzilla.mozilla.org/show_bug.cgi?id=1552627) - pt 2, * network.protocol-handler.external.ierss Bug [1552627](https://bugzilla.mozilla.org/show_bug.cgi?id=1552627) - pt 2, * network.ssl_tokens_cache_capacity Bug [1546975](https://bugzilla.mozilla.org/show_bug.cgi?id=1546975) - Cache SSL resumption tokens in necko, * network.ssl_tokens_cache_enabled Bug [1546975](https://bugzilla.mozilla.org/show_bug.cgi?id=1546975) - Cache SSL resumption tokens in necko, * network.traffic_analyzer.enabled Bug [1542069](https://bugzilla.mozilla.org/show_bug.cgi?id=1542069) - Enable Telemetry on tracking resources traffic; Bug [1533363](https://bugzilla.mozilla.org/show_bug.cgi?id=1533363) - Part 1: Add HttpTrafficAnalyzer service; * network.trr.excluded-domains Bug [1518208](https://bugzilla.mozilla.org/show_bug.cgi?id=1518208) - Respect network.trr.excluded-domains in TRR-only mode Bug [1450893](https://bugzilla.mozilla.org/show_bug.cgi?id=1450893) - Add pref for list of domains excluded from TRR * network.trr.resolvers Merge mozilla central to mozilla inbound on a CLOSED TREE Bug [1545242](https://bugzilla.mozilla.org/show_bug.cgi?id=1545242) - Add DNS-over-HTTPS resolver picker to the connections prefs UI. * network.trr.wait-for-portal Bug [1451890](https://bugzilla.mozilla.org/show_bug.cgi?id=1451890) - TRR: set wait-for-portal false * performance.adjust_to_machine Bug [1519241](https://bugzilla.mozilla.org/show_bug.cgi?id=1519241) - remove nightly-only low-end device detection, * performance.low_end_machine Bug [1519241](https://bugzilla.mozilla.org/show_bug.cgi?id=1519241) - remove nightly-only low-end device detection, * prio.enabled Bug [1538245](https://bugzilla.mozilla.org/show_bug.cgi?id=1538245) - Remove test prio data from "main" ping. * privacy.storagePrincipal.enabledForTrackers Bug [1536411](https://bugzilla.mozilla.org/show_bug.cgi?id=1536411) - StoragePrincipal - part 1 - Implementation, * privacy.trackingprotection.cryptomining.annotate.enabled Bug [1533074](https://bugzilla.mozilla.org/show_bug.cgi?id=1533074) - Implement Fingerprinting and Cryptomining annotation features - Part 3 - Cryptomining-annotation, * privacy.trackingprotection.fingerprinting.annotate.enabled Bug [1533074](https://bugzilla.mozilla.org/show_bug.cgi?id=1533074) - Implement Fingerprinting and Cryptomining annotation features - Part 2 - Fingerprinting-annotation, * privacy.trackingprotection.origin_telemetry.enabled Bug [1539536](https://bugzilla.mozilla.org/show_bug.cgi?id=1539536) - implement content blocking measurements using prio; * privacy.window.maxInnerHeight Bug [1548253](https://bugzilla.mozilla.org/show_bug.cgi?id=1548253) - Port pref cache variables of nsContentUtils to StaticPrefs - privacy.window.maxInnerWidth/Height, * privacy.window.maxInnerWidth Bug [1548253](https://bugzilla.mozilla.org/show_bug.cgi?id=1548253) - Port pref cache variables of nsContentUtils to StaticPrefs - privacy.window.maxInnerWidth/Height, * prompts.authentication_dialog_abuse_limit Bug [1532338](https://bugzilla.mozilla.org/show_bug.cgi?id=1532338) - Add stronger restrictions for basic auth dialog abuse protection. * security.certerrors.mitm.auto_enable_enterprise_roots Bug [1547013](https://bugzilla.mozilla.org/show_bug.cgi?id=1547013) - Enable automatically fixing MitM errors by default. Bug [1529643](https://bugzilla.mozilla.org/show_bug.cgi?id=1529643) - Implement MitM priming on certificate error pages. * security.csp.experimentalEnabled Bug [1517546](https://bugzilla.mozilla.org/show_bug.cgi?id=1517546) - Enable dyanmic module import by default Bug [1386214](https://bugzilla.mozilla.org/show_bug.cgi?id=1386214) - Remove require-sri from the CSP-Module * security.signed_content.CSP.default bug [1441989](https://bugzilla.mozilla.org/show_bug.cgi?id=1441989) - remove ContentVerifier * security.tls.enable_post_handshake_auth Bug [1511989](https://bugzilla.mozilla.org/show_bug.cgi?id=1511989), enable TLS 1.3 post-handshake authentication * services.blocklist.onecrl.checked Bug [1512451](https://bugzilla.mozilla.org/show_bug.cgi?id=1512451) - Read OneCRL blocklist from security-states/onecrl * services.blocklist.onecrl.collection Bug [1512451](https://bugzilla.mozilla.org/show_bug.cgi?id=1512451) - Read OneCRL blocklist from security-states/onecrl * services.blocklist.onecrl.signer Bug [1512451](https://bugzilla.mozilla.org/show_bug.cgi?id=1512451) - Read OneCRL blocklist from security-states/onecrl * services.settings.changes.path Bug [1549730](https://bugzilla.mozilla.org/show_bug.cgi?id=1549730) - Add guardrails for Remote Settings preferences * services.settings.default_signer Bug [1549730](https://bugzilla.mozilla.org/show_bug.cgi?id=1549730) - Add guardrails for Remote Settings preferences * services.settings.security.onecrl.bucket Bug [1512451](https://bugzilla.mozilla.org/show_bug.cgi?id=1512451) - Read OneCRL blocklist from security-states/onecrl * services.settings.security.onecrl.checked Bug [1512451](https://bugzilla.mozilla.org/show_bug.cgi?id=1512451) - Read OneCRL blocklist from security-states/onecrl * services.settings.security.onecrl.collection Bug [1512451](https://bugzilla.mozilla.org/show_bug.cgi?id=1512451) - Read OneCRL blocklist from security-states/onecrl * services.settings.security.onecrl.signer Bug [1512451](https://bugzilla.mozilla.org/show_bug.cgi?id=1512451) - Read OneCRL blocklist from security-states/onecrl * services.sync.prefs.sync.browser.contentblocking.features.strict Bug [1529517](https://bugzilla.mozilla.org/show_bug.cgi?id=1529517) - Add prefs for defining expected values in each content blocking category. * services.sync.prefs.sync.lightweightThemes.selectedThemeID Bug [1525762](https://bugzilla.mozilla.org/show_bug.cgi?id=1525762): Part 2b - Migrate selected lightweight theme when installing built-in themes. * services.sync.prefs.sync.lightweightThemes.usedThemes Bug [1525762](https://bugzilla.mozilla.org/show_bug.cgi?id=1525762): Part 2b - Migrate selected lightweight theme when installing built-in themes. * signon.management.page.enabled Bug [1548463](https://bugzilla.mozilla.org/show_bug.cgi?id=1548463) - Base page for HTML-based login manager. * signon.showAutoCompleteOrigins Bug [1550669](https://bugzilla.mozilla.org/show_bug.cgi?id=1550669) - Add a second row to autocomplete items for logins that shows origins. * telemetry.origin_telemetry_test_mode.enabled Bug [1539536](https://bugzilla.mozilla.org/show_bug.cgi?id=1539536) - implement content blocking measurements using prio; * toolkit.content-background-hang-monitor.disabled Bug [1530617](https://bugzilla.mozilla.org/show_bug.cgi?id=1530617) - Add pref for disabling BackgroundHangMonitor * toolkit.legacyUserProfileCustomizations.stylesheets Bug [1550157](https://bugzilla.mozilla.org/show_bug.cgi?id=1550157) - Set a pref if the user profile is using a userChrome.css or userContent.css file. * toolkit.telemetry.ecosystemtelemetry.enabled Bug [1529232](https://bugzilla.mozilla.org/show_bug.cgi?id=1529232) - Enable Ecosystem Telemetry on Nightly * ui.android.mouse_as_touch Bug [1544517](https://bugzilla.mozilla.org/show_bug.cgi?id=1544517) - Add a pref that controls conversion of mouse events to touch events. * urlclassifier.trackingAnnotationTable Bug [1536380](https://bugzilla.mozilla.org/show_bug.cgi?id=1536380) - update tracking annotation table to use category-based list Bug [1536488](https://bugzilla.mozilla.org/show_bug.cgi?id=1536488) - Tracking-annotation should use strict list always, * view_source.tab Bug [1444133](https://bugzilla.mozilla.org/show_bug.cgi?id=1444133) - Have an option to have view-source open in a separate (browser) window, not separate tab, * webchannel.allowObject.urlWhitelist Bug [1512511](https://bugzilla.mozilla.org/show_bug.cgi?id=1512511) - Remove extra-privileges for input.mozilla.org. * webgl.bypass-shader-validation Bug [1526027](https://bugzilla.mozilla.org/show_bug.cgi?id=1526027) - Remove webgl.bypass-shader-validation. * xul.panel-animations.enabled Bug [1546542](https://bugzilla.mozilla.org/show_bug.cgi?id=1546542) - Add a pref to be able to enable arrowpanel animations on Linux.

I wonder, is it not risky to evaluate preferences one month before they reach the Release channel ? Feels like it forces to duplicate some work in order to check that the decisions made are still correct one month later.

Anyway, I went over the last 20 prefs of the "New" list.

I mean these prefs

```javascript pref("privacy.storagePrincipal.enabledForTrackers", false); pref("privacy.trackingprotection.origin_telemetry.enabled", false); pref("remote.enabled", false); pref("remote.force-local", true); pref("remote.log.level", "Info"); pref("security.tls.enable_post_handshake_auth", false); pref("services.settings.security.onecrl.bucket", "security-state"); pref("services.settings.security.onecrl.checked", 0); pref("services.settings.security.onecrl.collection", "onecrl"); pref("services.settings.security.onecrl.signer", "onecrl.content-signature.mozilla.org"); pref("services.sync.prefs.sync.browser.contentblocking.features.strict", true); pref("signon.management.page.enabled", false); pref("signon.showAutoCompleteOrigins", false); pref("telemetry.origin_telemetry_test_mode.enabled", false); pref("toolkit.content-background-hang-monitor.disabled", false); pref("toolkit.legacyUserProfileCustomizations.stylesheets", false); pref("toolkit.telemetry.ecosystemtelemetry.enabled", false); pref("ui.android.mouse_as_touch", 1); pref("view_source.tab", true); pref("xul.panel-animations.enabled", true); ```

It appears that all 20 of them can be ignored.

Some of them are worth knowing about. toolkit.legacyUserProfileCustomizations.stylesheets may be worth adding to the user.js, commented out.

pref("remote.enabled", false);
pref("remote.force-local", true);
pref("remote.log.level", "Info");

Info

These three control [Firefox Remote agent](https://dxr.mozilla.org/mozilla-central/source/remote/README), turned off by default. [More on this](https://dxr.mozilla.org/mozilla-central/source/remote/doc/Building.md). [Here's what each pref does](https://dxr.mozilla.org/mozilla-central/source/remote/doc/Prefs.md), which shows that the default values are just right.

pref("privacy.storagePrincipal.enabledForTrackers", false);

Info

[Information on Storage Principal](https://dxr.mozilla.org/mozilla-central/source/toolkit/components/antitracking/StoragePrincipalHelper.h). This is a good pref. > At the moment, we are experimenting the partitioning of cookie jars for 3rd party trackers: each 3rd party origin, detected as a tracker, will have a partitioned cookie jar, created by the tracker's origin, plus, the first-party domain. I assume it would be enabled by Mozilla when it's ready and depending on user Content blocking preferences. IMO, we know it is ready if/when changing Content blocking prefs from Firefox options switches this pref on if its default is false. **Then only** it may be worth setting to `true` in the `user.js` ?

pref("privacy.trackingprotection.origin_telemetry.enabled", false);
pref("telemetry.origin_telemetry_test_mode.enabled", false);

Info

Of note are [comment 0](https://bugzilla.mozilla.org/show_bug.cgi?id=1539536#c0) and [comment 4](https://bugzilla.mozilla.org/show_bug.cgi?id=1539536#c4). This has to do with an experiment on 0.014% of page loads from each user from a random group of 1% of the Release channel users *who did not disable telemetry*. The experiment lasts 6 months and seeks to improve efficiency of Firefox's built-in content blocking. The main telemetry switches are said to command this experiment, so assuming no bug, it will not happen if they are off. The function [IsReportingEnabled](https://dxr.mozilla.org/mozilla-central/source/dom/base/ContentBlockingLog.cpp#82) shows that both prefs should be `false` for [defence in depth](https://dxr.mozilla.org/mozilla-central/source/dom/base/ContentBlockingLog.cpp#148), which they are by default. (Both links are code)

pref("toolkit.telemetry.ecosystemtelemetry.enabled", false);

Info

It is part of [Firefox Ecosystem Telemetry](https://bugzilla.mozilla.org/show_bug.cgi?id=1522664). [Here's more information](https://dxr.mozilla.org/mozilla-central/source/toolkit/components/telemetry/docs/data/ecosystem-telemetry.rst) on how it works. It obeys the main telemetry switches, according to comments, but should be kept to false by people who intend to never enable telemetry; to cover for the eventual bug (defence in depth). The pref is false by default in 68 anyway, so there's nothing to do.

pref("toolkit.legacyUserProfileCustomizations.stylesheets", false);

This one must be set to true so that userChrome.css and userContent.css customisations can still work in Firefox 68.

Wow, thanks @Okamoi, now that's some quality contribution right there! 👍 The format you used is also great and especially that you listed the 20 prefs you looked at so that we'll still know what you were referring to after we start moving more stuff to the ignore list.

I wonder, is it not risky to evaluate preferences one month before they reach the Release channel ? Feels like it forces to duplicate some work in order to check that the decisions made are still correct one month later.

For a while now I've always waited with creating the diffs issue until a Beta is no longer in its early-beta stage. That reduces the amount of changes quite a bit and as you can see in the older diff issues there's usually not a lot that changes between the 1st non-early beta and the final release. Posting the diffs early also gives us plenty of time to go over it so that we can have the next user.js version ready soon after a new FF release. As for "decisions", we usually wait with those and any actual commits until the final release diff is out.

pref("network.protocol-handler.external.ie.http", false);
pref("network.protocol-handler.external.iehistory", false);
pref("network.protocol-handler.external.ierss", false);

these 3 new prefs seem to be security related (1552627 = ACCESS DENIED) but they also landed these in 67.0.2 so I moved them to the ignore list.

^^ yes, I noted gk backported them in TB, there's also another one (1549833), but i have no idea what it is exactly: https://trac.torproject.org/projects/tor/ticket/30849

1549833 is about network.protocol-handler.external.res and that landed in 67.0

WTF is an auxclick (in dom.popup_allowed_events changed value)? Asking for a friend!

app.update.BITS.enabled defaults to true for ~~1/2 of the Windows userbase~~. Bug 1542100
- ~~https://dxr.mozilla.org/mozilla-central/source/toolkit/mozapps/update/UpdateService.jsm#582-593~~
- Confirmed: one of my local clients is in that half.
~~The default value of this pref is set at runtime (see the code). To prevent Firefox from setting it to true, app.update.BITS.inTrialGroup must be set to false beforehand.~~
BITS is a Windows service for downloading files in the background using idle bandwidth.

Edit: they set the default to true for everyone now. Bug 1553977

Wow, thanks @Okamoi, now that's some quality contribution right there! +1 The format you used is also great and especially that you listed the 20 prefs you looked at so that we'll still know what you were referring to after we start moving more stuff to the ignore list.

Thanks! I wanted to reduce visual clutter while leaving relevant information searchable with a CTRL+F based on pref names. (Since collapsed = unsearchable. I wonder what search engines think of collapsed text now though...) This comment now is still a bit too lengthy with all the <hr /> but oh well, at least the eye knows where to look at.

By the way your bug list is really useful, are you getting them by searching for the pref name here ?

For a while now I've always waited with creating the diffs issue until a Beta is no longer in its early-beta stage. That reduces the amount of changes quite a bit and as you can see in the older diff issues there's usually not a lot that changes between the 1st non-early beta and the final release.

Okay then, fair enough! I didn't know there was such a thing as an early-beta stage and a more consolidated one.

So I went over 20 more prefs from the bottom of the "New" list.

These prefs

```javascript pref("media.audiograph.single_thread.enabled", false); pref("media.cache_readahead_limit.cellular", 30); pref("media.cache_resume_threshold.cellular", 10); pref("media.cache_size.cellular", 32768); pref("media.devices.insecure.enabled", true); pref("media.getusermedia.insecure.enabled", false); pref("media.videocontrols.picture-in-picture.enabled", false); pref("media.videocontrols.picture-in-picture.video-toggle.enabled", false); pref("media.videocontrols.picture-in-picture.video-toggle.flyout-enabled", false); pref("media.videocontrols.picture-in-picture.video-toggle.flyout-wait-ms", 5000); pref("network.cookie.staleThreshold", 60); pref("network.delay.tracking.load", 0); pref("network.dns.resolver_shutdown_timeout_ms", 2000); pref("network.http.enforce-framing.strict_chunked_encoding", true); pref("network.ssl_tokens_cache_capacity", 2048); pref("network.ssl_tokens_cache_enabled", false); pref("network.traffic_analyzer.enabled", true); pref("network.trr.excluded-domains", "localhost,local"); pref("network.trr.resolvers", "[{ \"name\": \"Cloudflare\", \"url\": \"https://mozilla.cloudflare-dns.com/dns-query\" }]"); pref("privacy.annotate_channels.strict_list.enabled", false); ```

It appears that 16 of them can be ignored, 1 should probably be changed, 1 depends on RFP specifics, 1 depends on your policy for this user.js, and 1 should IMO be ignored.

A couple more are worth knowing about, but not changing.

The 16 prefs ignore list

```javascript pref("media.audiograph.single_thread.enabled", false); pref("media.cache_readahead_limit.cellular", 30); pref("media.cache_resume_threshold.cellular", 10); pref("media.cache_size.cellular", 32768); pref("media.getusermedia.insecure.enabled", false); pref("media.videocontrols.picture-in-picture.enabled", false); pref("media.videocontrols.picture-in-picture.video-toggle.enabled", false); pref("media.videocontrols.picture-in-picture.video-toggle.flyout-enabled", false); pref("media.videocontrols.picture-in-picture.video-toggle.flyout-wait-ms", 5000); pref("network.cookie.staleThreshold", 60); pref("network.delay.tracking.load", 0); pref("network.dns.resolver_shutdown_timeout_ms", 2000); pref("network.http.enforce-framing.strict_chunked_encoding", true); pref("network.ssl_tokens_cache_capacity", 2048); pref("network.ssl_tokens_cache_enabled", false); pref("network.trr.excluded-domains", "localhost,local"); ```

4 preferences to consider for change:

pref("network.traffic_analyzer.enabled", true);

Info

An experiment that [analyses HTTP traffic](https://bugzilla.mozilla.org/show_bug.cgi?id=1533363#c0) and will run [at most until Firefox 73](https://bugzilla.mozilla.org/show_bug.cgi?id=1533363#c8), looking for the prevalence of tracking resources going through HTTP. According to comments the experiment can't occur if telemetry is disabled through the main switches. For defence in depth, I would set it to `false`.

pref("media.devices.insecure.enabled", true);

Info

This should allow access to [navigator.mediaDevices](https://developer.mozilla.org/en-US/docs/Web/API/Navigator/mediaDevices) features on insecure web pages (HTTP), except for `getUserMedia`, which also needs `media.getusermedia.insecure.enabled` set to `true` just so the user can get prompted on HTTP pages. It is `true` by default [for compatibility reasons](https://dxr.mozilla.org/mozilla-central/source/modules/libpref/init/StaticPrefList.h#5627). I don't know if or when they will switch to a default value of `false`. I don't intend to interact with a site that uses HTTP for `navigator.mediaDevices` [related features](https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices), even with `getUserMedia` excluded. However, turning the pref off is going to be fingerprintable. The question then is, how does RFP cover the case where this pref remains `true` ? Does it lie or normalise well for all questions that can be asked ? If RFP covers it well, then the pref could be ignored, otherwise I would set it to `false`. **EDIT:** According to [Firefox Site Compatibility](https://www.fxsitecompat.dev/en-CA/docs/2019/getusermedia-and-enumeratedevices-can-no-longer-be-used-on-insecure-sites/), this pref is going to get turned off by default in the future. **So I would ignore it.** It seems that in the wild, `navigator.mediaDevices` features were already allowed on HTTP. More importantly, they are only enabled if either `media.peerconnection.enabled` [*OR*](https://dxr.mozilla.org/mozilla-central/source/dom/base/Navigator.cpp#1530) `media.navigator.enabled` are enabled, and they are both disabled in your `user.js`. On my end, only the former is disabled, but I *think* it is because I verified that RFP lies properly about `navigator.mediaDevices` features other than `getUserMedia`. **If someone is reading this and knows, can you confirm ?**

pref("privacy.annotate_channels.strict_list.enabled", false);

Info

This one is related to Tracking Protection - [basic vs strict lists](https://dxr.mozilla.org/mozilla-central/source/netwerk/url-classifier/UrlClassifierCommon.cpp#499), both for tracking and crypto-mining. I suppose it can be set through Firefox 68's UI, but I can't check. What to do with this depends on what this repo's `user.js` does with Tracking Protection. I will ignore it because I don't rely on TP at the moment.

pref("network.trr.resolvers", "[{ \"name\": \"Cloudflare\", \"url\": \"https://mozilla.cloudflare-dns.com/dns-query\" }]");

Info

An interesting one: It shows that DNS over HTTPS is moving to the point where there can be [UI](https://bug1545242.bmoattachments.org/attachment.cgi?id=9060594). At some point I'm probably going to enable DNS over HTTPS. For now, I would ignore this pref and rely on `network.trr.mode` to disable the feature. Otherwise, the empty value looks like it could be `[]` .

Ignored prefs worth knowing about:

pref("network.ssl_tokens_cache_enabled", false);

Nothing to do here, since the pref is `false`. But it makes me think of SSL session tracking and a decision I still haven't made regarding `security.ssl.disable_session_identifiers`.

pref("network.delay.tracking.load", 0);

A temporary value, I would guess. In the future, it might be used to delay third party tracking resources by a number of milliseconds in order to improve page load time. Today, a good pref that [does nothing](https://dxr.mozilla.org/mozilla-central/source/netwerk/protocol/http/nsHttpChannel.cpp#6752).

pref("network.cookie.staleThreshold", 60);

The cookie part draws attention, but it sounds like it's [of no interest to us](https://dxr.mozilla.org/mozilla-central/search?q=ookie-%3EIsStale&redirect=false). The value is in seconds.

Well, the next next 20 16 from the bottom are pretty straightforward. I would rank a few as ignore but worth knowing about, but I'll know about them in another life. Here:

16 more preferences to ignore

```javascript pref("extensions.htmlaboutaddons.inline-options.enabled", true); pref("fission.preserve_browsing_contexts", false); pref("fission.rebuild_frameloaders_on_remoteness_change", false); pref("gfx.direct3d11.use-double-buffering", false); pref("gfx.logging.slow-frames.enabled", false); pref("gfx.webrender.split-render-roots", false); pref("intl.hyphenate-capitalized.de-1901", true); pref("intl.hyphenate-capitalized.de-1996", true); pref("intl.hyphenate-capitalized.de-CH", true); pref("javascript.options.experimental.await_fix", false); pref("javascript.options.mem.nursery.min_kb", 256); pref("layout.css.line-height-moz-block-height.content.enabled", false); pref("layout.css.resizeobserver.enabled", false); pref("layout.css.shared-memory-ua-sheets.enabled", false); pref("layout.css.simple-moz-gradient.enabled", true); pref("layout.css.webkit-line-clamp.enabled", true); ``` EDIT: Corrected an overlap of 4 prefs with the previous list

Thanks @Okamoi / @WellOrientedLlama .... only 2 weeks to go. Are you guys going to get this done on time, or do I need to help out? Asking for a friend!

Sorry! I pledged to do 20 prefs and ended up doing 56, but I probably won't do much more before release. I always review all preferences on my own, but the context is different here; there's more work, so I need to fine tune over several Firefox releases and figure out where to cut corners. Perfectionism is a fucking curse to guard against, it's not a virtue.

So I think I'll keep the pledge approach for now, even if I increase the amount from 20. IMHO we need more people to pledge to take work off your shoulders; even a 10 prefs pledge would be great. Plus if we had 10 people doing 10 prefs each, they could even do it at maximum perfectionist snail-speed and still not feel burdened. And we would get more and better information. We can teach people how to look for data, it's not hard, it just gets tedious beyond the first few.

The second issue I have is that if I cover too many preferences, this repository's findings will not be independent from mine any more. The more prefs I cover, the less I will be able to continue using this repository to cross-check my decisions. So it is in my interest to do less, but it is also in my interest that you don't get tired of maintaining this repo. So... basically recruiting is the best solution from this viewpoint as well!

From a quick look that should not be blindly relied on, these are the remaining interesting prefs:

List

**NEW** ```javascript pref("app.update.BITS.enabled", false); // https://github.com/ghacksuserjs/ghacks-user.js/issues/743#issuecomment-501676756 pref("browser.contentblocking.features.strict", "tp,tpPrivate,cookieBehavior4,cm,fp"); pref("browser.contentblocking.maxIntroCount", 5); pref("browser.in-content.dark-mode", false); pref("browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa", "{\"id\":\"cfr-fxa\",\"enabled\":true,\"type\":\"remote-settings\",\"bucket\":\"cfr-fxa\",\"frequency\":{\"custom\":[{\"period\":\"daily\",\"cap\":1}]}}"); pref("corroborator.enabled", false); pref("devtools.aboutdebugging.showHiddenAddons", false); pref("devtools.browserconsole.contentMessages", false); pref("devtools.browserconsole.filterContentMessages", false); pref("dom.link.disabled_attribute.enabled", true); pref("dom.metaElement.setCookie.allowed", false); pref("dom.presentation.testing.simulate-receiver", false); pref("dom.vr.process.enabled", true); pref("dom.window.open.noreferrer.enabled", true); pref("extensions.abuseReport.enabled", false); pref("extensions.cookiesBehavior.overrideOnTopLevel", false); pref("extensions.htmlaboutaddons.discover.enabled", false); ``` **GONE or HIDDEN** ```javascript pref("devtools.aboutdebugging.showSystemAddons", false); // Migrated to devtools.aboutdebugging.showHiddenAddons ? pref("network.cookie.same-site.enabled", true); // Why ? pref("prio.enabled", false); // Why ? ``` **CHANGED** ```javascript pref("browser.newtabpage.activity-stream.asrouter.providers.cfr", "{\"id\":\"cfr\",\"enabled\":true,\"type\":\"remote-settings\",\"bucket\":\"cfr\",\"frequency\":{\"custom\":[{\"period\":\"daily\",\"cap\":1}]},\"categories\":[\"cfrAddons\",\"cfrFeatures\"],\"updateCycleInMs\":3600000}"); // prev: "{\"id\":\"cfr\",\"enabled\":true,\"type\":\"local\",\"localProvider\":\"CFRMessageProvider\",\"frequency\":{\"custom\":[{\"period\":\"daily\",\"cap\":1}]},\"categories\":[\"cfrAddons\",\"cfrFeatures\"]}" pref("browser.newtabpage.activity-stream.telemetry.structuredIngestion", true); // prev: false pref("browser.urlbar.quantumbar", true); // prev: false pref("dom.storage.next_gen", true); // prev: false pref("dom.vr.external.enabled", true); // prev: false pref("dom.vr.openvr.action_input", true); // prev: false pref("extensions.webcompat-reporter.enabled", true); // prev: false pref("privacy.trackingprotection.cryptomining.annotate.enabled", true); // prev: false pref("privacy.trackingprotection.fingerprinting.annotate.enabled", true); // prev: false pref("security.certerrors.mitm.auto_enable_enterprise_roots", true); // prev: false pref("webchannel.allowObject.urlWhitelist", "https://content.cdn.mozilla.net https://support.mozilla.org https://install.mozilla.org"); // prev: "https://content.cdn.mozilla.net https://input.mozilla.org https://support.mozilla.org https://install.mozilla.org" ```

relax :camel: ... i'm just messing with you (all) ... I took this on (i.e moving to github, with earthlng), so I'll make sure we get there. Any help is appreciated and is a bonus, not an expectation

Thanks for providing links and context etc :1st_place_medal:

i'm just messing with you

That didn't work. :feelsgood:

relax :camel:

As long as I'm not spitting right in your face, I'm always well-oriented, whatever that means. But I'm really ready to help organise a pledge system to get more people to participate, including writing up a fishing tutorial if necessary.

If you're reading this and would agree to *trying* to engage in such a promise-based participation, could you add the eyes smiley to this comment ? With 3 of those it might be worth it already, excluding Pants, Earthlng and whoever already has larger commitments to this repo.

I'm not entirely sure what "a pledge system" means or entails, and given my dedication (yeah, I make not-so-subtle remarks alluding to being over-worked all the time), it will always be done. So that's not the problem IMO.

The problem is I'm not an expert, at least not in all areas. I don't think any of us are. So the more eyes and brains working on it, the better the end result. As you said, "if I cover too many preferences, this repository's findings will not be independent from mine any more". <-- this

Can you enlighten me as to what form a pledge system would take? By fishing tutorial, do you mean a guide on how to investigate changes (searchfox, dxr, bugzilla search parameters, etc)?

PS: I'm not well-oriented at all: I'm isolated and not grounded to anything, I think. Not even sure what that means.

@earthlng IDFK .. am I doing something wrong? Never had this issue before, but I don't see anything in the related bugzillas to show me the prefs were removed. I normally do all this ahead of time in the deprecated sticky

pref("browser.aboutHomeSnippets.updateUrl", "https://snippets.cdn.mozilla.net/..."); 0105b
https://bugzilla.mozilla.org/show_bug.cgi?id=1540939 <-- where?

pref("browser.newtabpage.activity-stream.disableSnippets", false); 0105b
<-- can't find this?

pref("lightweightThemes.update.enabled", true); 0307
https://bugzilla.mozilla.org/show_bug.cgi?id=1525762 Part 3b <-- where?

pref("security.csp.experimentalEnabled", false); 2682
https://bugzilla.mozilla.org/show_bug.cgi?id=1517546 <-- where?
https://bugzilla.mozilla.org/show_bug.cgi?id=1386214 <-- where?

changes (if anyone wants to spot check them)

deprecated -> ignore: after checking they weren't in the user.js
changed -> bulleted/check-boxed: 4 items from the list and brought back one from deprecated
changed -> ignore: almost all that was left was added to the 5 already in ignore
new -> ignore: see below: of these
- picture-in-picture is an unknown: it needs investigation by e.g Tor Project if it leaks anything
- resizeobserver shouldn't be an issue: it's an additional/companion API to intersectionobserver which I looked at a few weeks ago. AFAIK it just makes it easier to detect things that could already be done via other means (albeit not elegant or always reliable) - feel free to follow up on it

moved from new to ignore

```js pref("apz.fixed-margin-override.bottom", 0); pref("apz.fixed-margin-override.enabled", false); pref("apz.fixed-margin-override.top", 0); pref("browser.contentblocking.features.strict", "tp,tpPrivate,cookieBehavior4,cm,fp"); pref("browser.contentblocking.maxIntroCount", 5); pref("browser.in-content.dark-mode", false); pref("browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa", "{\"id\":\"cfr-fxa\",\"enabled\":true,\"type\":\"remote-settings\",\"bucket\":\"cfr-fxa\",\"frequency\":{\"custom\":[{\"period\":\"daily\",\"cap\":1}]}}"); pref("browser.safebrowsing.prefixset_max_array_size", 524288); pref("corroborator.enabled", false); pref("devtools.aboutdebugging.local-tab-debugging", false); pref("devtools.aboutdebugging.process-debugging", true); pref("devtools.aboutdebugging.showHiddenAddons", false); pref("devtools.browserconsole.contentMessages", false); pref("devtools.browserconsole.filterContentMessages", false); pref("devtools.debugger.log-actions", false); pref("devtools.inspector.inactive.css.enabled", false); pref("devtools.netmonitor.requestBodyLimit", 1048576); pref("devtools.webconsole.input.autocomplete", true); pref("dom.window.open.noreferrer.enabled", true); // ^^ no need to enforce: nice it landed for ESR68 pref("fission.preserve_browsing_contexts", false); pref("fission.rebuild_frameloaders_on_remoteness_change", false); pref("gfx.direct3d11.use-double-buffering", false); pref("gfx.logging.slow-frames.enabled", false); pref("gfx.webrender.split-render-roots", false); pref("intl.hyphenate-capitalized.de-1901", true); pref("intl.hyphenate-capitalized.de-1996", true); pref("intl.hyphenate-capitalized.de-CH", true); pref("javascript.options.experimental.await_fix", false); pref("javascript.options.mem.nursery.min_kb", 256); pref("layout.css.line-height-moz-block-height.content.enabled", false); pref("layout.css.resizeobserver.enabled", false); pref("layout.css.shared-memory-ua-sheets.enabled", false); pref("layout.css.simple-moz-gradient.enabled", true); pref("layout.css.webkit-line-clamp.enabled", true); pref("media.audiograph.single_thread.enabled", false); pref("media.cache_readahead_limit.cellular", 30); pref("media.cache_resume_threshold.cellular", 10); pref("media.cache_size.cellular", 32768); pref("media.getusermedia.insecure.enabled", false); pref("media.videocontrols.picture-in-picture.enabled", false); pref("media.videocontrols.picture-in-picture.video-toggle.enabled", false); pref("media.videocontrols.picture-in-picture.video-toggle.flyout-enabled", false); pref("media.videocontrols.picture-in-picture.video-toggle.flyout-wait-ms", 5000); ```

@Thorin-Oakenpants Looked up two of the four prefs from your previous post:

browser.aboutHomeSnippets.updateUrl <-- where?

[Removed here](https://hg.mozilla.org/mozilla-central/rev/11de829f1358#l1.15), functionality seems covered by [`browser.newtabpage.activity-stream.asrouter.providers.snippets`](https://hg.mozilla.org/mozilla-central/rev/11de829f1358#l1.37)

lightweightThemes.update.enabled <-- where?

[This one](https://hg.mozilla.org/integration/mozilla-inbound/rev/eb90dbf5abc88a452434245a0a1b2fae0ed835d6#l1.12), sounds like the entire update system is scrapped for lightweight themes. Maybe themes will now be updated like regular add-ons or system add-ons or search engines ? I didn't check any further.

For the pledge thing, I'll get back to it later :)

OK, I must be fucking tired or something, because that's exactly what I was already looking at: https://phabricator.services.mozilla.com/D27252 and couldn't see it

https://bugzilla.mozilla.org/show_bug.cgi?id=1525762 : yes, I was looking at that and E said it was Part 3b but I can;t see it's removal.Maybe I need a break

@Okamoi / @WellOrientedLlama

By the way your bug list is really useful, are you getting them by searching for the pref name here ?

1st of all, sorry for the late reply. I'm not doing the bug list lookup manually (I'm not that crazy ;). I wrote a script that collects them for me and yes it works kind of like that but not exactly. It doesn't "search" for the pref name but instead looks at the changelogs for some of the most commonly used files where prefs are stored and goes over every commit to those files, looking at all the changed lines and within those, looking for lines with a certain format used for prefs. Then it extracts the prefname and checks if it's in the list of prefs I gave it as an input (ie the "diff" file) and if it matches, adds that bug id to the list of tickets for that pref for later output. It doesn't work 100% reliably because it sometimes misses something or reports a false positive but for the most part it gets the job done.

@Thorin-Oakenpants

security.csp.experimentalEnabled: https://bugzilla.mozilla.org/show_bug.cgi?id=1517546 is unrelated and one of those cases where my script kinda misfired (because of this line: https://hg.mozilla.org/mozilla-central/rev/6ce854f480d6#l2.5)

https://bugzilla.mozilla.org/show_bug.cgi?id=1386214 is the one where they removed it:

this line is where they used to check that pref (outside of tests): https://hg.mozilla.org/mozilla-central/rev/3d66d37e72c3#l5.96
and this is the removal of the pref itself: https://hg.mozilla.org/mozilla-central/rev/3d66d37e72c3#l29.13

browser.newtabpage.activity-stream.disableSnippets is another case where my script failed because AS is a fucking piece of shit! They set and access prefs in all kinds of different ways which makes automatic detection pretty much impossible and even if you look it up manually, they never explain why they do something and even the titles they use aren't very descriptive and often times the commits do a lot more than what's mentioned in the title. Anyhow, the ticket where they removed this pref is https://bugzilla.mozilla.org/1546190

yes, I was looking at that and E said it was Part 3b but I can;t see it's removal

another case of when searching for the whole prefname doesn't work.

removal of the default pref: https://hg.mozilla.org/integration/mozilla-inbound/rev/eb90dbf5abc88a452434245a0a1b2fae0ed835d6#l1.12
this is where they access the lightweightThemes. pref branch and store it in _prefs: https://hg.mozilla.org/integration/mozilla-inbound/rev/eb90dbf5abc88a452434245a0a1b2fae0ed835d6#l2.36
this is where they used _prefs to read lightweightThemes.update.enabled: https://hg.mozilla.org/integration/mozilla-inbound/rev/eb90dbf5abc88a452434245a0a1b2fae0ed835d6#l2.150

/* 0321: disable recommendations in about:addons' Extensions and Themes panes [FF68+] ***/
user_pref("extensions.getAddons.discovery.api_url", "");
user_pref("extensions.htmlaboutaddons.discover.enabled", false);

The boolean is default true in the latest dev (and E will update it with the final diff). I have to say this pref has no effect. Only blanking the URL works

pref("security.certerrors.mitm.auto_enable_enterprise_roots", true);

Bug 1547013 and 1529643

Beginning with Firefox 68, whenever a MITM error is detected, Firefox will automatically turn on the “enterprise roots” preference and retry the connection.

https://blog.mozilla.org/security/2019/07/01/fixing-antivirus-errors/

68.0 changes since 68.0b9

new

pref("app.update.BITS.enabled", true); // "new" with value false in 68.0b9
pref("extensions.abuseReport.enabled", true); // "new" with value false in 68.0b9
pref("extensions.htmlaboutaddons.discover.enabled", true); // "new" with value false in 68.0b9
pref("extensions.htmlaboutaddons.recommendations.enabled", true);
pref("extensions.recommendations.privacyPolicyUrl", "https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=privacy-policy-link#addons");
pref("extensions.recommendations.themeRecommendationUrl", "https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-footer-link");
pref("fission.autostart", false);
pref("privacy.file_unique_origin", true);
pref("services.sync.prefs.dangerously_allow_arbitrary", false);

removed, renamed or hidden

pref("services.sync.prefs.sync.browser.safebrowsing.downloads.enabled", true); pref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", true); pref("services.sync.prefs.sync.browser.safebrowsing.passwords.enabled", true); pref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", true); pref("services.sync.prefs.sync.extensions.personas.current", true); pref("services.sync.prefs.sync.pref.advanced.images.disable_button.view_image", true); pref("services.sync.prefs.sync.pref.advanced.javascript.disable_button.advanced", true); pref("services.sync.prefs.sync.security.OCSP.enabled", true); pref("services.sync.prefs.sync.security.OCSP.require", true); pref("services.sync.prefs.sync.security.tls.version.max", true); pref("services.sync.prefs.sync.security.tls.version.min", true); pref("services.sync.prefs.sync.xpinstall.whitelist.required", true);

changed

pref("app.releaseNotesURL", "https://www.mozilla.org/%LOCALE%/firefox/%VERSION%beta/releasenotes/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=whatsnew"); // prev: "https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=whatsnew" ~~pref("app.update.channel", "beta"); // prev: "release"~~ ~~pref("app.update.url.details", "https://www.mozilla.org/%LOCALE%/firefox/beta/notes"); // prev: "https://www.mozilla.org/%LOCALE%/firefox/notes"~~ ~~pref("app.update.url.manual", "https://www.mozilla.org/firefox/beta"); // prev: "https://www.mozilla.org/firefox/"~~ pref("browser.tabs.unloadOnLowMemory", false); // prev: true ~~pref("dom.storage.next_gen", true); // prev: false~~ pref("extensions.htmlaboutaddons.enabled", true); // prev: false ~~pref("extensions.webcompat-reporter.enabled", true); // prev: false~~ ~~pref("toolkit.telemetry.enabled", true); // prev: false~~ pref("trailhead.firstrun.branches", "join-privacy"); // prev: "control"

EDIT : updated 1st post

OT: it only took a shade over 2 days .. fixed with an approval-mozilla-esr68 flag. I guess if you want something fixed get gk onto it

Weird how this doesn't even affect Tor Browser, but he upstreams a ticket. The examples given are uBO and uM. And yet the CSP header modification bugzilla he doesn't want to wade into (I probably don't blame him) - and the CSP issue examples includes uBO which does affect TB on Tails (and would affect TB if they include an adblocker at some stage: which they might in order to improve latency, stability, capacity etc in the Tor network)

:head-scratcher:

Also: For earthlng's amusement: https://trac.torproject.org/projects/tor/ticket/31134

Heads up

FPI in 68 ~~gets applied~~ has a regression with extension storage. Under profile/storage/default/ you will have a bunch of moz-extension folders. Some extensions will have two folders: one for settings (i think) and one for storing shit (I guess). The ones for storing shit are affected

uBO settings (does not change): moz-extension+++UUID^userContextId=a_number
uBO filter lists (non-FPI, old pre FF68): moz-extension+++UUID
uBO filters lists (FPI, new): moz-extension+++UUID^firstPartyDomain=UUID

The same happens if you update with FPI off (and override it in the user.js), and then in FF68 you turn FPI back on (and un-override it) and restart. i.e in other words, as soon as you have FPI on, Firefox wants to use the new folder structure. And it does this just like a new extension install - it recreates it. And it will be empty or have default data in it.

You cannot rename your old folders, as the data is not the same

I had three extensions affected: uBO, uMatrix, and Group Speed Dial.

uBO: you lose nothing, just update your filter lists
uMatrix: you lose nothing, just update your assets
Group Speed Dial - I lost all my thumbnails (customs ones, about 200+, super simple pngs at very small file sizes) - I did not lose any of the dials. I simply exported all settings and thumbnails before updating to 68 and removed the extension. Once in FF68 I installed the extension and imported everything.

Anyway, you will be left with some old folders, e.g the uBO and uMatrix non-FPI-marked folders. I deleted mine, since I never disable FPI. I have no idea what happens when you disable FPI and restart: my guess is the reverse happens and if the non-FPI-marked folder doesn't exist it will create one.

Edit

this also affects Greasemonkey - see https://bugzilla.mozilla.org/show_bug.cgi?id=1564593
I wouldn't be surprised if it affected more extensions
also see https://bugzilla.mozilla.org/show_bug.cgi?id=1556212#c20

OT: it only took a shade over 2 days .. fixed with an approval-mozilla-esr68 flag.

NICE!! Maybe add a note to 2610 that it no longer breaks SVGs in extensions in FF70 + ESR68.1 (or whatever version of ESR they'll land this) ?

Just on that extension FPI thing in 68. I'm not a web ext dev or anything, but it doesn't affect all extensions: for example I have Stylus and ViolentMonkey and they both have "storage" folders as well: but they didn't change. They are both super tiny at around 50kb

The difference is the type I believe: uBO (9mb), uM (9mb), and my Group Speed Dial (2mb for custom tiny thumbs, so you can image how big it can get if they are auto-generated) use a large storage. I don't know if that's a flag for "unlimited" in the manifest or what

I have no idea why VM and Stylus don't trigger adding a ^FPD - even when editing scripts and saving them - maybe they use storage.sync - IDK

Thanks for all the work! The most "important" remark I have for now is about features.normandy-remote-settings.enabled, one of the preferences that get removed.

I see that it is now being taken care of by the new Feature Gates system. It's currently the only preference using this system, it seems, according to the source. Notice though how this enables the normandy-remote-settings by default.

So, assuming the Feature Gates does still take into account a custom set value in about:config, which I haven't been able to confirm but I'm kind of thinking it would, shouldn't we force set normandy-remote-settings to false in the user.js, as defence in depth ?

@earthlng Additionally, isn't that a warning to monitor the list of feature gates for change in your tools ? It seems that they will all be akin to features.*.enabled about:config preferences, and a potential source of hidden prefs like media.gmp-*.autoupdate in the past.

Yeah I noticed that as well. I don't mind adding that pref to 0503 because why download something that we'll never use anyway.

Additionally, isn't that a warning to monitor the list of feature gates for change in your tools ?

my tool doesn't "monitor" any files, it only searches for the bugzillas where a certain change was implemented. But the input for that script are my diffs and they don't contain hidden prefs.

I meant to include the Features.toml file in the list of files considered when building the pref differential. In this case, if I understand the Feature Gates system correctly the part between brackets (say X) should end up being used as a features.X.enabled pref that could be not otherwise displayed with a default value in about:config, slipping under our radars. (Though I haven't been able to confirm for sure that a custom value will be picked up by the Feature Gates system yet)

Let me know if you don't intend to use it, I can always keep a bookmark on my end to check manually on each update :)

The Trailhead system is annoying. I shouldn't be surprised since it's part of ASRouter which is part of goddamned ActivityStream.

The trailhead.firstrun.branches pref changed to join-privacy from control. I have a hard time figuring out which value ensures no experiment is going to pass through. I assume there are switches above this one that, turned off, already disable Trailhead, but for experiments I'd rather trust defence in depth rather than make assumptions.

Basically there are three values, experiment, interrupt and triplet. By default the second one gets set to join and the third one to privacy. The first one is an empty string that could get set through other means I didn't dig.

I don't like the join default, it sounds suspicious.

moved from new -> ignore

``` pref("app.update.BITS.enabled", true); pref("dom.file.createInChild", false); pref("dom.ipc.cancel_content_js_when_navigating", false); pref("dom.keyboardevent.keypress.hack.dispatch_non_printable_keys.addl", ""); pref("dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode.addl", ""); pref("dom.largeAllocation.forceEnable", false); pref("dom.link.disabled_attribute.enabled", true); pref("dom.metaElement.setCookie.allowed", false); pref("dom.mouseevent.click.hack.use_legacy_non-primary_dispatch", ""); pref("dom.presentation.testing.simulate-receiver", false); pref("dom.storage.snapshot_gradual_prefill", 4096); pref("extensions.abuseReport.enabled", true); pref("extensions.abuseReport.url", "https://addons.mozilla.org/api/v4/abuse/report/addon/"); pref("extensions.htmlaboutaddons.inline-options.enabled", true); pref("extensions.recommendations.privacyPolicyUrl", "https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=privacy-policy-link#addons"); pref("extensions.recommendations.themeRecommendationUrl", "https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-footer-link"); pref("fission.autostart", false); pref("network.cookie.staleThreshold", 60); pref("network.delay.tracking.load", 0); pref("network.dns.resolver_shutdown_timeout_ms", 2000); pref("network.http.enforce-framing.strict_chunked_encoding", true); pref("network.ssl_tokens_cache_capacity", 2048); pref("network.ssl_tokens_cache_enabled", false); pref("network.traffic_analyzer.enabled", true); pref("privacy.annotate_channels.strict_list.enabled", false); pref("privacy.storagePrincipal.enabledForTrackers", false); pref("security.tls.enable_post_handshake_auth", false); pref("services.sync.prefs.dangerously_allow_arbitrary", false); pref("signon.management.page.enabled", false); pref("signon.showAutoCompleteOrigins", false); ```

I gotta say, this has been one of the whackiest updates in a long time, with some miscellaneous non-related BS'ery

95% of emoticons on github broke
- fixed by adding EmojiOne Mozilla to my font whitelist: never needed it before
portable: 68 was fine, but 68.0.1 brought on the no drag n drop
- fixed by adding AdditionalParameters=-no-deelevate to FirefoxPortable.ini
FPI being applied to (some?) extension storage
- see above post
uMatrix went kinda haywire during all of this
- I'm not sure what it was: example: it couldn't block images and other things
- I have a pretty hard setup, including behind the scenes
- I exported my rules, reset the fucker (by wiping all rules/whitelists and adding in the default ones), changed my global rules to only allow first party css and images, cleaned up my exported rules, and then painstakingly added them in manually as copypasta in bunches until I weeded out a few weird ones: changed how I did them per site)
- it still took me several hours to get things right, including allowing uMatrix assets to update
cookies are behaving weird: I'm not sure if it's a left-over from site permissions (backed out) and other FPI or Origin Attribute changes. I read a fair bit a month or two ago about keeping the old non OA data as a fallback .. I should find that ticket
- here's an example
- site A: I allow a persistent cookie, I do not delete it, it contains a preference for the color text I use when I post, I often change the color from red to blue to green etc, and the cookie remembers it. If there is no preference set, e.g no cookie: you get default white on black (or black on white: depending on the site theme)
- now, even if I delete all cookies, all persistent storage, even site permissions: I keep getting reset to the last color I used before I updated
- I'm thinking I might nuke everything I can find: sqlites etc to make sure zero data is floating around

also .. just quietly

GoogleMonkeyR shat itself after a solid stable 3 years
- this one is about the only one being maintained
- seems its happening to everyone, but the timing just made me super suspicious
- still waiting for a fix .. I miss my two column autopaginating (all the rest is fine)
imdb now has a shitty blank white bar across the top
- coincidence: it happens on a nilla profile as well, any browser .. WTF?

I'm starting to feel as if something is broken, and I think I've forgotten a few other issues as well: been so many little things. Shoot me now.

Edit: I just gave up and allowed images from fl-na.amazon - I'm already connecting to ssl-images-amazon anyway

It's like something is wrong with uBO, uMatrix (not speed dial which I did a clean install of)

OT: I've narrowed it down .. again with extensions... If I use the panel dropdown and disable cosmetic filters, it goes away. But it's not a cosmetic filter: if I instead disable all cosmetic filters from the dashboard filters lists, the problem is still there. [edit: uBO]

I think this is some sort of background image, and it's getting replaced with a placeholder (and uBO placeholders are disabled), which is creating an element height .. IDK .. this doesn't happen in Opera.

Starting to get really fucked off with this release ... dozens, hundreds of little breakages .. why is everything fucking breaking :suicide: :smashhead: :get-wrecked: :cocaine: :beerbeerbeer:

wickywick

I think I'll just see if I can change display from inline to none for body#styleguide-v2.fixed img in a user style

@LegitLlama

build a tool that secures us in knowing that no preference goes under our radar by e.g. checking that all about:config prefs exist in both lists.

the script that I use for the diffs, extracts the prefs directly from about:config which more or less means that no non-hidden pref goes under our radar. To be precise, I only extract the prefs with default values but that's good enough IMO because the rest (=runtime-set prefs without default values) are mostly timestamp prefs and shit like that. (** more details below)
my script for the bugzilla tickets list only checks a few of the most commonly used pref files ...

Would you mind sharing what those files are ? I have gathered a number of them but would like to be as thorough as possible.

modules/libpref/init/all.js
browser/app/profile/firefox.js
security/manager/ssl/security-prefs.js
devtools/client/preferences/devtools-client.js
modules/libpref/init/StaticPrefList.h <<-- this will be split into a number of smaller files and goes away soonish, see this meta bug: https://bugzilla.mozilla.org/1563139

**: this is the tool I use to extract the prefs from about:config: http://pasted.co/44159c46 You can compare it to the original script from here to see the settings I use and the couple of fixes and changes I made. You can play with it, with different settings and whatnot, and compare the outputs to check if I'm missing something important due to not extracting prefs without default values. Please let me know if you do, thanks.

In case this might be helpful, here's the list of prefs I extracted from FF68.0: http://pasted.co/71c0d34f

From afar it looks like a web bug gone wrong

When I upgraded to 68, I ended up entirely removing uMatrix and remnants, and re-installing. Seems I forgot to tick hide placeholders. I had only copypasta'ed my rules out beforehand to a text file: since the settings are only a few ticks (and I wanted to clean up rules anyway)

About the only thing still iffy is some sticky cookie preferences: I swear there's like a fallback duplicate OA set somewhere due to recent changes: but I might be getting mixed up with FPI -> site permissions in 69

But I have an idea

I will disable my three extensions (uBO, uM, speed dial)
I will clear everything manually and on close in two states: FPI, and non-FPI with restarts in between
and I will delete all the relevant storage files
and I will blow away startup cache
and then in FPI mode, re-enable my three extensions

Maybe this weekend

I thought your methodology was more similar to cat-in-136.github.io.

That's how I did it originally but then somewhere around FF61 my script falsely reported a bunch of prefs as removed and I noticed that they started moving prefs to StaticPrefList.h and removed them from the default pref files. So I had to change my approach and getting the prefs in the same way that about:config retrieves them, seemed to be the best way to go.

IMO ...

network.trr.excluded-domains + network.trr.resolvers - no need to change these
privacy.file_unique_origin - fix (or part of the fix) for CVE-2019-11730 - no need to enforce
privacy.trackingprotection.origin_telemetry.enabled + telemetry.origin_telemetry_test_mode.enabled + toolkit.telemetry.ecosystemtelemetry.enabled - all default false atm - no need to enforce
ui.android.mouse_as_touch - android? who cares?! ignore
xul.panel-animations.enabled - the code suggests that this is some animation for the arrow-menus in bookmark-popups but I'm unable to find the difference in animation or the panel that this is supposed to animate. Maybe I'm not seeing an animation because of toolkit.cosmeticAnimations.enabled or it's too subtle to notice or I'm looking at the wrong panel(s), IDK.

from "changed":

browser.tabs.unloadOnLowMemory - there has to be a good reason for them to disable this again. best to ignore
extensions.htmlaboutaddons.enabled - some people might not like the new about:addons very much but it's only a matter of time before it will be the only about:addons page and they'll remove this pref again. Maybe a candidate for the personal section or just move it to an FYI bullet point in this diff; I'd prefer the latter
extensions.webextensions.userScripts.enabled - enables the new userScripts WE API. No reason to disable this
network.trr.wait-for-portal - wait-for-portal=false sounds good to me. safe to ignore
trailhead.firstrun.branches - as the Llama already perfectly outlined and explained, there are several ways that we could deal with this:
- ignore it because it only runs on first startup
- set this pref to "nofirstrun" and/or set trailhead.firstrun.didSeeAboutWelcome to true
- move startup.homepage_welcome_url from 5000 into a section where we can activate it again by default, to prevent this and any future shenanigans like it. This is my preferred option

Sorry, I should have gotten back to this earlier, but you know, it's interesting watching it and seeing what happens. Hadn't gotten around to re-cleaning up the changed stuff

Fuck cosmetic shit
- xul.panel-animations.enabled is a Linux only thing from memory
- extensions.htmlaboutaddons.enabled: crybabies gonna cry: how long do they spend in there, idiots
browser.tabs.unloadOnLowMemory: I stay away from system things
DoH / trr: that's what the UI is for. I don't wan to even care about this
... yada

ui.android.mouse_as_touch : I left that there as a reminder for TB for Android (TBA) and RFP. Personally, I agree with you that Android is a bit of a nightmare: but TBA still has a purpose and can provide anonymity: its better than nothing.

Trailhead: I never saw any trailhead about welcome.

I'll do some more first post manipulations to see what's left: edit - DONE - also moved toolkit.content-background-hang-monitor.disabled from new to ignore

pref("extensions.cookiesBehavior.overrideOnTopLevel", false);
https://bugzilla.mozilla.org/show_bug.cgi?id=1525917
this was StanGets' ticket - https://github.com/ghacksuserjs/ghacks-user.js/issues/492#issuecomment-461449288
I think we should add it if only for the info

WTF&^#@!&T#!: 1428901 - are they seriously considering persisting SSL session ticket IDs across sessions? Is it April 1st?

^^ LOL! comment 26:

What meaning does this have as a security bug? It's not a vulnerability in current products, and this bug isn't about a vulnerability but rather a feature request that might introduce one. Not sure who we're protecting by hiding the bug ...

priceless

comment 1, first two paragraphs. WTF are they thinking: speeding up people's first loads back to Fuckbook in a new session (see comment 2)? Gimme a break!

media.devices.insecure.enabled - IMO we can ignore this because navigator.mediaDevices is already covered by 2505 and it will be set to false by default in FF69. Also see @Okamoi's comment about this pref here

^^ indeed. It's just a pref in case they need to roll it back due to breakage

Disable getUserMedia on non-secure origins

https://bugzilla.mozilla.org/show_bug.cgi?id=1335740
- media.devices.insecure.enabled = true
https://bugzilla.mozilla.org/show_bug.cgi?id=1528031
- media.devices.insecure.enabled = false

What do you think we should do about security.certerrors.mitm.auto_enable_enterprise_roots

https://blog.mozilla.org/security/2019/07/01/fixing-antivirus-errors/

Beginning with Firefox 68, whenever a MITM error is detected, Firefox will automatically turn on the “enterprise roots” preference and retry the connection. If it fixes the problem, then the “enterprise roots” preference will remain enabled (unless the user manually sets the “security.enterprise_roots.enabled” preference to false).

To save looking at E's list

Bug 1547013 - Enable automatically fixing MitM errors by default.
Bug 1529643 - Implement MitM priming on certificate error pages.

I haven't looked into this, so not entirely sure of the diff between

security.enterprise_roots.enabled
security.certerrors.mitm.auto_enable_enterprise_roots

I for one do not want anything auto-turned on (disclosure: i have no AV to test with), but then I also do not want to break the web for end users who have AV monitoring HTTPS traffic (Enterprise, I don't care: they can handle it on their own).

Source: https://www.soeren-hentzschel.at/firefox/firefox-esr-68-faq/ (:de:) Translted with https://www.deepl.com.

`security.enterprise_roots.enabled`

Default values

ESR 68: true
release 68: false

By default, Firefox uses its own certificate store, offering increased security over other browsers. In the corporate environment, however, it is often desired that certificates from the certificate store of the operating system are used. This is why this is activated by default in Firefox ESR 68.

`security.certerrors.mitm.auto_enable_enterprise_roots`

Default values

ESR 68: false
release 68: true

Not only malware, but also so-called "security" software repeatedly interrupts encrypted connections (i.e. connections via https://) in order to read the content before it reaches the browser, and then sells it as a feature. This is referred to as man-in-the-middle ("MITM"). The consequence for Firefox users is that in some cases Firefox can no longer establish connections via https:// due to the often poor implementation. Firefox 68 can detect connection problems due to MITM. Firefox sets the option security.enterprise_roots.enabled to true and tries the connection again. If this works, Firefox leaves the option on true, otherwise the option is reset to false.

Since Firefox ESR 68 allows the import of system certificates by default, the MITM detection in Firefox ESR 68 is disabled by default.

In enterprise environment most probably on-premise PKI is in place, so the client need to have on-premise Root CA Cert (public) installed/deployed. When security.enterprise_roots.enabled = false, then FF has troubles to open on-premise sites/services. That is why I have always security.enterprise_roots.enabled = true

IHMO, security.certerrors.mitm.auto_enable_enterprise_roots should stay default.

Cheers

arkenfox / user.js

ToDo: diffs FF67-FF68 #743

new in v68.0:

removed, renamed or hidden in v68.0:

changed in v68.0:

ignore

new

removed, renamed or hidden

changed

`security.enterprise_roots.enabled`

Default values

`security.certerrors.mitm.auto_enable_enterprise_roots`

Default values