ToDo: diffs FF71-FF72

[earthlng]

FF72 is scheduled for release Jan. 7th

FF72 release notes [when ready] FF72 for developers FF72 compatibility FF72 security advisories

---

129 diffs ( 77 new, 29 gone, 23 different )

new in v72.0:

Interesting... read my comment

• visited/unvisited links
  • pref("layout.css.always-repaint-on-unvisited", false); 1506842 Access Denied
  • pref("layout.css.notify-of-unvisited", false); 1591717

FYI for future reference

• pref("network.http.http3.enabled", false);
• pref("network.notify.checkForNRPT", true);
• pref("network.notify.checkForProxies", true);
• pref("permissions.isolateBy.privateBrowsing", false);
• pref("permissions.isolateBy.userContext", false);
• pref("security.cert_pinning.hpkp.enabled", false);
• pref("security.osclientcerts.autoload",** false);

removed, renamed or hidden in v72.0:

ALL DONE - https://github.com/ghacksuserjs/ghacks-user.js/commit/e431b324c8433117c90e3e5d72eed258bc54d613

• [x] 105a pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", "https://tiles.services.mozilla.com/v4/links/activity-stream"); - 1597697
• [x] 0330 pref("toolkit.telemetry.hybridContent.enabled", true); - 1520491
• [x] 2720 pref("dom.indexedDB.enabled", true); - 1488583

changed in v72.0:

nothing to see here .. move along...

---

ignore

click me for details

==NEW ```js pref("browser.bookmarks.editDialog.maxRecentFolders", 7); pref("browser.messaging-system.personalized-cfr.score-threshold", 5000); pref("browser.messaging-system.personalized-cfr.scores", "{}"); pref("browser.newtabpage.activity-stream.discoverystream.flight.blocks", "{}"); pref("browser.newtabpage.activity-stream.discoverystream.lang-layout-config", "en"); pref("browser.search.modernConfig", false); pref("browser.tabs.remote.dataUriInDefaultWebProcess", false); pref("browser.urlbar.update1", false); pref("browser.urlbar.update1.expandTextOnFocus", false); pref("browser.urlbar.update1.view.stripHttps", false); pref("devtools.debugger.features.windowless-service-workers", false); pref("devtools.inspector.color-scheme-simulation.enabled", false); pref("devtools.performance.recording.duration", 0); pref("devtools.performance.recording.entries", 10000000); pref("devtools.performance.recording.features", "[\"js\",\"leaf\",\"stackwalk\"]"); pref("devtools.performance.recording.interval", 1000); pref("devtools.performance.recording.threads", "[\"GeckoMain\",\"Compositor\",\"Renderer\"]"); pref("devtools.recordreplay.enabled", false); pref("devtools.recordreplay.fastLogpoints", false); pref("docshell.shistory.testing.bfevict", false); pref("dom.mozPaintCount.enabled", false); pref("dom.postMessage.sharedArrayBuffer.bypassCOOP_COEP.insecure.enabled", false); pref("dom.vr.webxr.enabled", false); pref("dom.webcomponents.elementInternals.enabled", false); pref("dom.webgpu.enabled", false); pref("dom.webshare.requireinteraction", true); pref("extensions.blocklist.useXML", true); pref("extensions.content_script_csp.enabled", false); pref("extensions.content_script_csp.report_only", true); pref("extensions.contentblocker.enabled", false); pref("fission.sessionHistoryInParent", false); pref("font.cjk_pref_fallback_order", "zh-cn,zh-hk,zh-tw,ja,ko"); pref("gfx.compositor.gpu-migration", 1); pref("gfx.core-animation.tint-opaque", false); pref("gfx.webrender.compositor", false); pref("gfx.webrender.compositor.max_update_rects", 1); pref("gfx.webrender.debug.glyph-flashing", false); pref("gfx.webrender.enable-gpu-markers", false); pref("gfx.webrender.max-partial-present-rects", 0); pref("javascript.options.writable_streams", false); pref("layers.advanced.fission.enabled", false); pref("layout.css.motion-path-ray.enabled", false); pref("layout.css.scroll-anchoring.max-consecutive-adjustments", 10); pref("layout.css.scroll-anchoring.min-average-adjustment-threshold", 3); pref("layout.css.zoom-transform-hack.enabled", false); pref("media.geckoview.autoplay.request", false); pref("media.geckoview.autoplay.request.testing", 0); pref("media.peerconnection.ice.obfuscate_host_addresses.whitelist", ""); pref("media.peerconnection.sdp.alternate_parse_mode", "never"); pref("media.peerconnection.sdp.parser", "sipcc"); pref("media.rdd-webaudio.batch.size", 100); pref("media.videocontrols.picture-in-picture.audio-toggle.enabled", false); pref("mousewheel.ignore_cursor_position_in_lparam", false); pref("network.http.http3.default-max-stream-blocked", 10); pref("network.http.http3.default-qpack-table-size", 65536); pref("network.notify.initial_call", true); pref("network.preload-experimental", false); pref("network.trr.enable_when_nrpt_detected", false); pref("network.trr.enable_when_proxy_detected", false); pref("network.trr.enable_when_vpn_detected", false); pref("network.trr.send_accept-language_headers", false); pref("privacy.restrict3rdpartystorage.heuristic.opened_window_after_interaction", true); pref("privacy.restrict3rdpartystorage.heuristic.window_open", true); pref("signon.management.page.showPasswordSyncNotification", true); pref("signon.storeSignons", true); pref("svg.text-spacing.enabled", false); pref("webgl.cgl.multithreaded", true); pref("widget.disable-dark-scrollbar", false); ``` ==REMOVED or HIDDEN ```js pref("accessibility.heading-element-level-changes.enabled", false); pref("browser.newtabpage.activity-stream.discoverystream.campaign.blocks", "{}"); pref("browser.ping-centre.production.endpoint", "https://tiles.services.mozilla.com/v3/links/ping-centre"); pref("browser.ping-centre.staging.endpoint", "https://onyx_tiles.stage.mozaws.net/v3/links/ping-centre"); pref("browser.urlbar.megabar", false); pref("browser.urlbar.timesBeforeHidingSuggestionsHint", 4); pref("browser.urlbar.userMadeSearchSuggestionsChoice", false); pref("devtools.command-button-scratchpad.enabled", false); pref("devtools.scratchpad.editorFontSize", 12); pref("devtools.scratchpad.enableAutocompletion", true); pref("devtools.scratchpad.enabled", false); pref("devtools.scratchpad.lineNumbers", true); pref("devtools.scratchpad.recentFilesMax", 10); pref("devtools.scratchpad.showTrailingSpace", false); pref("devtools.scratchpad.wrapText", false); pref("dom.promise_rejection_events.enabled", true); pref("dom.webgpu.enable", false); pref("gfx.compositor.glcontext.opaque", false); pref("gfx.core-animation.enabled", false); pref("gl.require-hardware", false); pref("layout.css.moz-binding.content.enabled", false); pref("media.peerconnection.sdp.rust.compare", false); pref("media.peerconnection.sdp.rust.enabled", false); pref("network.netlink.route.check.IPv4", "23.219.91.27"); pref("network.netlink.route.check.IPv6", "2a02:26f0:40::17db:5b1b"); pref("plugin.defaultXpi.state", 2); ``` ==CHANGED ```js pref("app.update.staging.enabled", true); // prev: false pref("browser.newtabpage.activity-stream.asrouter.providers.whats-new-panel", "{\"id\":\"whats-new-panel\",\"enabled\":true,\"type\":\"remote-settings\",\"bucket\":\"whats-new-panel\",\"updateCycleInMs\":3600000}"); // prev: "{\"id\":\"whats-new-panel\",\"enabled\":true,\"type\":\"remote-settings\",\"bucket\":\"whats-new-panel\",\"updateCycleInMs\":3600000,\"exclude\":[\"EXTENDED_TRIPLETS_PRETRAILHEAD\"]}" pref("browser.newtabpage.activity-stream.telemetry.structuredIngestion.endpoint", "https://incoming.telemetry.mozilla.org/submit"); // prev: "https://incoming.telemetry.mozilla.org/submit/activity-stream" pref("devtools.debugger.features.watchpoints", true); // prev: false pref("dom.formdata.event.enabled", true); // prev: false pref("dom.security.respect_document_nosniff", true); // prev: false pref("dom.webnotifications.requireuserinteraction", true); // prev: false pref("gfx.direct3d11.use-double-buffering", true); // prev: false pref("layout.css.individual-transform.enabled", true); // prev: false pref("layout.css.motion-path.enabled", true); // prev: false pref("layout.css.shadow-parts.enabled", true); // prev: false pref("layout.viewport_contains_no_contents_area", true); // prev: false pref("media.rdd-opus.enabled", true); // prev: false pref("media.rdd-vorbis.enabled", true); // prev: false pref("media.rdd-wav.enabled", true); // prev: false pref("permissions.desktop-notification.postPrompt.enabled", true); // prev: false pref("privacy.trackingprotection.fingerprinting.enabled", true); // prev: false pref("security.tls.hello_downgrade_check", true); // prev: false pref("services.sync.engine.bookmarks.buffer", true); // prev: false pref("urlclassifier.features.socialtracking.annotate.blacklistTables", "social-tracking-protection-facebook-digest256,social-tracking-protection-linkedin-digest256,social-tracking-protection-twitter-digest256"); // prev: "social-tracking-protection-digest256,social-tracking-protection-facebook-digest256,social-tracking-protection-linkedin-digest256,social-tracking-protection-twitter-digest256" pref("urlclassifier.features.socialtracking.blacklistTables", "social-tracking-protection-facebook-digest256,social-tracking-protection-linkedin-digest256,social-tracking-protection-twitter-digest256"); // prev: "social-tracking-protection-digest256,social-tracking-protection-facebook-digest256,social-tracking-protection-linkedin-digest256,social-tracking-protection-twitter-digest256" pref("urlclassifier.trackingTable", "moztest-track-simple,ads-track-digest256,social-track-digest256,analytics-track-digest256"); // prev: "moztest-track-simple,base-track-digest256" pref("webgl.dxgl.enabled", true); // prev: false ```

[earthlng]

some bugzilla tickets

* accessibility.heading-element-level-changes.enabled Bug [1590366](https://bugzilla.mozilla.org/show_bug.cgi?id=1590366) - Remove accessibility.heading-element-level-changes.enabled. Bug [998590](https://bugzilla.mozilla.org/show_bug.cgi?id=998590) - Prototype accessibility level changes for headings behind a pref. * app.update.staging.enabled Bug [1510494](https://bugzilla.mozilla.org/show_bug.cgi?id=1510494) - Disable update staging on Windows. * browser.bookmarks.editDialog.maxRecentFolders Bug [1230453](https://bugzilla.mozilla.org/show_bug.cgi?id=1230453) - Add a hidden preference to change the number of folders in the recent list of the "bookmark this page" popup. * browser.messaging-system.personalized-cfr.scores Bug [1595090](https://bugzilla.mozilla.org/show_bug.cgi?id=1595090) - Expose scores and values to targeting expression * browser.messaging-system.personalized-cfr.score-threshold Bug [1599762](https://bugzilla.mozilla.org/show_bug.cgi?id=1599762) - Add filtering and sorting by score to ASRouterTargeting Bug [1595090](https://bugzilla.mozilla.org/show_bug.cgi?id=1595090) - Expose scores and values to targeting expression * browser.newtabpage.activity-stream.asrouter.providers.whats-new-panel Bug [1594125](https://bugzilla.mozilla.org/show_bug.cgi?id=1594125) - Allow showing remote triplets with different header default off Bug [1575884](https://bugzilla.mozilla.org/show_bug.cgi?id=1575884) - Create a provider for the What's new message bucket * browser.newtabpage.activity-stream.discoverystream.lang-layout-config Bug [1567273](https://bugzilla.mozilla.org/show_bug.cgi?id=1567273) - Pref to enable lang config for Discovery Stream layouts * browser.ping-centre.production.endpoint Bug [1597697](https://bugzilla.mozilla.org/show_bug.cgi?id=1597697) - Stop sending AS heartbeat ping to Tiles data pipeline. * browser.ping-centre.staging.endpoint Bug [1597697](https://bugzilla.mozilla.org/show_bug.cgi?id=1597697) - Stop sending AS heartbeat ping to Tiles data pipeline. * browser.search.modernConfig Bug [1599172](https://bugzilla.mozilla.org/show_bug.cgi?id=1599172) - Re-initialize the Search Service when the pref 'browser.search.modernConfig' is flipped, to aid in testing. * browser.tabs.remote.dataUriInDefaultWebProcess Bug [1584031](https://bugzilla.mozilla.org/show_bug.cgi?id=1584031) - Add a pref to put data URIs in their own process when using fission. * browser.urlbar.megabar Bug [1597698](https://bugzilla.mozilla.org/show_bug.cgi?id=1597698) - Move all megabar prefs under a urlbar.update1 branch. Bug [1593664](https://bugzilla.mozilla.org/show_bug.cgi?id=1593664) - Add urlbar.megabar.expandTextOnFocus pref and increase font size to the equivalent of 15px on focus. Bug [1592126](https://bugzilla.mozilla.org/show_bug.cgi?id=1592126) - Disable the megabar redesign until the next design iteration. Bug [1577541](https://bugzilla.mozilla.org/show_bug.cgi?id=1577541) - Enable megabar pref by default in Nightly. Bug [1573581](https://bugzilla.mozilla.org/show_bug.cgi?id=1573581) - Add megabar pref. * browser.urlbar.timesBeforeHidingSuggestionsHint Bug [1525296](https://bugzilla.mozilla.org/show_bug.cgi?id=1525296) - Remove any remaining references to old search suggestions notifications. * browser.urlbar.update1 Bug [1599785](https://bugzilla.mozilla.org/show_bug.cgi?id=1599785) - Hide and rename Urlbar searchButton pref. Bug [1597698](https://bugzilla.mozilla.org/show_bug.cgi?id=1597698) - Move all megabar prefs under a urlbar.update1 branch. * browser.urlbar.update1.expandTextOnFocus Bug [1597698](https://bugzilla.mozilla.org/show_bug.cgi?id=1597698) - Move all megabar prefs under a urlbar.update1 branch. * browser.urlbar.update1.view.stripHttps Bug [1597698](https://bugzilla.mozilla.org/show_bug.cgi?id=1597698) - Move all megabar prefs under a urlbar.update1 branch. * browser.urlbar.userMadeSearchSuggestionsChoice Bug [1525296](https://bugzilla.mozilla.org/show_bug.cgi?id=1525296) - Remove any remaining references to old search suggestions notifications. * devtools.command-button-scratchpad.enabled Bug [1519103](https://bugzilla.mozilla.org/show_bug.cgi?id=1519103) - Remove Scratchpad panel. * devtools.inspector.color-scheme-simulation.enabled Bug [1550804](https://bugzilla.mozilla.org/show_bug.cgi?id=1550804) - Add color scheme simulation to the inspector. * devtools.performance.recording.duration Bug [1599745](https://bugzilla.mozilla.org/show_bug.cgi?id=1599745) - Register all performance panel recording preferences and move their default values there. * devtools.performance.recording.entries Bug [1599745](https://bugzilla.mozilla.org/show_bug.cgi?id=1599745) - Register all performance panel recording preferences and move their default values there. * devtools.performance.recording.features Bug [1599745](https://bugzilla.mozilla.org/show_bug.cgi?id=1599745) - Update default values of profiler recording preferences. Bug [1599745](https://bugzilla.mozilla.org/show_bug.cgi?id=1599745) - Register all performance panel recording preferences and move their default values there. * devtools.performance.recording.interval Bug [1599745](https://bugzilla.mozilla.org/show_bug.cgi?id=1599745) - Register all performance panel recording preferences and move their default values there. * devtools.performance.recording.threads Bug [1599745](https://bugzilla.mozilla.org/show_bug.cgi?id=1599745) - Update default values of profiler recording preferences. Bug [1599745](https://bugzilla.mozilla.org/show_bug.cgi?id=1599745) - Register all performance panel recording preferences and move their default values there. * devtools.recordreplay.enabled Bug [1590241](https://bugzilla.mozilla.org/show_bug.cgi?id=1590241) - Enable WebReplay appears in DevEdition. * devtools.recordreplay.fastLogpoints Bug [1594042](https://bugzilla.mozilla.org/show_bug.cgi?id=1594042) - Improve logpoint performance, * devtools.scratchpad.editorFontSize Bug [1519103](https://bugzilla.mozilla.org/show_bug.cgi?id=1519103) - Remove Scratchpad panel. * devtools.scratchpad.enableAutocompletion Bug [1519103](https://bugzilla.mozilla.org/show_bug.cgi?id=1519103) - Remove Scratchpad panel. * devtools.scratchpad.enabled Bug [1519103](https://bugzilla.mozilla.org/show_bug.cgi?id=1519103) - Remove Scratchpad panel. * devtools.scratchpad.lineNumbers Bug [1519103](https://bugzilla.mozilla.org/show_bug.cgi?id=1519103) - Remove Scratchpad panel. * devtools.scratchpad.recentFilesMax Bug [1519103](https://bugzilla.mozilla.org/show_bug.cgi?id=1519103) - Remove Scratchpad panel. * devtools.scratchpad.showTrailingSpace Bug [1519103](https://bugzilla.mozilla.org/show_bug.cgi?id=1519103) - Remove Scratchpad panel. * devtools.scratchpad.wrapText Bug [1519103](https://bugzilla.mozilla.org/show_bug.cgi?id=1519103) - Remove Scratchpad panel. * docshell.shistory.testing.bfevict Bug [1545474](https://bugzilla.mozilla.org/show_bug.cgi?id=1545474) - Part 3: Test eviction of content viewer entries, * dom.formdata.event.enabled Bug [1518442](https://bugzilla.mozilla.org/show_bug.cgi?id=1518442) - Part 3: Add dom.formdata.event.enabled preference for Event-based form participation; * dom.indexedDB.enabled Bug [1488583](https://bugzilla.mozilla.org/show_bug.cgi?id=1488583) - Remove unsupported, misleading "dom.indexedDB.enabled" preference * dom.mozPaintCount.enabled Bug [1591968](https://bugzilla.mozilla.org/show_bug.cgi?id=1591968) - Put window.mozPaintCount behind a default-off pref. * dom.postMessage.sharedArrayBuffer.bypassCOOP_COEP.insecure.enabled Bug [1587394](https://bugzilla.mozilla.org/show_bug.cgi?id=1587394) - Provide a pref to bypass postMessage COOP and COEP check on Nightly and Dev; * dom.promise_rejection_events.enabled Bug [1578241](https://bugzilla.mozilla.org/show_bug.cgi?id=1578241) - Get rid of dom.promise_rejection_events.enabled; * dom.storage.next_gen Bug [1594299](https://bugzilla.mozilla.org/show_bug.cgi?id=1594299) - Disable LSNG in 71; * dom.vr.webxr.enabled Bug [1581374](https://bugzilla.mozilla.org/show_bug.cgi?id=1581374) - Implement WebGLContext.makeXRCompatible (WIP) * dom.webcomponents.elementInternals.enabled Bug [1552313](https://bugzilla.mozilla.org/show_bug.cgi?id=1552313) - Implement custom element disabledFeatures and disableInternals; * dom.webgpu.enable Bug [1602880](https://bugzilla.mozilla.org/show_bug.cgi?id=1602880) - Rename dom.webgpu.enable pref and restrict the CTS. * dom.webgpu.enabled Bug [1602880](https://bugzilla.mozilla.org/show_bug.cgi?id=1602880) - Rename dom.webgpu.enable pref and restrict the CTS. * dom.webshare.requireinteraction Bug [1402369](https://bugzilla.mozilla.org/show_bug.cgi?id=1402369) - Add WebShare support to GeckoView. * extensions.blocklist.useXML Bug [1594521](https://bugzilla.mozilla.org/show_bug.cgi?id=1594521) - enable remote settings blocklist on nightly, * extensions.content_script_csp.enabled Bug [1581611](https://bugzilla.mozilla.org/show_bug.cgi?id=1581611) Part 2: apply content script csp * extensions.content_script_csp.report_only Bug [1581611](https://bugzilla.mozilla.org/show_bug.cgi?id=1581611) Part 2: apply content script csp * extensions.contentblocker.enabled Bug [1597541](https://bugzilla.mozilla.org/show_bug.cgi?id=1597541) - Added pref and disabled nsContentBlocker by default. * fission.sessionHistoryInParent Bug [1591943](https://bugzilla.mozilla.org/show_bug.cgi?id=1591943) - Merge Fission session history changes from ash to central. Turn off session history in the parent for now. Bug [1438272](https://bugzilla.mozilla.org/show_bug.cgi?id=1438272) - Part 3a: move session history to parent process (turn on session history in parent process with the pref). Bug [1438272](https://bugzilla.mozilla.org/show_bug.cgi?id=1438272) - Part 3: move session history to parent process. * font.cjk_pref_fallback_order Bug [1596875](https://bugzilla.mozilla.org/show_bug.cgi?id=1596875) - patch 2 - Add a pref to control the fallback order of CJK font prefs when no lang/locale hint is available. * gfx.compositor.glcontext.opaque Bug [1576390](https://bugzilla.mozilla.org/show_bug.cgi?id=1576390) - Remove the prefs gfx.core-animation.enabled and gfx.compositor.glcontext.opaque, and all the code needed to support it. * gfx.compositor.gpu-migration Bug [1599862](https://bugzilla.mozilla.org/show_bug.cgi?id=1599862) - hide macos gpu migration on WR behind a pref. * gfx.core-animation.enabled Bug [1574538](https://bugzilla.mozilla.org/show_bug.cgi?id=1574538) - Enable CoreAnimation by default. Bug [1576390](https://bugzilla.mozilla.org/show_bug.cgi?id=1576390) - Remove the prefs gfx.core-animation.enabled and gfx.compositor.glcontext.opaque, and all the code needed to support it. * gfx.core-animation.tint-opaque Bug [1596955](https://bugzilla.mozilla.org/show_bug.cgi?id=1596955) - Add opaqueness tinting to NativeLayerCA. * gfx.webrender.compositor Bug [1592510](https://bugzilla.mozilla.org/show_bug.cgi?id=1592510) - Make partial updates with WebRender OS compositor work on Windows Bug [1591752](https://bugzilla.mozilla.org/show_bug.cgi?id=1591752) - FFI for WebRender OS compositor integration: Create WrCompositor struct which implements the webrender::Compositor trait and calls through to virtual methods on RenderCompositor. * gfx.webrender.compositor.max_update_rects Bug [1592510](https://bugzilla.mozilla.org/show_bug.cgi?id=1592510) - Make partial updates with WebRender OS compositor work on Windows * gfx.webrender.debug.glyph-flashing Bug [1593094](https://bugzilla.mozilla.org/show_bug.cgi?id=1593094). Add glyph flashing pref. * gfx.webrender.enable-gpu-markers Bug [1595036](https://bugzilla.mozilla.org/show_bug.cgi?id=1595036) - Put GPU debug markers behind a pref * gfx.webrender.max-partial-present-rects Bug [1575159](https://bugzilla.mozilla.org/show_bug.cgi?id=1575159) - Implement partial invalidation on Windows * gl.require-hardware Bug [1596248](https://bugzilla.mozilla.org/show_bug.cgi?id=1596248) - Remove the pref gl.require-hardware and instead just respect CreateContextFlags::FORCE_ENABLE_HARDWARE. * javascript.options.writable_streams Bug [1582348](https://bugzilla.mozilla.org/show_bug.cgi?id=1582348) - Enable writable streams in the browser when the javascript.options.{,writable_}streams prefs are set. (Writable streams are only half-implemented; DO NOT start reporting bugs yet, it *will* crash in all sorts of trivial ways.) * layers.advanced.fission.enabled Bug [1588484](https://bugzilla.mozilla.org/show_bug.cgi?id=1588484) - Disable Advanced Layers for now when using fission for the window. * layout.css.always-repaint-on-unvisited Bug [1506842](https://bugzilla.mozilla.org/show_bug.cgi?id=1506842) - Always restyle / repaint when a visited query finishes. * layout.css.motion-path-ray.enabled Bug [1582554](https://bugzilla.mozilla.org/show_bug.cgi?id=1582554) - Add a preference for offset-path:ray(). * layout.css.moz-binding.content.enabled Bug [1591297](https://bugzilla.mozilla.org/show_bug.cgi?id=1591297) - Remove -moz-binding, nsStyleDisplay::mBinding and similar. * layout.css.notify-of-unvisited Bug [1591717](https://bugzilla.mozilla.org/show_bug.cgi?id=1591717) - Add a pref to notify of unvisited uris in the history service. * layout.css.scroll-anchoring.max-consecutive-adjustments Bug [1592474](https://bugzilla.mozilla.org/show_bug.cgi?id=1592474) - Add some heuristics to disable scroll anchoring in pathological cases. * layout.css.scroll-anchoring.min-average-adjustment-threshold Bug [1592474](https://bugzilla.mozilla.org/show_bug.cgi?id=1592474) - Add some heuristics to disable scroll anchoring in pathological cases. * layout.css.zoom-transform-hack.enabled Bug [1589766](https://bugzilla.mozilla.org/show_bug.cgi?id=1589766) - Experiment with implementing zoom as a transform + transform-origin shorthand. * media.geckoview.autoplay.request Bug [1593843](https://bugzilla.mozilla.org/show_bug.cgi?id=1593843) - part6 : add a static pref to control this feature. * media.geckoview.autoplay.request.testing Bug [1593843](https://bugzilla.mozilla.org/show_bug.cgi?id=1593843) - part6 : add a static pref to control this feature. * media.peerconnection.ice.obfuscate_host_addresses Bug [1598001](https://bugzilla.mozilla.org/show_bug.cgi?id=1598001) - Add default value for obfuscate_host_addresses.whitelist pref; Bug [1588817](https://bugzilla.mozilla.org/show_bug.cgi?id=1588817) - Enable mDNS hostname obfuscation on desktop platforms; Bug [1554976](https://bugzilla.mozilla.org/show_bug.cgi?id=1554976) - Add plumbing to enable/disable host address obfuscation; * media.peerconnection.ice.obfuscate_host_addresses.whitelist Bug [1598001](https://bugzilla.mozilla.org/show_bug.cgi?id=1598001) - Add default value for obfuscate_host_addresses.whitelist pref; * media.peerconnection.sdp.alternate_parse_mode Bug [1598988](https://bugzilla.mozilla.org/show_bug.cgi?id=1598988) - pref off the Rust SDP parser for now; Bug [1570549](https://bugzilla.mozilla.org/show_bug.cgi?id=1570549) - P7 - Add SDP pref defaults; * media.peerconnection.sdp.parser Bug [1570549](https://bugzilla.mozilla.org/show_bug.cgi?id=1570549) - P8 - Restore SDP comparison telemetry;r=bwc Bug [1570549](https://bugzilla.mozilla.org/show_bug.cgi?id=1570549) - P7 - Add SDP pref defaults; * media.peerconnection.sdp.rust.compare Bug [1570549](https://bugzilla.mozilla.org/show_bug.cgi?id=1570549) - P7 - Add SDP pref defaults; * media.peerconnection.sdp.rust.enabled Bug [1570549](https://bugzilla.mozilla.org/show_bug.cgi?id=1570549) - P7 - Add SDP pref defaults; * media.rdd-webaudio.batch.size Bug [1568058](https://bugzilla.mozilla.org/show_bug.cgi?id=1568058) - pt 4 - Use batch decoding in MediaBufferDecoder. * media.videocontrols.picture-in-picture.audio-toggle.enabled Bug [1575075](https://bugzilla.mozilla.org/show_bug.cgi?id=1575075) - Add an audio toggle button in PiP to mute and unmute a video. * mousewheel.ignore_cursor_position_in_lparam Bug [1570124](https://bugzilla.mozilla.org/show_bug.cgi?id=1570124) - Enable mouse scrolling in FxR window * network.http.http3.default-max-stream-blocked Bug [1581637](https://bugzilla.mozilla.org/show_bug.cgi?id=1581637) - Part 5 - Add Http3 prefs. * network.http.http3.default-qpack-table-size Bug [1581637](https://bugzilla.mozilla.org/show_bug.cgi?id=1581637) - Part 5 - Add Http3 prefs. * network.http.http3.enabled Bug [1581637](https://bugzilla.mozilla.org/show_bug.cgi?id=1581637) - Part 5 - Add Http3 prefs. * network.netlink.route.check.IPv4 Bug [1593693](https://bugzilla.mozilla.org/show_bug.cgi?id=1593693) - nsINetworkLinkService.isLinkUp returns true when no network connection is available, * network.netlink.route.check.IPv6 Bug [1593693](https://bugzilla.mozilla.org/show_bug.cgi?id=1593693) - nsINetworkLinkService.isLinkUp returns true when no network connection is available, * network.notify.checkForNRPT Bug [1565022](https://bugzilla.mozilla.org/show_bug.cgi?id=1565022) - TRR: Check for NRPT on Windows to use platform DNS * network.notify.checkForProxies Bug [1565008](https://bugzilla.mozilla.org/show_bug.cgi?id=1565008) - TRR: Check for Proxy on Windows to use platform DNS * network.notify.initial_call Bug [1590528](https://bugzilla.mozilla.org/show_bug.cgi?id=1590528) - Call CheckAdaptersAddresses at startup * network.preload-experimental Bug [1594449](https://bugzilla.mozilla.org/show_bug.cgi?id=1594449) - <link rel="preload"> implemented as a speculative load initiated during the prescan phase in the HTML5 parser, disabled by default, only supports "script" and "styles" types, * network.trr.enable_when_nrpt_detected Bug [1565022](https://bugzilla.mozilla.org/show_bug.cgi?id=1565022) - TRR: Check for NRPT on Windows to use platform DNS * network.trr.enable_when_proxy_detected Bug [1565008](https://bugzilla.mozilla.org/show_bug.cgi?id=1565008) - TRR: Check for Proxy on Windows to use platform DNS * network.trr.enable_when_vpn_detected Bug [1565004](https://bugzilla.mozilla.org/show_bug.cgi?id=1565004) - Make sure we skip TRR when there's an active VPN * network.trr.send_accept-language_headers Bug [1544724](https://bugzilla.mozilla.org/show_bug.cgi?id=1544724) - Do not set the 'accept-language' header for DoH requests * permissions.desktop-notification.postPrompt.enabled Bug [1593644](https://bugzilla.mozilla.org/show_bug.cgi?id=1593644) - Also enable permissions.desktop-notification.postPrompt.enabled. * permissions.isolateBy.privateBrowsing Bug [1422056](https://bugzilla.mozilla.org/show_bug.cgi?id=1422056) - nsPermissionManager: Disabled OA stripping for private browsing and added OA strip prefs. * permissions.isolateBy.userContext Bug [1422056](https://bugzilla.mozilla.org/show_bug.cgi?id=1422056) - nsPermissionManager: Disabled OA stripping for private browsing and added OA strip prefs. * plugin.defaultXpi.state Bug [1596090](https://bugzilla.mozilla.org/show_bug.cgi?id=1596090) - use staticprefs for flash enabled state pref, * privacy.restrict3rdpartystorage.heuristic.opened_window_after_interaction Bug [1597841](https://bugzilla.mozilla.org/show_bug.cgi?id=1597841) - Add preferences for the automated storage access grant heuristics for ETP; * privacy.restrict3rdpartystorage.heuristic.window_open Bug [1597841](https://bugzilla.mozilla.org/show_bug.cgi?id=1597841) - Add preferences for the automated storage access grant heuristics for ETP; * privacy.trackingprotection.fingerprinting.enabled Bug [1598493](https://bugzilla.mozilla.org/show_bug.cgi?id=1598493) - Enable fingerprinting blocking by default, Bug [1581625](https://bugzilla.mozilla.org/show_bug.cgi?id=1581625) - Move fingerprinting blocking out of the Standard mode of content blocking; Bug [1560184](https://bugzilla.mozilla.org/show_bug.cgi?id=1560184) - Enable fingerprinting blocking by default in all channels. * security.cert_pinning.hpkp.enabled bug [1412438](https://bugzilla.mozilla.org/show_bug.cgi?id=1412438) - add preference to disable HPKP by default * security.osclientcerts.autoload bug [1597525](https://bugzilla.mozilla.org/show_bug.cgi?id=1597525) - unhide security.osclientcerts.autoload pref * security.tls.hello_downgrade_check Bug [1576790](https://bugzilla.mozilla.org/show_bug.cgi?id=1576790) - Enable version downgrade sentinel in TLS, * signon.management.page.showPasswordSyncNotification Bug [1571425](https://bugzilla.mozilla.org/show_bug.cgi?id=1571425) - Add a 'Don't ask again' button to the Sync Options notification bar in about:logins. * signon.storeSignons Bug [1591462](https://bugzilla.mozilla.org/show_bug.cgi?id=1591462) - [4.2] Disable LoginManager storage for GeckoView. * svg.text-spacing.enabled Bug [1599173](https://bugzilla.mozilla.org/show_bug.cgi?id=1599173) - Disable SVG text spacing with a pref. * toolkit.telemetry.hybridContent.enabled Bug [1520491](https://bugzilla.mozilla.org/show_bug.cgi?id=1520491) - Remove Hybrid Content Telemetry * urlclassifier.features.socialtracking.annotate.blacklistTables Bug [1590779](https://bugzilla.mozilla.org/show_bug.cgi?id=1590779) - Remove social-tracking-protection-digest256 in preferences and GeckoView; Bug [1573176](https://bugzilla.mozilla.org/show_bug.cgi?id=1573176) - Fix SafeBrowsing doesn't use correct preference name for social tracking and cryptoming. * urlclassifier.features.socialtracking.blacklistTables Bug [1590779](https://bugzilla.mozilla.org/show_bug.cgi?id=1590779) - Remove social-tracking-protection-digest256 in preferences and GeckoView; Bug [1570805](https://bugzilla.mozilla.org/show_bug.cgi?id=1570805) - [stp] Turn on Social Tracking Protection Prefs, * urlclassifier.trackingTable Bug [1589154](https://bugzilla.mozilla.org/show_bug.cgi?id=1589154) - Replace base-track-digest256 in urlclassifier.trackingTable; * webgl.cgl.multithreaded Bug [1596248](https://bugzilla.mozilla.org/show_bug.cgi?id=1596248) - Add CreateContextFlags::PREFER_MULTITHREADED and change the pref name from gl to webgl. * widget.disable-dark-scrollbar Bug [1578377](https://bugzilla.mozilla.org/show_bug.cgi?id=1578377) - Render dark scrollbars for element with dark background on Windows.

[rusty-snake]

Can be moved to ignore

pref("browser.urlbar.update1", false);
pref("browser.urlbar.update1.expandTextOnFocus", false);
pref("browser.urlbar.update1.view.stripHttps", false);
pref("javascript.options.writable_streams", false);
pref("svg.text-spacing.enabled", false);
pref("dom.webgpu.enabled", false);
pref("widget.disable-dark-scrollbar", false);
pref("media.videocontrols.picture-in-picture.audio-toggle.enabled", false);
pref("mousewheel.ignore_cursor_position_in_lparam", false);

Default: false, Personal candidate: stripHttps.

devtools.*, gfx.*, font.cjk_pref_fallback_order

pref("network.trr.enable_when_nrpt_detected", false);
pref("network.trr.enable_when_proxy_detected", false);
pref("network.trr.enable_when_vpn_detected", false);
pref("network.trr.send_accept-language_headers", false);

No trr section

pref("app.update.staging.enabled", true); // prev: false don't mess with internal stuff

[RubenSlovan]

Is there any possibility left to block dom.storage and dom.indexedDB prefs?

dom.indexedDB.enabled - removed completely dom.storage.enabled false - not work anymore (storage always ON)

[Thorin-Oakenpants]

IDB

• you need this true for extensions to work
• using IDB requires a cookie permission - so block the cookie and voila, no IDB
• if you can't do that, then isolate the data - FPI / temp container
• use a one off PB window (IDB is disabled in PB mode)
• sanitize persistent web data on close

dom storage?

• is this the 2710 pref? I'm not even sure what that refers to anymore (so many changes with what controls what and LSNG and quota and so on). How are you testing that setting the pref to false is broken?

[RubenSlovan]

Im always block dom.indexedDB.enabled. ALL my extensions works fine with **false**. But if you say that when all cookies are blocked, this does not work, then OK. About dom storage. Yes its 2710. How did I test? Too many folders are created in the folder "storage". Moreover. uBlock Origin and uMatrix save filtres updates in folder "browser-extension-data" when dom.storage.enabled false and when true in "storage" folder. On firefox 72 with dom.storage.enabled false and extensions.webextensions.ExtensionStorageIDB.enabled false it still save filtres updates in "storage" folder. I`m not have this problem with v.71.

[Thorin-Oakenpants]

Yes, some extensions use fallbacks, and of course I meant extensions that use IDB would fail. That said there have been a lot of changes, and I don't really follow the web ext dev space.

The folder "storage" is IDB entries. You only need worry about the storage/default/ folder. As for dom.storage.enabled - I'm guessing this relates to localStorage and session Storage - you can check those by looking in webappsstore.sqlite. Or you can use this - Every time you run it, it attempts to create a new unique piece of data and read it back: js cookie, localStorage, sessionStorage, and IDB. (I'm yet to add in the service workers tests) - so no need to sanitize or look up external files/folders. Just test it. I would suggest at a minimum that you reload the page between flipping any prefs

[Thorin-Oakenpants]

@RubenSlovan

dom.storage.enabled controls localStorage and sessionStorage. Here is a test with the pref at default true on the left, and false on the right

[rusty-snake]

pref("network.notify.checkForNRPT", true);
pref("network.notify.checkForProxies", true);

# Whether to check the registry for <> on network changes that
# indicate that TRR should not be used.

https://dxr.mozilla.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml#7088-7100

[earthlng]

layout.css.always-repaint-on-unvisited + layout.css.notify-of-unvisited could be of interest. The ticket for the former is even ACCESS DENIED.

Apart from those 2, there's nothing that immediately stands out to me.

We could re-enable the HPKP functionality until they completely remove it. We can deal with the permission isolation stuff when they start enabling it.

[Thorin-Oakenpants]

https://hg.mozilla.org/integration/mozilla-inbound/rev/89fad029456188f03a670ef5f08a5d0856a728b1

Right, so by always repainting (visited or not) then this should mitigate any timing attacks - the pref layout_css_always_repaint_on_unvisited is still default false in nightly 74.

---

Update: I checked with the patch author. Both are required true in order to work. They are OK to flip but there are significant performance regressions on link-heavy pages (e.g google, wikipedia) and the repainting scheduling requires some optimizing first before being flipped - give it a few releases since it's not high priority. When this becomes mainstream, I assume that 0805 would become obsolete (but we would keep it for ESR users)?. We should probably wait for it to get flipped rather than force it on people.

[Thorin-Oakenpants]

FYI: upgraded to 72 and browser.messaging-system.whatsNewPanel.enabled = false in my overrides .. and I still got the what's new giftbox icon showing up - maybe that pref doesn't do what I thought it does

Edit: OK, I wasn't the only one: https://old.reddit.com/r/firefox/comments/eo0hf0/new_working_method_to_remove_whats_new_gift_icon/

[Thorin-Oakenpants]

OK, I'm done here. Thumbs up or close if you're happy @earthlng and I'll do a release

[earthlng]

Thanks @rusty-snake for your inputs