ToDo: diffs FF74-FF75

[earthlng]

FF75 is scheduled for release Apr. 7th

FF75 release notes [when ready] FF75 for developers FF75 compatibility FF75 security advisories

---

113 diffs ( 63 new, 24 gone, 26 different )

new in v75.0:

• [x] pref("browser.privatebrowsing.forceMediaMemoryCache", false); 1532486 - https://github.com/ghacksuserjs/ghacks-user.js/commit/dd162d9f489686d821d4a53377e15d7fab16dd15 + https://github.com/ghacksuserjs/ghacks-user.js/commit/b90e72370c5fca05e13f91bef873fcb4b3104d05
• FYI: pref("default-browser-agent.enabled", true);
  • only applies to windows installations and already covered by telemetry master switch
  • [1] blog link
  • [2] [source docs link]()
  • feel free to get all paranoid and delete default-browser-agent.exe
• FYI: pref("dom.document.exec_command.nested_calls_allowed", true); 1611374
  • is being tested in Nightly/Beta and will get flipped when ready
• For visibility/reference for when it's flipped
  • pref("dom.reporting.crash.enabled", false); - 1607364

removed, renamed or hidden in v75.0:

• [x] 0205 pref("browser.search.geoip.url", "https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%"); - 1589618 - https://github.com/ghacksuserjs/ghacks-user.js/commit/deae6e14f989710ebdfddafa21e2406efb79795b
  • removed 0205 - https://github.com/ghacksuserjs/ghacks-user.js/commit/b695468c7e0e39a614aebf47c5e4c0ad78749766

changed in v75.0:

• 1202 pref("security.tls.version.min", 1); // prev: 3
• FYI: pref("security.remote_settings.intermediates.enabled", true); // prev: false
  • this is good, don't disable it: see link

---

ignore

click me for details

==NEW ```js pref("browser.aboutwelcome.enabled", false); pref("browser.aboutwelcome.log", "warn"); pref("browser.cache.disk.content_type_media_limit", 50); pref("browser.contentblocking.report.lockwise.mobile-android.url", "https://play.google.com/store/apps/details?id=mozilla.lockbox&referrer=utm_source%3Dprotection_report%26utm_content%3Dmobile_promotion"); pref("browser.contentblocking.report.lockwise.mobile-ios.url", "https://apps.apple.com/app/id1314000270"); pref("browser.contentblocking.report.mobile-android.url", "https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_report%26utm_content%3Dmobile_promotion"); pref("browser.contentblocking.report.mobile-ios.url", "https://apps.apple.com/app/firefox-private-safe-browser/id989804926"); pref("browser.contentblocking.report.show_mobile_app", false); pref("browser.display.suppress_canvas_background_image_on_forced_colors", true); pref("browser.newtabpage.activity-stream.discoverystream.isCollectionDismissible", false); pref("browser.newtabpage.activity-stream.discoverystream.region-basic-layout", true); pref("browser.newtabpage.activity-stream.discoverystream.region-layout-config", "US,CA"); pref("browser.newtabpage.activity-stream.discoverystream.region-spocs-config", "US"); pref("browser.newtabpage.activity-stream.discoverystream.region-stories-config", "US,DE,CA"); pref("browser.startup.homepage.abouthome_cache.enabled", false); pref("browser.tabs.remote.separatePrivilegedMozillaWebContentProcess", true); // prev: false pref("devtools.debugger.features.async-captured-stacks", false); pref("devtools.debugger.features.command-click", false); pref("devtools.performance.popup.intro-displayed", false); pref("devtools.webconsole.input.context", false); pref("dom.confirm_repost.testing.always_accept", false); pref("dom.css_pseudo_element.enabled", false); pref("dom.image-lazy-loading.root-margin.bottom", "0.0"); pref("dom.image-lazy-loading.root-margin.bottom.percentage", false); pref("dom.image-lazy-loading.root-margin.left", "0.0"); pref("dom.image-lazy-loading.root-margin.left.percentage", false); pref("dom.image-lazy-loading.root-margin.right", "0.0"); pref("dom.image-lazy-loading.root-margin.right.percentage", false); pref("dom.image-lazy-loading.root-margin.top", "0.0"); pref("dom.image-lazy-loading.root-margin.top.percentage", false); pref("dom.IntersectionObserverExplicitDocumentRoot.enabled", false); pref("geo.provider-country.network.scan", false); pref("geo.provider-country.network.url", "https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%"); pref("geo.provider.network.timeToWaitBeforeSending", 5000); pref("gfx.webrender.batching.lookback", 10); pref("gfx.webrender.debug.disable-raster-root-scale", false); pref("gfx.webrender.dl.dump-content-serialized", false); pref("layout.css.conic-gradient.enabled", false); pref("layout.css.focus-visible.enabled", false); pref("media.eme.require-app-approval", false); pref("media.mediacontrol.eligible.media.duration.s", "3.0"); pref("media.mediacontrol.stopcontrol.timer.ms", 60000); pref("media.mediasource.vp9.enabled", true); pref("network.cookie.sameSite.laxPlusPOST.timeout", 120); pref("network.cookieJarSettings.unblocked_for_testing", false); pref("network.http.stale_while_revalidate.enabled", true); pref("network.trr.fetch_off_main_thread", true); pref("network.trr.send_empty_accept-encoding_headers", true); pref("pdfjs.ignoreDestinationZoom", false); pref("privacy.purge_trackers.enabled", false); pref("privacy.purge_trackers.logging.enabled", false); pref("privacy.purge_trackers.max_purge_count", 100); pref("remote.log.truncate", true); pref("security.sandbox.socket.win32k-disable", true); pref("services.sync.extension-storage.skipPercentageChance", 20); pref("signon.passwordEditCapture.enabled", false); pref("toolkit.telemetry.geckoview.maxBatchStalenessMS", 60000); pref("view_source.tab_size", 4); pref("webgl.power-preference-override", 0); pref("widget.disable-native-theme-for-content", false); ``` ==REMOVED or HIDDEN ```js pref("browser.contentblocking.control-center.ui.showAllowedLabels", false); pref("browser.contentblocking.control-center.ui.showBlockedLabels", true); pref("browser.contentblocking.report.lockwise.url", "https://lockwise.firefox.com/?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-protections&utm_content=about-protections"); pref("browser.newtabpage.activity-stream.discoverystream.lang-layout-config", "en"); pref("browser.search.geoip.timeout", 3000); pref("browser.urlbar.clickSelectsAll", true); pref("browser.urlbar.doubleClickSelectsAll", false); pref("devtools.inspector.showUserAgentShadowRoots", false); pref("devtools.recordreplay.allowRepaintFailures", true); pref("devtools.recordreplay.cloudServer", ""); pref("devtools.recordreplay.enabled", false); pref("devtools.recordreplay.fastLogpoints", false); pref("devtools.recordreplay.includeSystemScripts", false); pref("devtools.recordreplay.logging", false); pref("devtools.recordreplay.loggingFull", false); pref("devtools.recordreplay.mvp.enabled", false); pref("dom.vr.openvr.action_input", true); pref("layout.css.webkit-appearance.enabled", true); pref("network.cookieSettings.unblocked_for_testing", false); pref("print.use_global_printsettings", true); pref("security.strict_security_checks.enabled", false); pref("webgl.default-low-power", true); pref("widget.disable-native-theme", false); ``` ==CHANGED ```js pref("browser.urlbar.openViewOnFocus", true); // prev: false pref("browser.urlbar.update1", true); // prev: false pref("browser.urlbar.update1.interventions", true); // prev: false pref("browser.urlbar.update1.searchTips", true); // prev: false pref("browser.urlbar.update1.view.stripHttps", true); // prev: false pref("devtools.debugger.features.async-live-stacks", true); // prev: false pref("devtools.netmonitor.columnsData", "[{\"name\":\"status\",\"minWidth\":30,\"width\":5}, {\"name\":\"method\",\"minWidth\":30,\"width\":5}, {\"name\":\"domain\",\"minWidth\":30,\"width\":10}, {\"name\":\"file\",\"minWidth\":30,\"width\":25}, {\"name\":\"url\",\"minWidth\":30,\"width\":25}, {\"name\":\"cause\",\"minWidth\":30,\"width\":10},{\"name\":\"initiator\",\"minWidth\":30,\"width\":10},{\"name\":\"type\",\"minWidth\":30,\"width\":5},{\"name\":\"transferred\",\"minWidth\":30,\"width\":10},{\"name\":\"contentSize\",\"minWidth\":30,\"width\":5},{\"name\":\"waterfall\",\"minWidth\":150,\"width\":15}]"); // prev: "[{\"name\":\"status\",\"minWidth\":30,\"width\":5}, {\"name\":\"method\",\"minWidth\":30,\"width\":5}, {\"name\":\"domain\",\"minWidth\":30,\"width\":10}, {\"name\":\"file\",\"minWidth\":30,\"width\":25}, {\"name\":\"url\",\"minWidth\":30,\"width\":25}, {\"name\":\"cause\",\"minWidth\":30,\"width\":10},{\"name\":\"type\",\"minWidth\":30,\"width\":5},{\"name\":\"transferred\",\"minWidth\":30,\"width\":10},{\"name\":\"contentSize\",\"minWidth\":30,\"width\":5},{\"name\":\"waterfall\",\"minWidth\":150,\"width\":25}]" pref("devtools.webconsole.input.eagerEvaluation", true); // prev: false pref("dom.animations-api.autoremove.enabled", true); // prev: false pref("dom.animations-api.getAnimations.enabled", true); // prev: false pref("dom.animations-api.implicit-keyframes.enabled", true); // prev: false pref("dom.animations-api.timelines.enabled", true); // prev: false pref("dom.forms.requestsubmit.enabled", true); // prev: false pref("dom.image-lazy-loading.enabled", true); // prev: false pref("font.name-list.monospace.zh-HK", "MingLiU_HKSCS, Ming(for ISO10646), MingLiU, MingLiU_HKSCS-ExtB, Microsoft JhengHei"); // prev: "MingLiU_HKSCS, Ming(for ISO10646), MingLiU, MingLiU_HKSCS-ExtB" pref("font.name-list.sans-serif.zh-HK", "Arial, MingLiU_HKSCS, Ming(for ISO10646), MingLiU, MingLiU_HKSCS-ExtB, Microsoft JhengHei"); // prev: "Arial, MingLiU_HKSCS, Ming(for ISO10646), MingLiU, MingLiU_HKSCS-ExtB" pref("font.name-list.serif.zh-HK", "Times New Roman, MingLiu_HKSCS, Ming(for ISO10646), MingLiU, MingLiU_HKSCS-ExtB, Microsoft JhengHei"); // prev: "Times New Roman, MingLiu_HKSCS, Ming(for ISO10646), MingLiU, MingLiU_HKSCS-ExtB" pref("gfx.webrender.compositor", true); // prev: false pref("layout.css.comparison-functions.enabled", true); // prev: false pref("layout.css.serialize-grid-implicit-tracks", false); // prev: true pref("security.allow_parent_unrestricted_js_loads", true); // prev: false pref("services.sync.maxResyncs", 1); // prev: 5 pref("toolkit.shutdown.lateWriteChecksStage", 1); // prev: 0 ```

[earthlng]

some bugzilla tickets

* browser.aboutwelcome.enabled Bug [1617783](https://bugzilla.mozilla.org/show_bug.cgi?id=1617783) - Add JSWindowActors to about:welcome * browser.aboutwelcome.log Bug [1617783](https://bugzilla.mozilla.org/show_bug.cgi?id=1617783) - Add JSWindowActors to about:welcome * browser.cache.disk.content_type_media_limit Bug [1614619](https://bugzilla.mozilla.org/show_bug.cgi?id=1614619) - Eviction algorithm should first evict entries of a content type that’s above a limit * browser.contentblocking.control-center.ui.showAllowedLabels Bug [1587031](https://bugzilla.mozilla.org/show_bug.cgi?id=1587031) – Removed unused browser.contentblocking.control-center.ui prefs * browser.contentblocking.control-center.ui.showBlockedLabels Bug [1587031](https://bugzilla.mozilla.org/show_bug.cgi?id=1587031) – Removed unused browser.contentblocking.control-center.ui prefs * browser.contentblocking.report.lockwise.mobile-android.url Bug [1612088](https://bugzilla.mozilla.org/show_bug.cgi?id=1612088) - change the lockwise app card UI * browser.contentblocking.report.lockwise.mobile-ios.url Bug [1612088](https://bugzilla.mozilla.org/show_bug.cgi?id=1612088) - change the lockwise app card UI * browser.contentblocking.report.lockwise.url Bug [1612088](https://bugzilla.mozilla.org/show_bug.cgi?id=1612088) - change the lockwise app card UI * browser.contentblocking.report.mobile-android.url Bug [1612091](https://bugzilla.mozilla.org/show_bug.cgi?id=1612091) - Add mobile callout to the ETP card. * browser.contentblocking.report.mobile-ios.url Bug [1612091](https://bugzilla.mozilla.org/show_bug.cgi?id=1612091) - Add mobile callout to the ETP card. * browser.contentblocking.report.show_mobile_app Bug [1612091](https://bugzilla.mozilla.org/show_bug.cgi?id=1612091) - Add mobile callout to the ETP card. * browser.display.suppress_canvas_background_image_on_forced_colors Bug [1614921](https://bugzilla.mozilla.org/show_bug.cgi?id=1614921) - Ignore background-image on canvas in high-contrast mode. * browser.newtabpage.activity-stream.discoverystream.isCollectionDismissible Bug [1618944](https://bugzilla.mozilla.org/show_bug.cgi?id=1618944) - Pref for collection dismiss * browser.newtabpage.activity-stream.discoverystream.lang-layout-config Bug [1613739](https://bugzilla.mozilla.org/show_bug.cgi?id=1613739) - Pref to switch story rows based on region Bug [1567273](https://bugzilla.mozilla.org/show_bug.cgi?id=1567273) - Pref to enable lang config for Discovery Stream layouts * browser.newtabpage.activity-stream.discoverystream.region-layout-config Bug [1613739](https://bugzilla.mozilla.org/show_bug.cgi?id=1613739) - Pref to switch story rows based on region * browser.newtabpage.activity-stream.discoverystream.region-spocs-config Bug [1612270](https://bugzilla.mozilla.org/show_bug.cgi?id=1612270) - spocs region pref * browser.newtabpage.activity-stream.discoverystream.region-stories-config Bug [1612984](https://bugzilla.mozilla.org/show_bug.cgi?id=1612984) - Enable regions that get stories via a pref * browser.privatebrowsing.forceMediaMemoryCache Bug [1532486](https://bugzilla.mozilla.org/show_bug.cgi?id=1532486) - Ensure media cache is memory-only when in Private Browsing Mode * browser.search.geoip.timeout Bug [1589618](https://bugzilla.mozilla.org/show_bug.cgi?id=1589618) - Move the implementation of the region fetch to NetworkGeolocationProvider to have it close to the wifi scanning code. * browser.search.geoip.url Bug [1589618](https://bugzilla.mozilla.org/show_bug.cgi?id=1589618) - Move the implementation of the region fetch to NetworkGeolocationProvider to have it close to the wifi scanning code. * browser.startup.homepage.abouthome_cache.enabled Bug [1616347](https://bugzilla.mozilla.org/show_bug.cgi?id=1616347) - Add a preference to control caching about:home. * browser.tabs.remote.separatePrivilegedMozillaWebContentProcess Bug [1578742](https://bugzilla.mozilla.org/show_bug.cgi?id=1578742) - Let the privileged mozilla content process ride the trains. * browser.urlbar.clickSelectsAll Bug [333714](https://bugzilla.mozilla.org/show_bug.cgi?id=333714) - Unify clickSelectsAll behavior across all platforms. * browser.urlbar.doubleClickSelectsAll Bug [333714](https://bugzilla.mozilla.org/show_bug.cgi?id=333714) - Unify clickSelectsAll behavior across all platforms. * browser.urlbar.openViewOnFocus Bug [1617029](https://bugzilla.mozilla.org/show_bug.cgi?id=1617029) - Enable urlbar.update1.* prefs (quantumbar update 1) on Release. Bug [1603778](https://bugzilla.mozilla.org/show_bug.cgi?id=1603778) - Enable openViewOnFocus in Nightly. * browser.urlbar.update1 Bug [1617029](https://bugzilla.mozilla.org/show_bug.cgi?id=1617029) - Enable urlbar.update1.* prefs (quantumbar update 1) on Release. Bug [1616880](https://bugzilla.mozilla.org/show_bug.cgi?id=1616880) - Allow tabbing through urlbar results when there's a search string. Bug [1613869](https://bugzilla.mozilla.org/show_bug.cgi?id=1613869) - Enable urlbar.update1.* prefs on early Beta. Bug [1613699](https://bugzilla.mozilla.org/show_bug.cgi?id=1613699) - Rename browser.urlbar.update1.expandTextOnFocus pref to ...update2... Bug [1613608](https://bugzilla.mozilla.org/show_bug.cgi?id=1613608) - Enable Interventions in Nightly but not in xpcshell tests. Bug [1613608](https://bugzilla.mozilla.org/show_bug.cgi?id=1613608) - Enable Interventions in Nightly. Bug [1608766](https://bugzilla.mozilla.org/show_bug.cgi?id=1608766) - Disable tabbing through results after focusing the Urlbar with the keyboard, behind a pref. Bug [1606917](https://bugzilla.mozilla.org/show_bug.cgi?id=1606917) - Port the Interventions experiment into a new provider. Bug [1609699](https://bugzilla.mozilla.org/show_bug.cgi?id=1609699) - Rename browser.urlbar.searchTips pref to browser.urlbar.update1.searchTips. Bug [1603780](https://bugzilla.mozilla.org/show_bug.cgi?id=1603780) - Set browser.urlbar.update1.expandTextOnFocus default value in Nightly. Bug [1601339](https://bugzilla.mozilla.org/show_bug.cgi?id=1601339) - Disable expandTextOnFocus. Bug [1599784](https://bugzilla.mozilla.org/show_bug.cgi?id=1599784) - Enable update1 prefs by default. Bug [1599785](https://bugzilla.mozilla.org/show_bug.cgi?id=1599785) - Hide and rename Urlbar searchButton pref. Bug [1597698](https://bugzilla.mozilla.org/show_bug.cgi?id=1597698) - Move all megabar prefs under a urlbar.update1 branch. * browser.urlbar.update1.interventions Bug [1617029](https://bugzilla.mozilla.org/show_bug.cgi?id=1617029) - Enable urlbar.update1.* prefs (quantumbar update 1) on Release. Bug [1613608](https://bugzilla.mozilla.org/show_bug.cgi?id=1613608) - Enable Interventions in Nightly but not in xpcshell tests. Bug [1613608](https://bugzilla.mozilla.org/show_bug.cgi?id=1613608) - Enable Interventions in Nightly. Bug [1606917](https://bugzilla.mozilla.org/show_bug.cgi?id=1606917) - Port the Interventions experiment into a new provider. * browser.urlbar.update1.searchTips Bug [1617029](https://bugzilla.mozilla.org/show_bug.cgi?id=1617029) - Enable urlbar.update1.* prefs (quantumbar update 1) on Release. Bug [1613869](https://bugzilla.mozilla.org/show_bug.cgi?id=1613869) - Enable urlbar.update1.* prefs on early Beta. Bug [1609699](https://bugzilla.mozilla.org/show_bug.cgi?id=1609699) - Rename browser.urlbar.searchTips pref to browser.urlbar.update1.searchTips. * browser.urlbar.update1.view.stripHttps Bug [1617029](https://bugzilla.mozilla.org/show_bug.cgi?id=1617029) - Enable urlbar.update1.* prefs (quantumbar update 1) on Release. Bug [1599784](https://bugzilla.mozilla.org/show_bug.cgi?id=1599784) - Enable update1 prefs by default. Bug [1597698](https://bugzilla.mozilla.org/show_bug.cgi?id=1597698) - Move all megabar prefs under a urlbar.update1 branch. * devtools.debugger.features.async-captured-stacks Bug [1615622](https://bugzilla.mozilla.org/show_bug.cgi?id=1615622) - Enable Async Captured Stacks in Nightly and DevEdition. * devtools.debugger.features.async-live-stacks Bug [1615622](https://bugzilla.mozilla.org/show_bug.cgi?id=1615622) - Enable Async Captured Stacks in Nightly and DevEdition. Bug [1592728](https://bugzilla.mozilla.org/show_bug.cgi?id=1592728) - Enable async live stacks in all channels. Bug [1592725](https://bugzilla.mozilla.org/show_bug.cgi?id=1592725) - Enable async live stacks in Nightly and DevEdition. * devtools.inspector.showUserAgentShadowRoots Bug [1613773](https://bugzilla.mozilla.org/show_bug.cgi?id=1613773) - Merge devtools.inspector.showUserAgentShadowRoots into devtools.inspector.showAllAnonymousContent * devtools.performance.popup.intro-displayed Bug [1597378](https://bugzilla.mozilla.org/show_bug.cgi?id=1597378) - Create new UI for the profiler popup; * devtools.recordreplay.allowRepaintFailures Bug [1609815](https://bugzilla.mozilla.org/show_bug.cgi?id=1609815) - Remove Web Replay C++ implementation. * devtools.recordreplay.cloudServer Bug [1609815](https://bugzilla.mozilla.org/show_bug.cgi?id=1609815) - Remove Web Replay C++ implementation. Bug [1606447](https://bugzilla.mozilla.org/show_bug.cgi?id=1606447) - Initial landing for cloud replay, * devtools.recordreplay.enabled Bug [1609815](https://bugzilla.mozilla.org/show_bug.cgi?id=1609815) - Remove Web Replay C++ implementation. Bug [1590241](https://bugzilla.mozilla.org/show_bug.cgi?id=1590241) - Enable WebReplay appears in DevEdition. * devtools.recordreplay.fastLogpoints Bug [1609815](https://bugzilla.mozilla.org/show_bug.cgi?id=1609815) - Remove Web Replay C++ implementation. Bug [1594042](https://bugzilla.mozilla.org/show_bug.cgi?id=1594042) - Improve logpoint performance, * devtools.recordreplay.includeSystemScripts Bug [1609815](https://bugzilla.mozilla.org/show_bug.cgi?id=1609815) - Remove Web Replay C++ implementation. * devtools.recordreplay.logging Bug [1609815](https://bugzilla.mozilla.org/show_bug.cgi?id=1609815) - Remove Web Replay C++ implementation. * devtools.recordreplay.loggingFull Bug [1609815](https://bugzilla.mozilla.org/show_bug.cgi?id=1609815) - Remove Web Replay C++ implementation. * devtools.recordreplay.mvp.enabled Bug [1609815](https://bugzilla.mozilla.org/show_bug.cgi?id=1609815) - Remove Web Replay C++ implementation. * devtools.webconsole.input.context Bug [1605154](https://bugzilla.mozilla.org/show_bug.cgi?id=1605154) - Implement JS execution context selector UI. * devtools.webconsole.input.eagerEvaluation Bug [1603358](https://bugzilla.mozilla.org/show_bug.cgi?id=1603358) - Enable Eager evaluation in all channels. Bug [1603356](https://bugzilla.mozilla.org/show_bug.cgi?id=1603356) - Enable Eager evaluation in Nightly. Bug [1602489](https://bugzilla.mozilla.org/show_bug.cgi?id=1602489) - Basic eager evaluation support, * dom.animations-api.autoremove.enabled Bug [1618773](https://bugzilla.mozilla.org/show_bug.cgi?id=1618773) - Turn on dom.animations-api.implicit-keyframes.enabled and dom.animations-api.autoremove.enabled unconditionally; * dom.animations-api.getAnimations.enabled Bug [1619821](https://bugzilla.mozilla.org/show_bug.cgi?id=1619821) - Turn on dom.animations-api.getAnimations.enabled unconditionally; * dom.animations-api.implicit-keyframes.enabled Bug [1619178](https://bugzilla.mozilla.org/show_bug.cgi?id=1619178) - Turn on dom.animations-api.timelines.enabled unconditionally; Bug [1618773](https://bugzilla.mozilla.org/show_bug.cgi?id=1618773) - Turn on dom.animations-api.implicit-keyframes.enabled and dom.animations-api.autoremove.enabled unconditionally; * dom.animations-api.timelines.enabled Bug [1619178](https://bugzilla.mozilla.org/show_bug.cgi?id=1619178) - Turn on dom.animations-api.timelines.enabled unconditionally; * dom.confirm_repost.testing.always_accept Bug [1618864](https://bugzilla.mozilla.org/show_bug.cgi?id=1618864) - Pass cookies/samesite/form-post-blank-reload.https.html WPT test, * dom.css_pseudo_element.enabled Bug [1610981](https://bugzilla.mozilla.org/show_bug.cgi?id=1610981) - Add a separate pref for CSSPseudoElement. * dom.document.exec_command.nested_calls_allowed Bug [1611374](https://bugzilla.mozilla.org/show_bug.cgi?id=1611374) - Disallow nested `Document.execCommand()` calls in Nightly and early Beta * dom.forms.requestsubmit.enabled Bug [1613360](https://bugzilla.mozilla.org/show_bug.cgi?id=1613360) - Enable form.requestSubmit by default; * dom.image-lazy-loading.enabled Bug [1613611](https://bugzilla.mozilla.org/show_bug.cgi?id=1613611) - Enable lazy load images by default. Bug [1542784](https://bugzilla.mozilla.org/show_bug.cgi?id=1542784) - Stop speculative image load for lazy load images. Bug [1608905](https://bugzilla.mozilla.org/show_bug.cgi?id=1608905) - Parse the HTMLImageElement.loading attribute. * dom.image-lazy-loading.root-margin.bottom Bug [1618601](https://bugzilla.mozilla.org/show_bug.cgi?id=1618601) - Make lazy-load margin configurable. * dom.image-lazy-loading.root-margin.bottom.percentage Bug [1618601](https://bugzilla.mozilla.org/show_bug.cgi?id=1618601) - Make lazy-load margin configurable. * dom.image-lazy-loading.root-margin.left Bug [1618601](https://bugzilla.mozilla.org/show_bug.cgi?id=1618601) - Make lazy-load margin configurable. * dom.image-lazy-loading.root-margin.left.percentage Bug [1618601](https://bugzilla.mozilla.org/show_bug.cgi?id=1618601) - Make lazy-load margin configurable. * dom.image-lazy-loading.root-margin.right Bug [1618601](https://bugzilla.mozilla.org/show_bug.cgi?id=1618601) - Make lazy-load margin configurable. * dom.image-lazy-loading.root-margin.right.percentage Bug [1618601](https://bugzilla.mozilla.org/show_bug.cgi?id=1618601) - Make lazy-load margin configurable. * dom.image-lazy-loading.root-margin.top Bug [1618601](https://bugzilla.mozilla.org/show_bug.cgi?id=1618601) - Make lazy-load margin configurable. * dom.image-lazy-loading.root-margin.top.percentage Bug [1618601](https://bugzilla.mozilla.org/show_bug.cgi?id=1618601) - Make lazy-load margin configurable. * dom.IntersectionObserverExplicitDocumentRoot.enabled Bug [1617154](https://bugzilla.mozilla.org/show_bug.cgi?id=1617154) - [intersection-observer] Accept a Document as an explicit root. * dom.reporting.crash.enabled Bug [1607364](https://bugzilla.mozilla.org/show_bug.cgi?id=1607364) - CrashReporting API * dom.storage.next_gen Bug [1617997](https://bugzilla.mozilla.org/show_bug.cgi?id=1617997) - Disable LSNG in 74; * dom.vr.openvr.action_input Bug [1602102](https://bugzilla.mozilla.org/show_bug.cgi?id=1602102) - Remove OpenVR controller obsolete functions. * font.name-list.monospace.zh-HK Bug [1615652](https://bugzilla.mozilla.org/show_bug.cgi?id=1615652) - Append Microsoft JhengHei to the end of zh-HK font prefs as a fallback, because MingLiU may not be present on Windows installations where Chinese/HK language support is not specifically installed. * font.name-list.sans-serif.zh-HK Bug [1615652](https://bugzilla.mozilla.org/show_bug.cgi?id=1615652) - Append Microsoft JhengHei to the end of zh-HK font prefs as a fallback, because MingLiU may not be present on Windows installations where Chinese/HK language support is not specifically installed. * font.name-list.serif.zh-HK Bug [1615652](https://bugzilla.mozilla.org/show_bug.cgi?id=1615652) - Append Microsoft JhengHei to the end of zh-HK font prefs as a fallback, because MingLiU may not be present on Windows installations where Chinese/HK language support is not specifically installed. * geo.provider.network.timeToWaitBeforeSending Bug [1589618](https://bugzilla.mozilla.org/show_bug.cgi?id=1589618) - Move the implementation of the region fetch to NetworkGeolocationProvider to have it close to the wifi scanning code. * geo.provider-country.network.scan Bug [1589618](https://bugzilla.mozilla.org/show_bug.cgi?id=1589618) - Move the implementation of the region fetch to NetworkGeolocationProvider to have it close to the wifi scanning code. * geo.provider-country.network.url Bug [1589618](https://bugzilla.mozilla.org/show_bug.cgi?id=1589618) - Move the implementation of the region fetch to NetworkGeolocationProvider to have it close to the wifi scanning code. * gfx.webrender.batching.lookback Bug [1616592](https://bugzilla.mozilla.org/show_bug.cgi?id=1616592) - Control the batching lookback count via a pref. * gfx.webrender.compositor Bug [1616676](https://bugzilla.mozilla.org/show_bug.cgi?id=1616676) - Reenable compositor on Windows. Bug [1615683](https://bugzilla.mozilla.org/show_bug.cgi?id=1615683). Disable DirectComposition temporarily for telemetry purposes. Bug [1618377](https://bugzilla.mozilla.org/show_bug.cgi?id=1618377). Disable DirectComposition in 74. Bug [1592509](https://bugzilla.mozilla.org/show_bug.cgi?id=1592509) - Re-enable gfx.webrender.compositor by default on Windows Bug [1592016](https://bugzilla.mozilla.org/show_bug.cgi?id=1592016) - Enable gfx.webrender.compositor by default on macOS. Bug [1592044](https://bugzilla.mozilla.org/show_bug.cgi?id=1592044) - Reduce the frequency of IOSurface and framebuffer creation and destruction with the help of a surface pool. Bug [1604088](https://bugzilla.mozilla.org/show_bug.cgi?id=1604088) - Switch OS compositor off by default on Windows. Bug [1592509](https://bugzilla.mozilla.org/show_bug.cgi?id=1592509) - Enable gfx.webrender.compositor by default on Windows * gfx.webrender.debug.disable-raster-root-scale Bug [1613260](https://bugzilla.mozilla.org/show_bug.cgi?id=1613260) - Support per-task scale for local space rasterization * gfx.webrender.dl.dump-content-serialized Bug [1616335](https://bugzilla.mozilla.org/show_bug.cgi?id=1616335) - Add a pref to dump the serialized WebRender display list * layout.css.comparison-functions.enabled Bug [1519519](https://bugzilla.mozilla.org/show_bug.cgi?id=1519519) - Enable min() / max() / clamp() support by default. Bug [1609428](https://bugzilla.mozilla.org/show_bug.cgi?id=1609428) - Implement min() / max() / clamp() for simple css types behind a pref. * layout.css.conic-gradient.enabled Bug [1614202](https://bugzilla.mozilla.org/show_bug.cgi?id=1614202) - Implement parsing for CSS conic-gradient syntax. * layout.css.focus-visible.enabled Bug [1617600](https://bugzilla.mozilla.org/show_bug.cgi?id=1617600) - Prototype :focus-visible behind a flag. * layout.css.serialize-grid-implicit-tracks Bug [1619538](https://bugzilla.mozilla.org/show_bug.cgi?id=1619538) - Ship layout.css.serialize-grid-implicit-tracks=false everywhere. Bug [1599206](https://bugzilla.mozilla.org/show_bug.cgi?id=1599206) - Don't serialize implicit tracks for grid-template properties, as they make the computed style not round-trip. * layout.css.webkit-appearance.enabled Bug [1615056](https://bugzilla.mozilla.org/show_bug.cgi?id=1615056) - Remove layout.css.webkit-appearance.enabled. * media.cubeb.sandbox Bug [1585732](https://bugzilla.mozilla.org/show_bug.cgi?id=1585732) - use staticprefs for media.cubeb.sandbox, Bug [1590249](https://bugzilla.mozilla.org/show_bug.cgi?id=1590249) - Enable AudioIPC on Windows in Nightly builds. Bug [1623793](https://bugzilla.mozilla.org/show_bug.cgi?id=1623793) - Disable AudioIPC on 32-bit Windows in beta. Bug [1432303](https://bugzilla.mozilla.org/show_bug.cgi?id=1432303) - Let Windows AudioIPC ride the trains. * media.eme.require-app-approval Bug [1587522](https://bugzilla.mozilla.org/show_bug.cgi?id=1587522) - Add media.eme.require-app-approval pref to control if EME needs app permission. * media.mediacontrol.eligible.media.duration.s Bug [1617033](https://bugzilla.mozilla.org/show_bug.cgi?id=1617033) - part8 : add an eligible media duration value to filter out notification sound. * media.mediacontrol.stopcontrol.timer.ms Bug [1617033](https://bugzilla.mozilla.org/show_bug.cgi?id=1617033) - part4 : add a timer to stop listening to media control key events. * media.mediasource.vp9.enabled Bug [1614958](https://bugzilla.mozilla.org/show_bug.cgi?id=1614958) - Disable VP9 codec in MSE on Android device with no VP9 hardware decoder. * network.cookie.sameSite.laxPlusPOST.timeout Bug [1604212](https://bugzilla.mozilla.org/show_bug.cgi?id=1604212) - Enable sameSite=lax by default, Bug [1608384](https://bugzilla.mozilla.org/show_bug.cgi?id=1608384) - Implement sameSite lax-by-default 2 minutes tolerance for unsafe methods, * network.cookieJarSettings.unblocked_for_testing Bug [1616570](https://bugzilla.mozilla.org/show_bug.cgi?id=1616570) - Part 1: Rename CookieSettings to CookieJarSettings. * network.cookieSettings.unblocked_for_testing Bug [1616570](https://bugzilla.mozilla.org/show_bug.cgi?id=1616570) - Part 1: Rename CookieSettings to CookieJarSettings. * network.trr.fetch_off_main_thread Bug [1620300](https://bugzilla.mozilla.org/show_bug.cgi?id=1620300) - turn on network.trr.fetch_off_main_thread, Bug [1615335](https://bugzilla.mozilla.org/show_bug.cgi?id=1615335) - Use SimpleHttpChannel to fetch TRR data * network.trr.send_empty_accept-encoding_headers Bug [1620824](https://bugzilla.mozilla.org/show_bug.cgi?id=1620824) - Add content encoding support for TRRServiceChannel * print.use_global_printsettings Bug [855889](https://bugzilla.mozilla.org/show_bug.cgi?id=855889). Remove the print.use_global_printsettings pref. * privacy.purge_trackers.enabled Bug [1599262](https://bugzilla.mozilla.org/show_bug.cgi?id=1599262) - Purge site data after identifying tracking site via cookies. * privacy.purge_trackers.logging.enabled Bug [1599262](https://bugzilla.mozilla.org/show_bug.cgi?id=1599262) - Purge site data after identifying tracking site via cookies. * privacy.purge_trackers.max_purge_count Bug [1599262](https://bugzilla.mozilla.org/show_bug.cgi?id=1599262) - Purge site data after identifying tracking site via cookies. * remote.log.truncate Bug [1614108](https://bugzilla.mozilla.org/show_bug.cgi?id=1614108) - Truncate Remote Agent log messages; * security.allow_parent_unrestricted_js_loads Bug [1620263](https://bugzilla.mozilla.org/show_bug.cgi?id=1620263) - Disable JS Load Telemetry in Beta Bug [1582512](https://bugzilla.mozilla.org/show_bug.cgi?id=1582512) - Register a ScriptValidationCallback to examine script loads in the parent process * security.block_Worker_with_wrong_mime Bug [1569123](https://bugzilla.mozilla.org/show_bug.cgi?id=1569123) - Re-enable strict MIME type checking for Worker/SharedWorker everywhere. * security.remote_settings.intermediates.enabled bug [1597743](https://bugzilla.mozilla.org/show_bug.cgi?id=1597743) - re-enable intermediate preloading (cert_storage) on non-nightly builds * security.sandbox.socket.win32k-disable Bug [1611290](https://bugzilla.mozilla.org/show_bug.cgi?id=1611290) - Windows sandbox for socket process. * security.strict_security_checks.enabled Bug [1504968](https://bugzilla.mozilla.org/show_bug.cgi?id=1504968): Remove pref security.strict_security_checks.enabled and enforce strict top-level principal checking on Android. * security.tls.version.min Bug [1623536](https://bugzilla.mozilla.org/show_bug.cgi?id=1623536) - Re-enable TLS 1.0, Bug [1606734](https://bugzilla.mozilla.org/show_bug.cgi?id=1606734) - Disable TLS 1.0 and 1.1 by default, * services.sync.extension-storage.skipPercentageChance Bug [1621806](https://bugzilla.mozilla.org/show_bug.cgi?id=1621806) - Reduce frequency of client-side extension-storage syncs. * services.sync.maxResyncs Bug [1621806](https://bugzilla.mozilla.org/show_bug.cgi?id=1621806) - Reduce frequency of client-side extension-storage syncs. * signon.passwordEditCapture.enabled Bug [1618696](https://bugzilla.mozilla.org/show_bug.cgi?id=1618696) - Enable signon.passwordEditCapture.enabled by default. Bug [1536728](https://bugzilla.mozilla.org/show_bug.cgi?id=1536728) - Show dismissed save/update doorhanger when password value is changed. * toolkit.shutdown.lateWriteChecksStage Bug [1615921](https://bugzilla.mozilla.org/show_bug.cgi?id=1615921) - Move lateWriteChecks earlier in shutdown Bug [1606880](https://bugzilla.mozilla.org/show_bug.cgi?id=1606880) - Implement fast shutdown prefs * toolkit.telemetry.geckoview.maxBatchStalenessMS Bug [1612283](https://bugzilla.mozilla.org/show_bug.cgi?id=1612283) - Enforce max staleness of 60s in GV Streaming Telemetry * view_source.tab_size Bug [1610402](https://bugzilla.mozilla.org/show_bug.cgi?id=1610402) - Use static prefs for view_source.{wrap_long_lines,syntax_highlight,tab_size} * webgl.default-low-power Bug [1575983](https://bugzilla.mozilla.org/show_bug.cgi?id=1575983) - Remove duplicate webgl.* prefs, part 3. Bug [1617091](https://bugzilla.mozilla.org/show_bug.cgi?id=1617091) - Remove DynDGpuManager, add webgl.power-preference-override. Bug [1579984](https://bugzilla.mozilla.org/show_bug.cgi?id=1579984) - Default to low-power for WebGL powerPreference. * webgl.power-preference-override Bug [1617091](https://bugzilla.mozilla.org/show_bug.cgi?id=1617091) - Remove DynDGpuManager, add webgl.power-preference-override. * widget.disable-native-theme Bug [1381938](https://bugzilla.mozilla.org/show_bug.cgi?id=1381938): Add native theme for Windows that avoids native system calls. * widget.disable-native-theme-for-content Bug [1381938](https://bugzilla.mozilla.org/show_bug.cgi?id=1381938): Add native theme for Windows that avoids native system calls.

[Thorin-Oakenpants]

for the record, I'm not touching anything in here until a final diff - so E doesn't have to fuck around with tracking what was moved

[DerekLiBoB]

With Firefox 75 Mozilla add "Firefox caches "all trusted Web PKI Certificate Authority certificates known to Mozilla" locally." It`s create folder with name "security_state" inside profile folder. Is there any pref to disable this?

PS: I tried replacing the folder with an empty file with the same name. But this breaks the opening of pages in the browser. Private browsing mode not help.

[rusty-snake]

@DerekLiBoB I think it is security.remote_settings.intermediates.enabled, will test later.

[Thorin-Oakenpants]

NEW pref("geo.provider-country.network.scan", false); pref("geo.provider-country.network.url", "blah blah");

• https://bugzilla.mozilla.org/show_bug.cgi?id=1589618

DEPRECATED 0205 - browser.search.geoip.url

I'm not entirely sure what's going on here. It's all in the bugzilla and patch. Note that the hidden pref in 0205, browser.search.region, is not deprecated. And the new pref geo.provider-country.network.scan is still default false in Nightly 77 - but it would get flipped to true at some stage (I assume, why else have it)

So, I assume:

• browser.search.geoip.url -> deprecate from 0205
• geo.provider-country.network.url -> new, add + blank to 0205
• geo.provider-country.network.scan -> new, add as false to 0205 (futureproofing)
• I have no idea if geo url is only used if geo scan is true, or until scan is flipped it's using the hidden pref: IDFK

Could do with some help

Otherwise I don't know if I can be bothered with any of this anymore, and I'm prepared to shut the repo down (archive it) and get on with my life, or just stop doing anything here - that's the one and only time I'll mention this: it's not a threat, it's just a reality. I'm not an expert or genius, my knowledge is limited, and I can't be expected to do this on my own.

[crssi]

For the latter... It will make me very sad if this happens and I really will miss you all guys, but I fully understand and support you in any decision you make. It is a life and on some point it needs to move on, but I hope this will happen later than sooner.

I would really like to help you, but am afraid that I am not really competent... where do you guys get all those info anyway?

❤️

[atomGit]

@Thorin-Oakenpants @earthlng whatever you guys do, i wish you well - i can hardly imagine how much time a project like this consumes and unfortunately it isn't one that has an end; there is no light at the end of the tunnel and therefore burnout is kind of inevitable

i'm actually a little surprised, and very appreciative, that you guys stuck with this for as long as you have because it must be an extremely tedious job ... for which you're not getting paid

love all around and my best to you both regardless of what you decide

[Thorin-Oakenpants]

I think you misunderstand - I am not burnt out, I have lots of time (but also other things I want to do), I have been and always will be uber-enthusiatic about this project, the user.js is very mature and only needs maintenance, each release there should only be a few things to check, and earthlng (while he has said that he is stepping back for whatever reason) will still provide a diff.

All the hard work's been done - this should be the easy part: we have a good system in place, great syntax, a swag of utilities (such as auto-updating. pref-cleaning. troubleshooting, user.js comparing, scratchpad scripts etc), an awesome wiki, a balanced well rounded default user.js with setup tags, and a much larger knowledge base and understanding (from tests and investigating etc): personally I've been at this (prefs) for 6+ years and have learnt a lot. Now should be the fucking easy part :)

We all have different skills / knowledge etc. While I appreciate the help from others, let's be honest here: 95% of the work was done by earthlng and myself (and that's OK: not complaining). But I don't have all the answers: and while often it's fairly straight forward: sometimes it isn't, not everything is documented or easy to follow - and that's where I relied on earthlng (and I trust him, whereas anyone else I would question and try to validate it myself: i.e if I'm going to add something, I want to be 100% sure that it's correct: but if E said it, then 9 times out of 10 I take his word at face value: edit: that's not to say things aren't checked, I mean on things I lack knowledge: but I do try) And between us, we always managed to find all the answers

^^ Edit: It's important that someone is fact checking: because no one if correct all the time. That's my point

But E's not helping anymore. So either others step up to help fill that void, or I can try and muddle my way through things I don't or can't fully understand - except that is not the best solution. And I don't want to compromise the integrity of the project (at least between E and myself we always found a few flaws with each other's reasoning or research: i.e two heads are better than one: more eyes on the info: etc). But expecting one person to do it all is not good. And if no one can/will help out when I ask for it, then there's not much point continuing (which would fuck me off, because this should be the easy part - have I said that already?)

So all I was asking was for some help, that's all - namely: when it comes down to working out what is going on in the source code (because I am not proficient at all in this area)

[atomGit]

well let's hope you get the help you need ... with this project i mean :)

[Thorin-Oakenpants]

So 0205 was about setting search defaults when you first run FF (or maybe even per new profile). In this commit I fixed the wording (from results to defaults) - seems like I misunderstood what this pref does

source

In order to set the right default search engine for your location, Firefox will perform a geolocation lookup once by contacting Mozilla's servers and store the country-level result locally. This connection happens on the first start of Firefox - in case you want to prohibit that, you will have to preconfigure the browser and set the browser.search.geoip.url preference to a blank string.

That page looks fairly up to date (snippets, what's new), but of course that pref is now obsolete.

Since this is just a first-run pref (or even if they added code to re-trigger it for a one-time change of search partners), then it's not something we need to include. Tor Browser changed them, because they are "preconfiguring", not applying a user.js (and they were concerned about the connection to Mozilla: not because they don't trust Mozilla, but they have their own search engines and as a rule don't want outbound connections they don't control or aren't necessary). I also don't see an issue with what Firefox gives people for default search engines: 1) we don't dictate to our users what search engines they should use because what they use is up to them: it's personal/relevant to their needs and depends on their language etc and 2) our audience should already know what they should use for a search engine

So what I'll do is actually remove those two prefs: the 0205 ones

---

So that leaves the two new prefs. Part of it is consistent naming (to geo.provider) etc and overall there is a meta ticket for what they're calling "region" detection ... and if you look at the last ticket added, 1628674, it's titled "Create browser documentation for Region.jsm" .. so who knows exactly what the overall plan is for applying "region" to everything

At the moment it looks like search only - but I'm guessing this could be expanded and applied to almost anything: but I would expect that to be things like Pocket, Snippets, etc: i.e not exposed to web content. So I honestly don't think we need to worry about them. Moving them to ignore

[Thorin-Oakenpants]

pref("media.eme.require-app-approval", false);

• moved to ignore
  • https://bugzilla.mozilla.org/show_bug.cgi?id=1587522
  • it'll get flipped when they're ready and I think it's android only anyway

pref("dom.document.exec_command.nested_calls_allowed", true);

• moved to ignore
• https://bugzilla.mozilla.org/show_bug.cgi?id=1611374
• this is currently being tested in nightly/dev and will ride the train when ready

pref("network.http.stale_while_revalidate.enabled", true);

• moving to ignore
  • no ticket, haven't searched yet
  • 1611651

[Zogski]

Pants and Earthlng you both deserve gold medals and purple hearts for the work you have done in the privacy arena. You two are unsung heros and you should go down in history as two of the valiant who helped carry the ring to Mordor.

When I first started learning how difficult it is to reclaim some semblance of privacy, I was amazed by the fact that so few are making such a strong stand against so many. The tidal wave of big data exploitation is monstrous and powerful. And the people fighting back are lonesome warriors trying to stem the tide with only their skills and their own bit of free time.

So on behalf of everyone out there who has benefited greatly from your efforts... THANK YOU!!!

I have been following this project for a while and have been constantly impressed by your diligence and determination to do it right. It makes such a difference to a user like me because I just don't have the knowledge to keep my browser safe and hardened. To be able to count on people like you to help me get there is priceless.

I know the most difficult thing of all is to go it alone. But please know that there are oodles of people like me out there who are deeply grateful for what you are doing. And I would bet that you will get more help.

It really is amazing what a difference one person can make. I think about you, or someone like Gorhill, who wrote uB0 as a quick fix to a problem he found. What if any of you hadn't done what you did? We would have no swords, no shields, nothing, zip, zero, to fight the big monsters with. It's easy to take the tools we have for granted, but someone, somewhere made significant sacrifices in their personal lives so the rest of us could benefit.

All in all, I just had to take the time to create an account today so I could say basically this: I, for one, am so glad to live in a world where people like you are doing what you do.

[Thorin-Oakenpants]

pref("dom.forms.requestsubmit.enabled", true); // prev: false

• FF73+ : 1552301
• spec
• MDN

requestSubmit offers a way to validate a form before submitting it. I don't see an issue here, none of the specs etc seem to indicate privacy concerns - and AFAIK code can already tell what information has been input/selected (or removed before submission). Unless I'm missing something - anyone?

---

As for the last two items, both changes, I cannot find any reference to them in our diffs for when they were added, so I'll have to do some more digging

• pref("browser.tabs.remote.separatePrivilegedMozillaWebContentProcess", true); // prev: false
  • 1578742 - access denied
  • mercurial
• pref("security.remote_settings.intermediates.enabled", true); // prev: false
  • 1597743

---

Update:

// Pref to control whether we use a separate privileged content process // for certain mozilla webpages (which are listed in the pref // browser.tabs.remote.separatedMozillaDomains). pref("browser.tabs.remote.separatePrivilegedMozillaWebContentProcess", true);

currently browser.tabs.remote.separatedMozillaDomains lists AMO and accounts. The pref was added in 69 1539595 - Access denied - Create a separate content process type for privleged mozilla content - there's a bunch of changes on mercurial for this ticket - here's one

So either of these two prefs could be flipped: but I do not see the need / threat. First, the security and reasons behind them (access denied) would be valid: extra protections or whatnot for accounts. As for AMO, as long as we still get extensions to work on them (which they do) then I have no issue there either - so moving to ignore

[Thorin-Oakenpants]

75 release notes

Firefox will locally cache all trusted Web PKI Certificate Authority certificates known to Mozilla. This will improve HTTPS compatibility with misconfigured web servers and improve security.

I'm guessing for now that this is the security.remote_settings.intermediates.enabled pref. If everyone is getting the same cache, then what is the threat here? I'm not against turning it off, but I need more info - @rusty-snake

[iWARR]

pref("dom.document.exec_command.nested_calls_allowed", true);

Relative to the WebApps & Extensions (External grammar and spell checkers, auto text entering mechanisms, etc.)

Smth about not allowing nested execCommand as is currently practiced by Chrome. execCommandshould cause a beforeinput event that should use the regular inputTypes corresponding to the command (otherwise an empty string).

This is just a temporary crutch (a plan for PR1 + PR2). But the inputType is not perfect itself and a more permanent solution needed in the future. This should make browser users safer.

---

So, there are none threats for now, let devs playing with this. May be Ignored. Just FYI and reference for searching this pref.

[iWARR]

I have a question. My issue is the next. I have my own "user.js" that much wider than "ghacks-user.js". This is not a "template", but reworked and complete "ready to go" config. I want to do a quickly auto-checks for the deprecated prefs and make a comparison between "mine" and "stock".

If I understand right, there is no way to grab somehow the complete list of ALL prefs that are present (active) inside the every rescent FF version? I suppose, this is the case we have manual diffs, Scratchpad Scripts and prefsCleaner scripts?

Every time I'm reading all "ghacks-user.js" advises and make changes manually (huh!), most of the time. Because diffs info is relative to global FF changes (more useful for me), but scripts are intended basicly for the "ghacks-user.js" progress.

The main question is about automatic catching of the deprecated (non-existent) prefs, including those were not touched by the "ghacks-user.js" project.

Or may be, somewhere there is a webpage, where devs publish some kind of list of the deprecated prefs for the last release version?

[Thorin-Oakenpants]

So, there are none threats for now, let devs playing with this. May be Ignored. Just FYI and reference for searching this pref.

Thanks - was already done and noted in OP. I'm happy for these sorts of things to just ride the train: one less item to add, one less item to note when they flip it, one less item to remove as dead wood

I have a question ...

I'm not the person to ask: @earthlng does the diffs - see his repo. You could combine his archived diffs and build a deprecated list for all-time (or going back as far as he has)

[iWARR]

build a deprecated list for all-time

Thanks for the link and good idea. I'm going to finalize my "user.js" and it will be one-time global check to avoid "human-error" factor and polish my config.

[Thorin-Oakenpants]

All in all, I just had to take the time to create an account today

@Zogski - thanks for your kind words (and creating an account to do so). I don't need time or motivation - I just need others to double check me and help in areas I'm not sure about

[earthlng]

security.remote_settings.intermediates.enabled - https://wiki.mozilla.org/Security/CryptoEngineering/Intermediate_Preloading#Privacy Great feature AFAICT. The only minor problem is that it can take up to 30 days for clients to get the full data store.

@iWARR here's a list of all the FF75 prefs with default values (if that's what you're after).

@Zogski thank you for your kind words!

[iWARR]

@earthlng Can't grab this via TOR: "Please, disable your adblocker". Can you reup this on less intruisive website?

But, WOW! If you could publish such thing on a regular basis, that should be so GREAT! (I don't know whether collecting this may appear a huge task for you, so I don't insist on it.) Anyway, this list will aslo become a very helpful addition for polishing my present final config for FF75.

(For anybody reading this, such comparison can be done using Compare-UserJS (by claustromaniac)

[earthlng]

Can you reup this on less intruisive website?

that site doesn't even need JS - it doesn't get much better than that. And it works fine for me over TOR. Maybe try https://controlc.com/2b50f808/ and then click on the "fullscreen" button. I guess the hash it uses times out after a while or something like that

If you could publish such thing on a regular basis, that should be so GREAT!

i explained in the past how you can create that list by yourself if you need/want to. I'll see if I can find that post so I won't have to re-explain everything

[earthlng]

I'll see if I can find that post so I won't have to re-explain everything

found it

[earthlng]

I just need others to double check me and help in areas I'm not sure about

I'm still here but I just won't be as active as I once was

Thanks for finishing this one all by yourself btw! 👍 💋

[Thorin-Oakenpants]

@iWARR please post your OT questions to earthlng elsewhere - like maybe your #927 issue

[Thorin-Oakenpants]

OK, so we're down to one item left - which I've already said I can't see any privacy concerns over - that's dom.forms.requestsubmit.enabled changed from false to true

Anyone care to comment?

[rusty-snake]

https://developer.mozilla.org/en-US/docs/Web/API/HTMLFormElement/requestSubmit#Usage_notes

No privacy/security issue.

[Thorin-Oakenpants]

well, generally - if it's still in the non-ignore section then I haven't checked it out or decided what to do. When earthlng posts the diffs, I like to get in there as soon as possible and remove all the obvious items to ignore, and E usually moves some when he first posts. I don't think I need to color code anything. It's just a case of double-checking by others that I don't miss anything, or get something wrong. Otherwise, I explicitly ask.