search

arkenfox / user.js

Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
MIT License
10.24k stars 518 forks source link

ToDo: diffs FF76-FF77 #949

Closed earthlng closed 4 years ago

earthlng commented 4 years ago

FF77 is scheduled for release June 2nd

FF77 release notes [when ready] FF77 for developers FF77 compatibility FF77 security advisories

109 diffs ( 58 new, 33 gone, 18 different )

new in v77.0:

removed, renamed or hidden in v77.0:

ALL DONE - https://github.com/ghacksuserjs/ghacks-user.js/commit/f6e6de844430fa64440ae230061720839e8282be

changed in v77.0:

ignore

click me for details

==NEW ```js pref("accessibility.ARIAReflection.enabled", false); pref("apz.windows.force_disable_direct_manipulation", true); pref("browser.find.anonymous_content.enabled", true); pref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiments", "{\"id\":\"messaging-experiments\",\"enabled\":true,\"type\":\"remote-experiments\",\"messageGroups\":[\"cfr\",\"whats-new-panel\",\"moments-page\",\"snippets\",\"cfr-fxa\"],\"updateCycleInMs\":3600000}"); pref("browser.tabs.documentchannel.parent-initiated", true); pref("browser.tabs.documentchannel.ppdc", true); pref("browser.urlbar.restyleSearches", false); pref("devtools.contenttoolbox.webconsole.input.context", false); pref("devtools.debugger.features.frame-step", true); pref("devtools.experiment.f12.shortcut_disabled", false); pref("devtools.inspector.compatibility.target-browsers", ""); pref("dom.security.https_only_mode.upgrade_onion", false); pref("dom.security.https_only_mode_ever_enabled", false); pref("dom.window.content.untrusted.enabled", true); pref("editor.truncate_user_pastes", false); pref("extensions.blocklist.addonItemURL", "https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/"); pref("extensions.blocklist.useMLBF", false); pref("extensions.blocklist.useMLBF.stashes", false); pref("gfx.vsync.force-disable-waitforvblank", false); pref("gfx.webrender.gl-debug-message-critical-note", false); pref("gfx.webrender.gl-debug-message-print", false); pref("gfx.webrender.use-optimized-shaders", true); pref("identity.sync.useOAuthForSyncToken", false); pref("image.avif.enabled", false); pref("image.honor_orientation_metadata.natural_size", true); pref("image.honor-orientation-metadata", true); pref("javascript.options.mem.gc_high_frequency_large_heap_growth", 150); pref("javascript.options.mem.gc_high_frequency_small_heap_growth", 300); pref("javascript.options.mem.gc_large_heap_incremental_limit", 110); pref("javascript.options.mem.gc_large_heap_size_min_mb", 500); pref("javascript.options.mem.gc_small_heap_incremental_limit", 140); pref("javascript.options.mem.gc_small_heap_size_max_mb", 100); pref("javascript.options.wasm_reftypes", true); pref("layout.css.grid-template-masonry-value.enabled", false); pref("layout.css.is-where-selectors.enabled", false); pref("media.getdisplaymedia.enabled", true); pref("media.testing-only-events", false); pref("network.data.max-uri-length-mobile", 2097152); pref("pdfjs.enablePermissions", false); pref("privacy.restrict3rdpartystorage.expiration_visited", 2592000); pref("privacy.restrict3rdpartystorage.heuristic.recently_visited", true); pref("privacy.restrict3rdpartystorage.heuristic.recently_visited_time", 600); pref("privacy.trackingprotection.testing.report_blocked_node", false); pref("privacy.webrtc.allowSilencingNotifications", false); pref("privacy.webrtc.legacyGlobalIndicator", true); pref("privacy.webrtc.sharedTabWarning", false); pref("prompts.defaultModalType", 3); pref("prompts.modalType.confirmAuth", 2); pref("prompts.modalType.insecureFormSubmit", 2); pref("services.blocklist.addons-mlbf.checked", 0); pref("services.blocklist.addons-mlbf.collection", "addons-bloomfilters"); pref("services.blocklist.addons-mlbf.signer", "remote-settings.content-signature.mozilla.org"); pref("services.sync.prefs.sync.intl.regional_prefs.use_os_locales", true); pref("signon.showAutoCompleteImport", ""); pref("toolkit.asyncshutdown.report_writes_after", 20000); pref("toolkit.osKeyStore.loglevel", "Warn"); pref("webgl.prototype.ipc-pcq", 0); ``` ==REMOVED or HIDDEN ```js pref("apz.frame_delay.enabled", true); pref("browser.aboutwelcome.log", "warn"); pref("browser.fixup.dns_first_for_single_words", false); pref("browser.fixup.typo.scheme", true); pref("browser.osKeyStore.loglevel", "Warn"); pref("browser.stopReloadAnimation.enabled", true); pref("browser.tabs.multiselect", true); pref("browser.tabs.showAudioPlayingIcon", true); pref("browser.ui.scroll-toolbar-threshold", 10); pref("browser.urlbar.update1", true); pref("browser.urlbar.update1.view.stripHttps", true); pref("browser.xul.error_pages.enabled", true); pref("devtools.debugger.source-maps-enabled", true); pref("devtools.inspector.use-new-box-model-highlighter", false); pref("dom.mozBrowserFramesEnabled", true); pref("dom.registerProtocolHandler.insecure.enabled", false); pref("extensions.webservice.discoverURL", "https://discovery.addons.mozilla.org/%LOCALE%/firefox/discovery/pane/%VERSION%/%OS%/%COMPATIBILITY_MODE%"); pref("gfx.vsync.use-waitforvblank", false); pref("javascript.options.mem.gc_avoid_interrupt_factor", 100); pref("javascript.options.mem.gc_dynamic_heap_growth", true); pref("javascript.options.mem.gc_dynamic_mark_slice", true); pref("javascript.options.mem.gc_high_frequency_heap_growth_max", 300); pref("javascript.options.mem.gc_high_frequency_heap_growth_min", 150); pref("javascript.options.mem.gc_high_frequency_high_limit_mb", 500); pref("javascript.options.mem.gc_high_frequency_low_limit_mb", 100); pref("javascript.options.mem.gc_non_incremental_factor", 112); pref("layout.css.contain.enabled", true); pref("network.disable.ipc.security", true); pref("privacy.purge_trackers.logging.enabled", false); pref("security.identityblock.show_extended_validation", false); pref("signon.management.overrideURI", "about:logins?filter=%DOMAIN%"); ``` ==CHANGED ```js pref("browser.contentblocking.report.monitor.how_it_works.url", "https://monitor.firefox.com/about"); // prev: "https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/monitor-faq" pref("browser.newtabpage.activity-stream.asrouter.providers.message-groups", "{\"id\":\"message-groups\",\"enabled\":false,\"type\":\"remote-settings\",\"bucket\":\"message-groups\",\"updateCycleInMs\":3600000}"); // prev: "{\"id\":\"message-groups\",\"enabled\":true,\"type\":\"remote-settings\",\"bucket\":\"message-groups\",\"updateCycleInMs\":3600000}" pref("browser.safebrowsing.provider.google.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?site="); // prev: "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&site=" pref("browser.safebrowsing.provider.google4.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?site="); // prev: "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&site=" pref("browser.tabs.remote.separatePrivilegedContentProcess", true); // prev: false pref("browser.urlbar.maxCharsForSearchSuggestions", 100); // prev: 20 pref("devtools.netmonitor.columnsData", "[{\"name\":\"status\",\"minWidth\":30,\"width\":5}, {\"name\":\"method\",\"minWidth\":30,\"width\":5}, {\"name\":\"domain\",\"minWidth\":30,\"width\":10}, {\"name\":\"file\",\"minWidth\":30,\"width\":25}, {\"name\":\"url\",\"minWidth\":30,\"width\":25},{\"name\":\"initiator\",\"minWidth\":30,\"width\":10},{\"name\":\"type\",\"minWidth\":30,\"width\":5},{\"name\":\"transferred\",\"minWidth\":30,\"width\":10},{\"name\":\"contentSize\",\"minWidth\":30,\"width\":5},{\"name\":\"waterfall\",\"minWidth\":150,\"width\":15}]"); // prev: "[{\"name\":\"status\",\"minWidth\":30,\"width\":5}, {\"name\":\"method\",\"minWidth\":30,\"width\":5}, {\"name\":\"domain\",\"minWidth\":30,\"width\":10}, {\"name\":\"file\",\"minWidth\":30,\"width\":25}, {\"name\":\"url\",\"minWidth\":30,\"width\":25}, {\"name\":\"cause\",\"minWidth\":30,\"width\":10},{\"name\":\"initiator\",\"minWidth\":30,\"width\":10},{\"name\":\"type\",\"minWidth\":30,\"width\":5},{\"name\":\"transferred\",\"minWidth\":30,\"width\":10},{\"name\":\"contentSize\",\"minWidth\":30,\"width\":5},{\"name\":\"waterfall\",\"minWidth\":150,\"width\":15}]" pref("devtools.netmonitor.visibleColumns", "[\"status\",\"method\",\"domain\",\"file\",\"initiator\",\"type\",\"transferred\",\"contentSize\",\"waterfall\"]"); // prev: "[\"status\",\"method\",\"domain\",\"file\",\"cause\",\"type\",\"transferred\",\"contentSize\",\"waterfall\"]" pref("dom.quotaManager.useDOSDevicePathSyntax", true); // prev: false pref("gfx.omta.background-color", true); // prev: false pref("gfx.webrender.enable-item-cache", true); // prev: false pref("layout.css.image-orientation.initial-from-image", true); // prev: false pref("network.auth.confirmAuth.enabled", true); // prev: false pref("network.http.http3.default-qpack-table-size", 0); // prev: 65536 pref("privacy.purge_trackers.logging.level", "Error"); // prev: "Warn" pref("signon.management.page.os-auth.enabled", false); // prev: true ```

earthlng commented 4 years ago
some bugzilla tickets

* accessibility.ARIAReflection.enabled Bug [1628418](https://bugzilla.mozilla.org/show_bug.cgi?id=1628418) - ARIA reflection: implement AccessibilityRole interface * apz.frame_delay.enabled Bug [1630781](https://bugzilla.mozilla.org/show_bug.cgi?id=1630781) - Eliminate the frame_delay pref, assume it true everywhere. * apz.windows.force_disable_direct_manipulation Bug [1635243](https://bugzilla.mozilla.org/show_bug.cgi?id=1635243). Only use WS_EX_LAYERED | WS_EX_TRANSPARENT on the compositor window on nightly for now. Bug [1632357](https://bugzilla.mozilla.org/show_bug.cgi?id=1632357). Add a pref to disable adding the WS_EX_LAYERED style to the compositor window. * browser.aboutwelcome.log Bug [1631668](https://bugzilla.mozilla.org/show_bug.cgi?id=1631668) - Consolidate messaging-system and about:welcome logging, add additional logs Bug [1617783](https://bugzilla.mozilla.org/show_bug.cgi?id=1617783) - Add JSWindowActors to about:welcome * browser.contentblocking.report.monitor.how_it_works.url Bug [1602096](https://bugzilla.mozilla.org/show_bug.cgi?id=1602096) - update 'How it works' link on Firefox Monitor Card. * browser.find.anonymous_content.enabled Bug [1627643](https://bugzilla.mozilla.org/show_bug.cgi?id=1627643) - Allow to find and display selection native anonymous content. * browser.fixup.dns_first_for_single_words Bug [1496578](https://bugzilla.mozilla.org/show_bug.cgi?id=1496578) - convert nsDefaultURIFixup to URIFixup.jsm. * browser.fixup.typo.scheme Bug [1496578](https://bugzilla.mozilla.org/show_bug.cgi?id=1496578) - convert nsDefaultURIFixup to URIFixup.jsm. * browser.newtabpage.activity-stream.asrouter.providers.message-groups Bug [1633009](https://bugzilla.mozilla.org/show_bug.cgi?id=1633009) - Disable the Remote Settings message-group provider because it is not used Bug [1578754](https://bugzilla.mozilla.org/show_bug.cgi?id=1578754) - Implement groups configuration for Messaging System content * browser.newtabpage.activity-stream.asrouter.providers.messaging-experiments Bug [1631456](https://bugzilla.mozilla.org/show_bug.cgi?id=1631456) - Create a CFR message loader for ExperimentAPI * browser.osKeyStore.loglevel Bug [1631879](https://bugzilla.mozilla.org/show_bug.cgi?id=1631879) - Update the name of the osKeyStore log preference now that it has moved to toolkit. Bug [1194529](https://bugzilla.mozilla.org/show_bug.cgi?id=1194529) - Update OSKeyStore pref names now that the module is moved. * browser.safebrowsing.provider.google.reportURL Bug [1408779](https://bugzilla.mozilla.org/show_bug.cgi?id=1408779) - link to report why page has been classified as malicious/deceptive/... should have variables %NAME% and %LOCALE% replaced * browser.safebrowsing.provider.google4.reportURL Bug [1408779](https://bugzilla.mozilla.org/show_bug.cgi?id=1408779) - link to report why page has been classified as malicious/deceptive/... should have variables %NAME% and %LOCALE% replaced * browser.stopReloadAnimation.enabled Bug [1629953](https://bugzilla.mozilla.org/show_bug.cgi?id=1629953) - Use prefers-reduced-motion media query for the stop/reload button animation. * browser.tabs.documentchannel.parent-initiated Bug [1632098](https://bugzilla.mozilla.org/show_bug.cgi?id=1632098) - P3. Enable the ParentProcessDocumentChannel. Bug [1602318](https://bugzilla.mozilla.org/show_bug.cgi?id=1602318) - Enable parent initiated loads pref. Bug [1602318](https://bugzilla.mozilla.org/show_bug.cgi?id=1602318) - Initiate document loads in the parent process in parallel with setting up the content process side. Bug [1602318](https://bugzilla.mozilla.org/show_bug.cgi?id=1602318) - Start loads directly from CanonicalBrowsingContext when possible. * browser.tabs.documentchannel.ppdc Bug [1632098](https://bugzilla.mozilla.org/show_bug.cgi?id=1632098) - P3. Enable the ParentProcessDocumentChannel. Bug [1607984](https://bugzilla.mozilla.org/show_bug.cgi?id=1607984) - P17. Put ParentProcessDocumentChannel behind a pref. * browser.tabs.multiselect Bug [1634013](https://bugzilla.mozilla.org/show_bug.cgi?id=1634013) - Remove the browser.tabs.multiselect pref * browser.tabs.remote.allowLinkedWebInFileUriProcess Bug [1603007](https://bugzilla.mozilla.org/show_bug.cgi?id=1603007) - Remove allowLinkedWebInFileUriProcess Bug [1626583](https://bugzilla.mozilla.org/show_bug.cgi?id=1626583) - Always disable allowLinkedWebInFileUriProcess Bug [1603006](https://bugzilla.mozilla.org/show_bug.cgi?id=1603006) - Ignore allowLinkedWebInFile when documentChannel is enabled * browser.tabs.remote.separatePrivilegedContentProcess Bug [1621269](https://bugzilla.mozilla.org/show_bug.cgi?id=1621269) - Disable the privileged about content process on Linux64 ccov builds. Bug [1617983](https://bugzilla.mozilla.org/show_bug.cgi?id=1617983) - Re-enable separate privileged about content process for about:home, about:newtab, about:welcome on Nightly. * browser.tabs.showAudioPlayingIcon Bug [1634012](https://bugzilla.mozilla.org/show_bug.cgi?id=1634012) - Remove the browser.tabs.showAudioPlayingIcon pref.r=dao * browser.ui.scroll-toolbar-threshold Bug [1627716](https://bugzilla.mozilla.org/show_bug.cgi?id=1627716) - Remove APZ/composition code related to DynamicToolbarAnimator. * browser.urlbar.maxCharsForSearchSuggestions Bug [1618769](https://bugzilla.mozilla.org/show_bug.cgi?id=1618769) - Increase max chars for search suggestions, and don't fetch suggestions at all when max is reached due to paste. * browser.urlbar.oneOffSearches Bug [1628926](https://bugzilla.mozilla.org/show_bug.cgi?id=1628926) - Remove the browser.urlbar.oneOffSearches pref. * browser.urlbar.restyleSearches Bug [1626946](https://bugzilla.mozilla.org/show_bug.cgi?id=1626946) - Remove search suggestions that dupe a search history result. * browser.urlbar.update1 Bug [1627988](https://bugzilla.mozilla.org/show_bug.cgi?id=1627988) - Remove the browser.urlbar.update1.view.stripHttps pref. Bug [1627969](https://bugzilla.mozilla.org/show_bug.cgi?id=1627969) - Remove the megabar pref. Bug [1617029](https://bugzilla.mozilla.org/show_bug.cgi?id=1617029) - Enable urlbar.update1.* prefs (quantumbar update 1) on Release. Bug [1616880](https://bugzilla.mozilla.org/show_bug.cgi?id=1616880) - Allow tabbing through urlbar results when there's a search string. Bug [1613869](https://bugzilla.mozilla.org/show_bug.cgi?id=1613869) - Enable urlbar.update1.* prefs on early Beta. Bug [1613699](https://bugzilla.mozilla.org/show_bug.cgi?id=1613699) - Rename browser.urlbar.update1.expandTextOnFocus pref to ...update2... Bug [1613608](https://bugzilla.mozilla.org/show_bug.cgi?id=1613608) - Enable Interventions in Nightly but not in xpcshell tests. Bug [1613608](https://bugzilla.mozilla.org/show_bug.cgi?id=1613608) - Enable Interventions in Nightly. Bug [1608766](https://bugzilla.mozilla.org/show_bug.cgi?id=1608766) - Disable tabbing through results after focusing the Urlbar with the keyboard, behind a pref. Bug [1606917](https://bugzilla.mozilla.org/show_bug.cgi?id=1606917) - Port the Interventions experiment into a new provider. Bug [1609699](https://bugzilla.mozilla.org/show_bug.cgi?id=1609699) - Rename browser.urlbar.searchTips pref to browser.urlbar.update1.searchTips. Bug [1603780](https://bugzilla.mozilla.org/show_bug.cgi?id=1603780) - Set browser.urlbar.update1.expandTextOnFocus default value in Nightly. Bug [1601339](https://bugzilla.mozilla.org/show_bug.cgi?id=1601339) - Disable expandTextOnFocus. * browser.urlbar.update1.view.stripHttps Bug [1627988](https://bugzilla.mozilla.org/show_bug.cgi?id=1627988) - Remove the browser.urlbar.update1.view.stripHttps pref. Bug [1617029](https://bugzilla.mozilla.org/show_bug.cgi?id=1617029) - Enable urlbar.update1.* prefs (quantumbar update 1) on Release. * browser.xul.error_pages.enabled Bug [1592780](https://bugzilla.mozilla.org/show_bug.cgi?id=1592780) - Empty alerts when browser.xul.error_pages.enabled=false, * devtools.contenttoolbox.webconsole.input.context Bug [1628346](https://bugzilla.mozilla.org/show_bug.cgi?id=1628346) - Add a dedicated context selector pref for content toolbox. * devtools.experiment.f12.shortcut_disabled Bug [1630228](https://bugzilla.mozilla.org/show_bug.cgi?id=1630228) - Basic implementation to disable F12 until toolbox opens * devtools.inspector.compatibility.target-browsers Bug [1590981](https://bugzilla.mozilla.org/show_bug.cgi?id=1590981): Make target browsers persistent. * devtools.inspector.use-new-box-model-highlighter Bug [1607755](https://bugzilla.mozilla.org/show_bug.cgi?id=1607755) - Remove box model highlighter implementation with setupInParent() * dom.mozBrowserFramesEnabled Bug [1630691](https://bugzilla.mozilla.org/show_bug.cgi?id=1630691): Part 2 - Get rid of the "dom.mozBrowserFramesEnabled" pref. * dom.quotaManager.useDOSDevicePathSyntax Bug [1632133](https://bugzilla.mozilla.org/show_bug.cgi?id=1632133) - Enable DOS device path syntax for quota storage by default; Bug [1626846](https://bugzilla.mozilla.org/show_bug.cgi?id=1626846) - Disable useDOSDevicePathSyntax for QuotaStorage on Windows; * dom.registerProtocolHandler.insecure.enabled Bug [1597267](https://bugzilla.mozilla.org/show_bug.cgi?id=1597267) - Remove dom.registerProtocolHandler.insecure.enabled * dom.security.https_only_mode.upgrade_local Bug [1631384](https://bugzilla.mozilla.org/show_bug.cgi?id=1631384) - Added upgrade exceptions for HTTPS Only Mode. * dom.security.https_only_mode.upgrade_onion Bug [1631384](https://bugzilla.mozilla.org/show_bug.cgi?id=1631384) - Added upgrade exceptions for HTTPS Only Mode. * dom.security.https_only_mode_ever_enabled Bug [1620244](https://bugzilla.mozilla.org/show_bug.cgi?id=1620244) - Retention telemetry for HTTPS Only Mode. * dom.window.content.untrusted.enabled Bug [1632143](https://bugzilla.mozilla.org/show_bug.cgi?id=1632143) - Disable window.content in early betas Bug [1632116](https://bugzilla.mozilla.org/show_bug.cgi?id=1632116) - Introduce dom.window.content.untrusted.enabled * editor.truncate_user_pastes Bug [1320229](https://bugzilla.mozilla.org/show_bug.cgi?id=1320229) - allow user pastes longer than input maxlength * extensions.blocklist.addonItemURL Bug [1620621](https://bugzilla.mozilla.org/show_bug.cgi?id=1620621) - Add bloomfilter-based blocklist for addons * extensions.blocklist.useMLBF Bug [1620621](https://bugzilla.mozilla.org/show_bug.cgi?id=1620621) - Implement blocklist stashing behind pref Bug [1620621](https://bugzilla.mozilla.org/show_bug.cgi?id=1620621) - Add bloomfilter-based blocklist for addons * extensions.blocklist.useMLBF.stashes Bug [1620621](https://bugzilla.mozilla.org/show_bug.cgi?id=1620621) - Implement blocklist stashing behind pref * extensions.webservice.discoverURL Bug [1620438](https://bugzilla.mozilla.org/show_bug.cgi?id=1620438) - Remove references to extensions.webservice.discoverURL. * gfx.color_management.mode Bug [455077](https://bugzilla.mozilla.org/show_bug.cgi?id=455077) - Enable color management for all CSS/images, not just tagged images. * gfx.omta.background-color Bug [1535532](https://bugzilla.mozilla.org/show_bug.cgi?id=1535532) - Enable background color animations on the compositor by default on all channels. * gfx.vsync.force-disable-waitforvblank Bug [1630389](https://bugzilla.mozilla.org/show_bug.cgi?id=1630389) - Enable WaitForVBlank by default on Windows 10 * gfx.vsync.use-waitforvblank Bug [1630389](https://bugzilla.mozilla.org/show_bug.cgi?id=1630389) - Enable WaitForVBlank by default on Windows 10 Bug [1628137](https://bugzilla.mozilla.org/show_bug.cgi?id=1628137) - Switch to using WaitForVBlank for vsync on Windows * gfx.webrender.enable-item-cache Bug [1633842](https://bugzilla.mozilla.org/show_bug.cgi?id=1633842) - Enable WR item cache Bug [1616412](https://bugzilla.mozilla.org/show_bug.cgi?id=1616412) - Enable WebRender display item caching * gfx.webrender.gl-debug-message-critical-note Bug [1632096](https://bugzilla.mozilla.org/show_bug.cgi?id=1632096) - Forward WebRender gl(ANGLE) error message to gfx critical note * gfx.webrender.gl-debug-message-print Bug [1632096](https://bugzilla.mozilla.org/show_bug.cgi?id=1632096) - Forward WebRender gl(ANGLE) error message to gfx critical note * gfx.webrender.use-optimized-shaders Bug [1604615](https://bugzilla.mozilla.org/show_bug.cgi?id=1604615) - Use optimized shader source in webrender. * identity.sync.useOAuthForSyncToken Bug [1631830](https://bugzilla.mozilla.org/show_bug.cgi?id=1631830) - Fetch Sync tokens with OAuth behind a pref * image.avif.enabled Bug [1625363](https://bugzilla.mozilla.org/show_bug.cgi?id=1625363) - AVIF (AV1 Image File Format): experimental support. * image.honor_orientation_metadata.natural_size Bug [1630165](https://bugzilla.mozilla.org/show_bug.cgi?id=1630165) - Remove nightly-only gate from naturalWidth/naturalHeight honoring orientation metadata. Bug [1566316](https://bugzilla.mozilla.org/show_bug.cgi?id=1566316) - Make naturalWidth/naturalHeight on images honor orientation metadata. * image.honor-orientation-metadata Bug [1616411](https://bugzilla.mozilla.org/show_bug.cgi?id=1616411) - Part 3: Make RasterImage deal with and apply image orientation. * javascript.options.mem.gc_avoid_interrupt_factor Bug [1630961](https://bugzilla.mozilla.org/show_bug.cgi?id=1630961) - Remove unused heurisitic to delaying GCs that may cause resets * javascript.options.mem.gc_dynamic_heap_growth Bug [1633405](https://bugzilla.mozilla.org/show_bug.cgi?id=1633405) - Remove dynamic GC options that are enabled everywhere * javascript.options.mem.gc_dynamic_mark_slice Bug [1633405](https://bugzilla.mozilla.org/show_bug.cgi?id=1633405) - Remove dynamic GC options that are enabled everywhere * javascript.options.mem.gc_high_frequency_heap_growth_max Bug [1633457](https://bugzilla.mozilla.org/show_bug.cgi?id=1633457) - Rename some GC parameters for clarity * javascript.options.mem.gc_high_frequency_heap_growth_min Bug [1633457](https://bugzilla.mozilla.org/show_bug.cgi?id=1633457) - Rename some GC parameters for clarity * javascript.options.mem.gc_high_frequency_high_limit_mb Bug [1633457](https://bugzilla.mozilla.org/show_bug.cgi?id=1633457) - Rename some GC parameters for clarity * javascript.options.mem.gc_high_frequency_large_heap_growth Bug [1633457](https://bugzilla.mozilla.org/show_bug.cgi?id=1633457) - Rename some GC parameters for clarity * javascript.options.mem.gc_high_frequency_low_limit_mb Bug [1633457](https://bugzilla.mozilla.org/show_bug.cgi?id=1633457) - Rename some GC parameters for clarity * javascript.options.mem.gc_high_frequency_small_heap_growth Bug [1633457](https://bugzilla.mozilla.org/show_bug.cgi?id=1633457) - Rename some GC parameters for clarity * javascript.options.mem.gc_large_heap_incremental_limit Bug [1633752](https://bugzilla.mozilla.org/show_bug.cgi?id=1633752) - Calculate non-incremental threshold based on heap size and increase it for smaller heaps * javascript.options.mem.gc_large_heap_size_min_mb Bug [1633457](https://bugzilla.mozilla.org/show_bug.cgi?id=1633457) - Rename some GC parameters for clarity * javascript.options.mem.gc_non_incremental_factor Bug [1633752](https://bugzilla.mozilla.org/show_bug.cgi?id=1633752) - Calculate non-incremental threshold based on heap size and increase it for smaller heaps * javascript.options.mem.gc_small_heap_incremental_limit Bug [1633752](https://bugzilla.mozilla.org/show_bug.cgi?id=1633752) - Calculate non-incremental threshold based on heap size and increase it for smaller heaps * javascript.options.mem.gc_small_heap_size_max_mb Bug [1633457](https://bugzilla.mozilla.org/show_bug.cgi?id=1633457) - Rename some GC parameters for clarity * javascript.options.wasm_reftypes Bug [1618595](https://bugzilla.mozilla.org/show_bug.cgi?id=1618595): Disable Cranelift on aarch64 when reftypes are enabled; * layout.css.always-repaint-on-unvisited Bug [1632765](https://bugzilla.mozilla.org/show_bug.cgi?id=1632765) - Turn on some more :visited privacy mitigations. * layout.css.contain.enabled Bug [1626458](https://bugzilla.mozilla.org/show_bug.cgi?id=1626458) part 1: Remove pref for CSS Containment (layout.css.contain.enabled) Bug [1623819](https://bugzilla.mozilla.org/show_bug.cgi?id=1623819) - Part 1: Fix a few initial values in Rust property definitions. * layout.css.grid-template-masonry-value.enabled Bug [1607954](https://bugzilla.mozilla.org/show_bug.cgi?id=1607954) part 1 - [css-grid][css-align] Implement style system support for Masonry layout. * layout.css.image-orientation.initial-from-image Bug [1616411](https://bugzilla.mozilla.org/show_bug.cgi?id=1616411) - Part 2: Don't bother passing in the size to OrientedImage::OrientSurface. Bug [1623820](https://bugzilla.mozilla.org/show_bug.cgi?id=1623820) - Part 2: Make image-orientation initial value change be Nightly only. * layout.css.is-where-selectors.enabled Bug [1509418](https://bugzilla.mozilla.org/show_bug.cgi?id=1509418) - Enable the feature in Nightly. Bug [1629735](https://bugzilla.mozilla.org/show_bug.cgi?id=1629735) - Implement parsing / selector-matching for :is() and :where(). * layout.css.notify-of-unvisited Bug [1632765](https://bugzilla.mozilla.org/show_bug.cgi?id=1632765) - Turn on some more :visited privacy mitigations. * media.getdisplaymedia.enabled Bug [1624181](https://bugzilla.mozilla.org/show_bug.cgi?id=1624181) - Omit getDisplayMedia() function on android to aid feature detection. * media.testing-only-events Bug [1625615](https://bugzilla.mozilla.org/show_bug.cgi?id=1625615) - part5 : add test-only attribute and event for media element. * network.data.max-uri-length-mobile Bug [1626687](https://bugzilla.mozilla.org/show_bug.cgi?id=1626687) - Do not handle data URIs larger than 2M on mobile * network.disable.ipc.security Bug [1322254](https://bugzilla.mozilla.org/show_bug.cgi?id=1322254) - Remove network.disable.ipc.security pref * network.http.http3.default-qpack-table-size Bug [1628460](https://bugzilla.mozilla.org/show_bug.cgi?id=1628460) - Turn off qpack dynamic table. * privacy.purge_trackers.logging.enabled Bug [1628743](https://bugzilla.mozilla.org/show_bug.cgi?id=1628743) - Enable cookie purging by default in Nightly, clean up logging prefs. Bug [1599262](https://bugzilla.mozilla.org/show_bug.cgi?id=1599262) - Purge site data after identifying tracking site via cookies. * privacy.purge_trackers.logging.level Bug [1628743](https://bugzilla.mozilla.org/show_bug.cgi?id=1628743) - Enable cookie purging by default in Nightly, clean up logging prefs. Bug [1624863](https://bugzilla.mozilla.org/show_bug.cgi?id=1624863) - Rewrite PurgeTrackerService.jsm logging to use console.createInstance * privacy.restrict3rdpartystorage.expiration_visited Bug [1616585](https://bugzilla.mozilla.org/show_bug.cgi?id=1616585) - add heuristic for visited redirection; * privacy.restrict3rdpartystorage.heuristic.recently_visited Bug [1616585](https://bugzilla.mozilla.org/show_bug.cgi?id=1616585) - add heuristic for visited redirection; * privacy.restrict3rdpartystorage.heuristic.recently_visited_time Bug [1616585](https://bugzilla.mozilla.org/show_bug.cgi?id=1616585) - add heuristic for visited redirection; * privacy.trackingprotection.testing.report_blocked_node Bug [1608516](https://bugzilla.mozilla.org/show_bug.cgi?id=1608516) - Part 3: Add a pref to prevent sending unnecessary IPC if we are not in testing. * privacy.webrtc.allowSilencingNotifications Bug [1637336](https://bugzilla.mozilla.org/show_bug.cgi?id=1637336) - Add a preference that uses an alternative WebRTC screen sharing permission panel configuration. * privacy.webrtc.legacyGlobalIndicator Bug [1636207](https://bugzilla.mozilla.org/show_bug.cgi?id=1636207) - Fork the WebRTC global indicator for a refresh. * privacy.webrtc.sharedTabWarning Bug [1634796](https://bugzilla.mozilla.org/show_bug.cgi?id=1634796) - Add a panel that warns users before switching tabs when sharing the window over WebRTC. * prompts.defaultModalType Bug [1615588](https://bugzilla.mozilla.org/show_bug.cgi?id=1615588) - Extended nsIPromptService to support tab modal prompts. * prompts.modalType.confirmAuth Bug [1629808](https://bugzilla.mozilla.org/show_bug.cgi?id=1629808) - Updated ConfirmAuth dialogs to be tab modal and re-enabled them. * prompts.modalType.insecureFormSubmit Bug [616849](https://bugzilla.mozilla.org/show_bug.cgi?id=616849) - Made insecure form submission prompt tab modal. * security.identityblock.show_extended_validation Bug [1599729](https://bugzilla.mozilla.org/show_bug.cgi?id=1599729) - Remove security.identityblock.show_extended_validation pref and related UI code. * services.blocklist.addons-mlbf.checked Bug [1620621](https://bugzilla.mozilla.org/show_bug.cgi?id=1620621) - Add bloomfilter-based blocklist for addons * services.blocklist.addons-mlbf.collection Bug [1620621](https://bugzilla.mozilla.org/show_bug.cgi?id=1620621) - Add bloomfilter-based blocklist for addons * services.blocklist.addons-mlbf.signer Bug [1620621](https://bugzilla.mozilla.org/show_bug.cgi?id=1620621) - Add bloomfilter-based blocklist for addons * services.sync.prefs.sync.intl.regional_prefs.use_os_locales Bug [1379910](https://bugzilla.mozilla.org/show_bug.cgi?id=1379910) - Add Preference option to change the locale strategy for regional preferences * signon.management.overrideURI Bug [1569253](https://bugzilla.mozilla.org/show_bug.cgi?id=1569253) - remove old password manager UI. * signon.management.page.os-auth.enabled Bug [1636511](https://bugzilla.mozilla.org/show_bug.cgi?id=1636511) - Disable the OS auth feature in about:logins on Release and Beta. Bug [1626138](https://bugzilla.mozilla.org/show_bug.cgi?id=1626138) - Add a temporary pref to disable the OS auth prompt. * signon.showAutoCompleteImport Bug [1618311](https://bugzilla.mozilla.org/show_bug.cgi?id=1618311) - Contextually suggest importing passwords as an autocomplete entry * toolkit.asyncshutdown.report_writes_after Bug [1610134](https://bugzilla.mozilla.org/show_bug.cgi?id=1610134): Part 1: add timeout pref that turns on late write checking to see if it's possible to crash browser earlier. * toolkit.osKeyStore.loglevel Bug [1631879](https://bugzilla.mozilla.org/show_bug.cgi?id=1631879) - Update the name of the osKeyStore log preference now that it has moved to toolkit. * webgl.prototype.ipc-pcq Bug [1621762](https://bugzilla.mozilla.org/show_bug.cgi?id=1621762): Part 7 - Add IpdlQueue actor traits to WebGLParent/WebGLChild

Thorin-Oakenpants commented 4 years ago

I think we can remove 0850c, 0850d, 0850e (b is already gone and e is deprecated this release: that the oneOffSearches). The urlbar is now switched to the new awesomebar (and urlbar1 prefs removed) and those prefs (c + d), AFAIK, relate to the old one, but we should check. It also wouldn't surprise me if everything we know about the location bar is up for re-checking: e.g. if all suggestion types are disabled, are search engine keywords still disabled, etc. I mean, they rebuilt all the logic around their UX studies

Anyway: maxRichResults (c) and autofill (d) have nothing to do with privacy and oneOffSearches (e) doesn't either, but at least that's deprecated now. I get the shoulder surfer aspect of it, but that's on the end user: even Tor Browser doesn't cover this. You can't code OpSec.

TBH: if you're like me and don't like the urlbar doing anything except being static (no suggestions, not UI changes, no movements, no color changes), then I've simply been using chrome css

crssi commented 4 years ago

^^ I am using 0850c and 0850d. And both are still valid in FF 76. Don't know about 77 yet.

rusty-snake commented 4 years ago

dom.security.https_only_mode.upgrade_local:

If true and HTTPS-only mode is enabled, requests to local IP addresses are also upgraded

dom.security.https_only_mode.upgrade_onion:

If true and HTTPS-only mode is enabled, requests to .onion hosts are also upgraded

dom.security.https_only_mode_ever_enabled:

WARNING: Don't ever update that pref manually! It is only used for telemetry purposes and allows to reason about retention of the pref dom.security.https_only_mode from above.

Telemetry is disabled and reseting this in the user.js would be useless.

earthlng commented 4 years ago

https://github.com/ghacksuserjs/ghacks-user.js/issues/923 is an issue again in FF77 !! (but it only affects Windows)

The good news is that the problem is apparently already fixed in FF78+ (1634267). So we can either temporarily set 0709 to false or add dom.quotaManager.useDOSDevicePathSyntax=false for the 77 release.

useDOSDevicePathSyntax=true is supposed to fix issues when file paths exceed the path limit on Windows so I think the better option is to just set 0709 to false. (We should set it to false instead of making it inactive, for people who don't run the prefsCleaner after every update)

Linux and Mac users can add 0709 to their user-overrides if they deem it necessary but it's a pretty edge-case protection anyways and losing it for 1 release isn't too bad either, IMO.

Thorin-Oakenpants commented 4 years ago

speaking of breakage - did you get that email I sent about changes to the origin attributes and thus to the naming conventions? I don't have the email anymore so I can't find the ticket quickly. I hope we don't end up with a migration mess like when they applied OA to extensions

earthlng commented 4 years ago

this is the link you sent me: https://bugzilla.mozilla.org/show_bug.cgi?id=1558932#c16

FYI just found these 2 in FF78beta1 which sound like they're related:

pref("privacy.dynamic_firstparty.use_site", true);
pref("privacy.firstparty.isolate.use_site", false);

update: both prefs were implemented in 1637516

earthlng commented 4 years ago

updated OP for the final release. Only 1 difference since RC1: the change to gfx.color_management.mode didn't land

collinbarrett commented 4 years ago

Sorry if I missed this somewhere, but Firefox release on Windows just updated to v77. With ghacksuserjs, extensions seem to be messed up. For example, trying to view the uBlock Origin settings page only shows the header bar but no content. This issue seems to affect other extensions as well. Without ghacksuserjs, there is no issue. Suggestions on a setting I should adjust? Thanks!

image

crssi commented 4 years ago

@collinbarrett see https://github.com/ghacksuserjs/ghacks-user.js/issues/951

Thorin-Oakenpants commented 4 years ago

this is the link you sent me

It's ~a tad~ ~somewhat~ ~quite~ fucking hard to follow ATM. There's a lot of dFPI stuff going on, and then baku is busy adding isolate* prefs (some sort of partitioning ), and then there's a bunch of over-arching tickets about principals and OA's

Thorin-Oakenpants commented 4 years ago

OT: anyone know the css for userChrome to modify the awesomebar and searchbar blue outlines when they have focus (as show in the top part of the pic)

css

Thorin-Oakenpants commented 4 years ago

@collinbarrett , @crssi https://github.com/ghacksuserjs/ghacks-user.js/commit/05580f5e99ccbe02646c9062acd137e51b55a8d2

Added to the master so no-one needs an override: I'll remove it some time well after 78 lands and it's known to be fixed

Thorin-Oakenpants commented 4 years ago

If anyone has a reddit account ... this totally looks like the UNC / DOS Path problem - just point them to #923 - TIA

gwarser commented 4 years ago

anyone know the css for userChrome to modify the awesomebar and searchbar blue outlines when they have focus

Maybe https://www.reddit.com/r/FirefoxCSS/comments/fxez4e/remove_new_megabar_grow_shrink_effect/fmvadbr/

Shadowized commented 4 years ago

OT: anyone know the css for userChrome to modify the awesomebar and searchbar blue outlines when they have focus (as show in the top part of the pic)

I use this.

#urlbar[focused] > #urlbar-background{
  border-color:hsla(240,5%,5%,.35) !important;
  box-shadow: 0 1px 6px rgba(0,0,0,.1) !important;
}
Thorin-Oakenpants commented 4 years ago

^^ thanks (I'll check it out), and @gwarser that helped with the css property name

this works for urlbar: cannot for the life of me get the selectors right for searchbar (the one on the right)

#urlbar, .searchbar-textbox {
    --toolbar-field-focus-border-color: #202124 !important;
}

chromecss gif

Shadowized commented 4 years ago

my bad, didn't realize you needed both, this should work.

#urlbar[focused="true"] > #urlbar-background,
#searchbar:focus-within{
Thorin-Oakenpants commented 4 years ago

this should work

Excellent .. have a socially distanced hug 🤗

MawerickCruz commented 4 years ago

I think they fully broke 1633. Now its user_pref("ui.prefersReducedMotion", 1);. Can somebody confirm or its my imagination?

Classic urlbar CSS for Firefox 77

#urlbar[breakout][breakout-extend] {
top: 5px !important;
left: 0px !important;
width: 100% !important;
padding: 0px !important;
}
#urlbar[breakout][breakout-extend] > #urlbar-input-container {
height: var(--urlbar-height) !important;
padding: 0 !important;
}
#urlbar[breakout][breakout-extend] > #urlbar-background {
animation: none !important;;
}
#urlbar[breakout][breakout-extend] > #urlbar-background {
box-shadow: none !important;
}
#urlbar-results {
padding-top: 0 !important;
padding-bottom: 0 !important;
}
.urlbarView-body-inner {
border-top: 0px !important;
}
MawerickCruz commented 4 years ago

Yes. Im talking about toolkit.cosmeticAnimations.enabled in personal section. For exemple look on refresh page button with ui.prefersReducedMotion;1 and without it. So its bad idea use ui.prefersReducedMotion;1? Somehowe rise entropy or something? I`am not disable RFP.

Thorin-Oakenpants commented 4 years ago

Here's the meta bug - there are at least 5 bugs in all of the ones for FF77 (I queried all 77 bugs) where the title indicates a change to UI animations to use PRM

The pref in the personal section will eventually be deprecated. Just use your custom chrome css. But long term the idea is that RFP exempts the UI (chrome) etc.

Yes, javascript can query what your prefers motion and prefers color etc are - so RFP locks that down to the default, otherwise it's just another bit of data that can be used overall in your fingerprint

rugabunda commented 4 years ago

@Thorin-Oakenpants 

pref("privacy.dynamic_firstparty.use_site", true);
pref("privacy.firstparty.isolate.use_site", false);

Quoting FF Devs:

"We can keep FPI/dFPI have the same behavior here, and (if necessary, ) use another pref to control whether we should use site or not. The pref may keep some backward-compatibility for special cases, e.g. Tor Browser, and we can turn this pref on to use "site"."

src https://bugzilla.mozilla.org/show_bug.cgi?id=1637516#c9

rugabunda commented 4 years ago

"The first pieces of dynamic first-party isolation (DFPI) landed in Nightly. DFPI is an experimental approach to isolating all third party cookies and storage, similar to FPI (which is enabled by default in the Tor Browser and is also supported by Firefox). The most important difference between DFPI and FPI is that DFPI will adhere to exceptions granted through the storage access API and thus ensure better web compatibility. "

https://wiki.mozilla.org/Firefox_Security_Newsletter/FSN-2020-Q1

Thorin-Oakenpants commented 4 years ago

Thanks. I'm aware of all that and for the user.js I'm tracking it in #930

Edit: if FPI is on, dPFI is ignored, and until dFPI is enabled by default (which could be quite some time) there's nothing to do: and the longer it takes, the more bugs they fix and the more dFPI covers etc