-
Notifications
You must be signed in to change notification settings - Fork 523
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ToDo: diffs FF126-FF127 #1860
Comments
some bugzilla tickets
|
Looks like there is a new hidden pref for those (for whatever reason) need to use some ancient versions of specific add-ons. Test case can be found in Bug 1886157 comment 5. |
Hey, on Linux FF127 clean profile I have these by default: which in some manner contradicts with arkenfox' [DEFAULT: false] statements, so I explicitly enabled them as "false". Also 126->127 update somehow borked my profile (which never ever happened before), so that FF could not save session (pinned tabs) between restarts. Absolutely nothing helped, so I created the new profile. There are a couple of identical reports on FF forum. Anyways, thanks for hard work! |
I believe this is something to do with the |
https://searchfox.org/mozilla-central/source/browser/components/urlbar/UrlbarPrefs.sys.mjs#1059-1092 they don't seem to be in static prefs, so IDK. I'll change them all to be active in the next AF release. For me they default false, and I was talking about it the other day with someone - seems weird to built it all and then not use it. And it's not like it would be OS dependent. Maybe it regional/roll-out. |
default status is unknown - see #1860 (comment)
about https://bugzilla.mozilla.org/show_bug.cgi?id=1658094 (fixed by https://hg.mozilla.org/mozilla-central/rev/d85a0c432b59), should we change any "site settings" shutdown prefs and enforce |
Thanks, so yeah IDK too, checked under the clean profile for OpenSUSE Tumbleweed (standard repo package, without any language packs). And also why I went to check these in the first place - the "suggested" links started to appear for me after 126->127 update. |
Arkenfox has never set this to true. Until v94 it was active and set to false (which is what you're suggesting). In v94+ it has been inactive (and still kept at false). Wiping site settings is incredible destructive (I know that's not what you asked). But I'm also not going to go out of my way to enforce it false. It's on users who have to go out of their way to change this setting and that's on them. They may or may not have an override (you would think they do if they use prefsCleaner). Pretty sure the reason I dropped it active in 94 was to reduce all the noise and active prefs |
FYI about #1860 (comment) seems like it is what they've said in the release notes:
I guess that's why some have it ON while others don't I would also suggest enforcing |
Anyway, recent searches is not something that is a privacy concern IIUIC. I bookmarked a bugzilla comment a few weeks ago anticipating that someone would bring this up, and then after a week I deleted. Now I have to find it again .... sigh here it is https://bugzilla.mozilla.org/show_bug.cgi?id=1852848#c0 I guess the question is, do we sanitize search history on close (I think we do, but someone could test it) |
^ https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42735 maybe PB mode treats it differently? lets see what TB devs think, or feel free to dig in for me |
@Tiagoquix .. so some people might even clear site settings now (FF129+) - see b498a65 I'd do it myself except, while I hardly use them (excluding site cookies and data exceptions - I think I have about 3), those 3 items would be a real PITA to reset each session - and since there's really nothing in site settings for me, there's not much reason to sanitize it. Each to their own .. I sanitize everything everywhere all at once in all my other profiles :) fucking love it |
Thanks for the information. In contrast to cookies, site settings only exist if the user manually adds overrides (grants or not access to camera, location, microphone etc.), so I don't think there's really a reason to sanitize them. If we did clear then, it would mean clearing the exceptions, so no reason to do it as far as I can tell. |
well yeah that's kinda my point - if I add an exception it's for a reason - e.g. canvas RFP for tor forum. That said, sometimes you only want a temporary exception or from testing you want to clean out all the crap. IDK, up to each user :) Is nice to have as an option, but also a footgun - e.g. you sanitize site settings but the site data exception stays leading the mafia don to discover you visited/know-about pinocchio.com edit: which is getting out of scope: disk access required and you'd have bigger issues - also opsec |
FF127 release date: Jun. 11th 2024
FF127 release notes
FF127 for developers
FF127 security advisories
118 diffs ( 71 new, 32 gone, 15 different )
4004
pref("privacy.fingerprintingProtection.remoteOverrides.enabled", true);2630
pref("browser.contentanalysis.default_result", 0); - 1880314 - 10006510602
network.dns.disablePrefetch
/network.dns.disablePrefetchFromHTTPS
master switches ofdom.prefetch_dns_for_anchor_http_document
/dom.prefetch_dns_for_anchor_https_document
? #1870 (comment) - thanks @Jee-Hexremoved, renamed or hidden in v127.0:
2630
pref("browser.contentanalysis.default_allow", false); - 1880314 - 10006514511
pref("widget.non-native-theme.enabled", true); - 1848899 - 1000651changed in v127.0:
0602
pref("network.dns.disablePrefetchFromHTTPS", false); // prev: true - 1596935 - 5131044ignore
click me for details
==NEW
==REMOVED, RENAMED or HIDDEN
==CHANGED
The text was updated successfully, but these errors were encountered: