ToDo: diffs FF66-FF67

[earthlng]

FF67 is scheduled for release 14th 21 May

FF67 release notes [when ready]
FF67 for developers
FF67 compatibility
FF67 security advisories

155 diffs ( 94 new, 37 gone, 24 different )

new in v67.0:

• pref("browser.aboutConfig.showWarning", true); 5000s - 1500542 - 6231d6e
• CFR changes - 6ed3581
  • pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", true);
  • pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", true);
• pref("ui.use_standins_for_native_colors", false); 2618 move to RFP ALTs - 57339d0
  • no longer hidden - 411805b

FYI

• pref("extensions.allowPrivateBrowsingByDefault", false); - will get removed in a few releases
• pref("dom.webnotifications.allowinsecure", false); - 1429432 , Compat

removed, renamed or hidden in v67.0:

DONE - dfab151

• pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", true); - 5000s - 1528953
• pref("dom.event.highrestimestamp.enabled", true); - 2428 - 1485264

changed in v67.0:

• pref("dom.popup_allowed_events", "change click dblclick mouseup pointerup notificationclick reset submit touchend contextmenu"); // prev: "change click dblclick mouseup pointerup notificationclick reset submit touchend" 2212 - e3349d0
• pref("media.autoplay.default", 1); // prev: 0 2030 - 6f76a9b
• pref("browser.sessionstore.max_tabs_undo", 25); // prev: 10 1020
• pref("extensions.webextensions.restrictedDomains", "blahblah"); // prev: "blahblah,testpilot.firefox.com" 2662

---

ignore

click me for details

==NEW

pref("app.update.log.file", false);
pref("apz.pinch_lock.buffer_max_age", "50");
pref("browser.contentblocking.cryptomining.preferences.ui.enabled", true);
pref("browser.contentblocking.fingerprinting.preferences.ui.enabled", true);
pref("browser.contentblocking.introDelaySeconds", 1800);
pref("browser.measurement.render_anims_and_video_solid", false);
pref("browser.newtabpage.activity-stream.darkModeMessage", false);
pref("browser.newtabpage.activity-stream.discoverystream.endpoints", "https://getpocket.cdn.mozilla.net/");
pref("browser.newtabpage.activity-stream.discoverystream.optOut.0", false);
pref("browser.newtabpage.activity-stream.discoverystream.rec.impressions", "{}");
pref("browser.newtabpage.activity-stream.discoverystream.spoc.impressions", "{}");
pref("browser.newtabpage.activity-stream.telemetry.structuredIngestion", false);
pref("browser.newtabpage.activity-stream.telemetry.structuredIngestion.endpoint", "https://incoming.telemetry.mozilla.org/submit/activity-stream");
pref("browser.tabs.remote.useCrossOriginOpenerPolicy", false);
pref("browser.tabs.remote.useCrossOriginPolicy", false);
pref("browser.tabs.remote.useHTTPResponseProcessSelection", false);
pref("browser.tabs.unloadOnLowMemory", true);
pref("browser.toolbars.keyboard_navigation", true);
pref("devtools.debugger.map-scopes-enabled", false);
pref("devtools.debugger.ui.editor-wrapping", false);
pref("devtools.layout.boxmodel.highlightProperty", false);
pref("devtools.markup.beautifyOnCopy", false);
pref("devtools.netmonitor.columnsData", "[{\"name\":\"status\",\"minWidth\":30,\"width\":5}, {\"name\":\"method\",\"minWidth\":30,\"width\":5}, {\"name\":\"domain\",\"minWidth\":30,\"width\":10}, {\"name\":\"file\",\"minWidth\":30,\"width\":25}, {\"name\":\"cause\",\"minWidth\":30,\"width\":10},{\"name\":\"type\",\"minWidth\":30,\"width\":5},{\"name\":\"transferred\",\"minWidth\":30,\"width\":10},{\"name\":\"contentSize\",\"minWidth\":30,\"width\":5},{\"name\":\"waterfall\",\"minWidth\":150,\"width\":25}]");
pref("devtools.netmonitor.features.resizeColumns", true);
pref("devtools.netmonitor.response.ui.limit", 10240);
pref("devtools.performance.recording.objdirs", "[]");
pref("devtools.webconsole.groupWarningMessages", false);
pref("dom.inputevent.data.enabled", true);
pref("dom.inputevent.datatransfer.enabled", true);
pref("dom.prototype_document_cache.enabled", true);
pref("dom.storage.client_validation", true);
pref("dom.storage_access.auto_grants.delayed", true);
pref("dom.w3c_touch_events.legacy_apis.enabled", false);
pref("dom.webnotifications.requireuserinteraction", false);
pref("dom.worker.use_medium_high_event_queue", true);
pref("extensions.htmlaboutaddons.enabled", false);
pref("features.normandy-remote-settings.enabled", false);
  // ^^ https://mozilla.github.io/normandy/dev/remote-settings.html#client-side
  // ^^ we already disable normandy
pref("fission.frontend.simulate-events", false);
pref("fission.frontend.simulate-messages", false);
pref("gfx.webrender.debug.small-screen", false);
pref("gl.allow-high-power", true);
pref("identity.fxaccounts.pairing.enabled", true);
pref("identity.fxaccounts.remote.pairing.uri", "wss://channelserver.services.mozilla.com");
pref("identity.fxaccounts.toolbar.accessed", false);
pref("identity.fxaccounts.toolbar.enabled", true);
pref("javascript.options.experimental.fields", false);
pref("javascript.options.ion.full.threshold", 100000);
pref("layout.css.scroll-snap-v1.enabled", false);
pref("layout.cursor.block.enabled", true);
pref("layout.cursor.block.max-size", 32);
pref("layout.lower_priority_refresh_driver_during_load", true);
pref("media.gmp-gmpopenh264.visible", true);
pref("media.rdd-vorbis.enabled", false);
pref("media.wmf.low-latency.force-disabled", false);
pref("medium_high_event_queue.enabled", true);
pref("network.cookieSettings.unblocked_for_testing", false);
pref("network.http.referer.defaultPolicy.trackers", 3);
pref("network.http.referer.defaultPolicy.trackers.pbmode", 2);
pref("network.protocol-handler.external.res", false);
pref("network.proxy.allow_hijacking_localhost", false);
pref("pdfjs.viewOnLoad", 0);
pref("permissions.desktop-notification.postPrompt.enabled", false);
pref("permissions.eventTelemetry.enabled", false);
  // ^^ https://bugzilla.mozilla.org/show_bug.cgi?id=1536454
  // ^^ we already disable telemetry, the above is a one-off pref to grab some geo +notifications data
pref("permissions.postPrompt.animate", true);
  // ^^ already controlled by master anim pref
pref("prio.enabled", false);
  // ^^ skips Prio telemetry tests if false for anyone who cares
pref("privacy.documentCookies.maxage", 0);
pref("privacy.resistFingerprinting.jsmloglevel", "Warn");
pref("privacy.trackingprotection.cryptomining.annotate.enabled", false);
pref("privacy.trackingprotection.fingerprinting.annotate.enabled", false);
pref("security.block_importScripts_with_wrong_mime", true);
pref("security.certerrors.mitm.auto_enable_enterprise_roots", false);
pref("security.certerrors.mitm.priming.enabled", true);
pref("security.certerrors.mitm.priming.endpoint", "https://mitmdetection.services.mozilla.com/");
pref("security.remote_settings.intermediates.downloads_per_poll", 100);
pref("security.sandbox.rdd.win32k-disable", true);
pref("services.common.uptake.sampleRate", 1);
pref("services.sync.prefs.sync.media.autoplay.default", true);
pref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.annotate.enabled", true);
pref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.enabled", true);
pref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.annotate.enabled", true);
pref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.enabled", true);
pref("signon.autofillForms.autocompleteOff", true);
pref("signon.privateBrowsingCapture.enabled", true);
pref("signon.showAutoCompleteFooter", true);
pref("toolkit.lazyHiddenWindow", true);
pref("trailhead.firstrun.branches", "control");
pref("webgl.default-low-power", false);

==REMOVED or HIDDEN

pref("app.normandy.remotesettings.enabled", false);
pref("browser.cache.disk.smart_size.first_run", true);
pref("browser.cache.disk.smart_size.use_old_max", true);
pref("browser.fission.simulate", false);
pref("browser.newtabpage.activity-stream.feeds.migration", true);
pref("browser.newtabpage.activity-stream.migrationExpired", false);
pref("browser.newtabpage.activity-stream.migrationLastShownDate", 0);
pref("browser.newtabpage.activity-stream.migrationRemainingDays", 4);
pref("devtools.browserconsole.ui.filterbar", false);
pref("devtools.canvasdebugger.enabled", false);
pref("devtools.debugger.features.pause-points", true);
pref("devtools.flexboxinspector.enabled", true);
pref("devtools.inspector.changes.enabled", true);
pref("devtools.inspector.flexboxHighlighter.enabled", true);
pref("devtools.inspector.fonthighlighter.enabled", true);
pref("devtools.inspector.scrollable-badges.enabled", false);
pref("devtools.inspector.shapesHighlighter.enabled", true);
pref("devtools.shadereditor.enabled", false);
pref("devtools.webaudioeditor.enabled", false);
pref("devtools.webaudioeditor.inspectorWidth", 300);
pref("devtools.webconsole.ui.filterbar", false);
pref("dom.clearSiteData.enabled", true);
pref("dom.idle-observers-api.fuzz_time.disabled", true);
pref("dom.performance.enable_scheduler_timing", true);
pref("dom.push.alwaysConnect", false);
pref("dom.select_popup_in_content.enabled", false);
pref("dom.ua_widget.enabled", true);
pref("extensions.geckoProfiler.getSymbolRules", "localBreakpad,dump_syms.exe");
pref("gfx.canvas.skiagl.dynamic-cache", true);
pref("media.wmf.vp9.enabled", true);
pref("network.cookie.leave-secure-alone", true);
pref("pdfjs.disableOpenActionDestination", true);
pref("pdfjs.disablePageMode", false);
pref("pdfjs.showPreviousViewOnLoad", true);
pref("privacy.permissionPrompts.showCloseButton", false);

==CHANGED

pref("browser.dictionaries.download.url", "https://addons.mozilla.org/%LOCALE%/firefox/language-tools/"); // prev: "https://addons.mozilla.org/%LOCALE%/firefox/dictionaries/"
pref("browser.newtabpage.activity-stream.asrouter.providers.cfr", "{\"id\":\"cfr\",\"enabled\":true,\"type\":\"local\",\"localProvider\":\"CFRMessageProvider\",\"frequency\":{\"custom\":[{\"period\":\"daily\",\"cap\":1}]},\"categories\":[\"cfrAddons\",\"cfrFeatures\"]}"); // prev: "{\"id\":\"cfr\",\"enabled\":true,\"type\":\"local\",\"localProvider\":\"CFRMessageProvider\",\"frequency\":{\"custom\":[{\"period\":\"daily\",\"cap\":1}]}}"
pref("browser.newtabpage.activity-stream.discoverystream.config", "{\"api_key_pref\":\"extensions.pocket.oAuthConsumerKey\",\"enabled\":false,\"show_spocs\":false,\"layout_endpoint\":\"https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic\"}"); // prev: "{\"api_key_pref\":\"extensions.pocket.oAuthConsumerKey\",\"enabled\":false,\"show_spocs\":true,\"layout_endpoint\":\"https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic\"}"
pref("devtools.debugger.features.column-breakpoints", true); // prev: false
pref("devtools.debugger.features.log-points", true); // prev: false
pref("devtools.debugger.features.windowless-workers", true); // prev: false
pref("devtools.performance.recording.ui-base-url", "https://profiler.firefox.com"); // prev: "https://perf-html.io"
pref("dom.block_external_protocol_in_iframes", true); // prev: false
pref("dom.keyboardevent.keypress.hack.dispatch_non_printable_keys", "www.icloud.com"); // prev: ""
pref("dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode", "*.collabserv.com,*.gov.online.office365.us,*.officeapps-df.live.com,*.officeapps.live.com,*.online.office.de,*.partner.officewebapps.cn,*.scniris.com"); // prev: ""
pref("image.cache.max-rasterized-svg-threshold-kb", 204800); // prev: 92160
pref("javascript.options.dynamicImport", true); // prev: false
pref("layers.shared-buffer-provider.enabled", true); // prev: false
pref("media.av1.use-dav1d", true); // prev: false
pref("network.proxy.no_proxies_on", ""); // prev: "localhost, 127.0.0.1"
pref("pdfjs.scrollModeOnLoad", -1); // prev: 0
pref("pdfjs.sidebarViewOnLoad", -1); // prev: 0
pref("pdfjs.spreadModeOnLoad", -1); // prev: 0
pref("security.webauth.u2f", true); // prev: false
pref("urlclassifier.disallow_completions", "goog-downloadwhite-digest256,base-track-digest256,mozstd-trackwhite-digest256,content-track-digest256,mozplugin-block-digest256,mozplugin2-block-digest256,block-flash-digest256,except-flash-digest256,allow-flashallow-digest256,except-flashallow-digest256,block-flashsubdoc-digest256,except-flashsubdoc-digest256,goog-passwordwhite-proto,ads-track-digest256,social-track-digest256,analytics-track-digest256,base-fingerprinting-track-digest256,content-fingerprinting-track-digest256,base-cryptomining-track-digest256,content-cryptomining-track-digest256,fanboyannoyance-ads-digest256,fanboysocial-ads-digest256,easylist-ads-digest256,easyprivacy-ads-digest256,adguard-ads-digest256"); // prev: "test-malware-simple,test-harmful-simple,test-phish-simple,test-unwanted-simple,test-track-simple,test-trackwhite-simple,test-block-simple,goog-downloadwhite-digest256,base-track-digest256,mozstd-trackwhite-digest256,content-track-digest256,mozplugin-block-digest256,mozplugin2-block-digest256,block-flash-digest256,except-flash-digest256,allow-flashallow-digest256,except-flashallow-digest256,block-flashsubdoc-digest256,except-flashsubdoc-digest256,goog-passwordwhite-proto,ads-track-digest256,social-track-digest256,analytics-track-digest256,base-fingerprinting-track-digest256,content-fingerprinting-track-digest256,base-cryptomining-track-digest256,content-cryptomining-track-digest256,fanboyannoyance-ads-digest256,fanboysocial-ads-digest256,easylist-ads-digest256,easyprivacy-ads-digest256,adguard-ads-digest256"

[earthlng]

some bugzilla tickets

• app.normandy.remotesettings.enabled
  Bug 1519276 - Use Feature Gates for Remote Settings integration
  Bug 1506175 - Fetch recipes from Remote Settings

• app.update.log.file
  Bug 1526475 - Add file logging to the updater

• apz.pinch_lock.buffer_max_age
  Bug 1451461 - Make pinch locking unaffected by input sensitivity.

• browser.aboutConfig.showWarning
  Bug 1500542 - Added ability to disable the disclaimer page of the new about:config.

• browser.cache.disk.smart_size.first_run
  Bug 1455723 - Firefox59 does not properly honor cache size set in autoconfig files,

• browser.cache.disk.smart_size.use_old_max
  Bug 1455723 - Firefox59 does not properly honor cache size set in autoconfig files,

• browser.contentblocking.cryptomining.preferences.ui.enabled
  Bug 1527917 - Enable cryptomining and fingerprinting blocking options in about:preferences.
  Bug 1522567 - Add cryptomining and fingerprinting protection options to custom content blocking preferences.

• browser.contentblocking.fingerprinting.preferences.ui.enabled
  Bug 1527917 - Enable cryptomining and fingerprinting blocking options in about:preferences.
  Bug 1522567 - Add cryptomining and fingerprinting protection options to custom content blocking preferences.

• browser.dictionaries.download.url
  Bug 1532208 - Update Add Dictionary Link in right click context menu.

• browser.fission.simulate
  Bug 1533467 - Rename the browser.fission.simulate pref.

• browser.measurement.render_anims_and_video_solid
  Bug 1525320: Add config prefs that let us tell media and animated images to paint only the first frame

• browser.newtabpage.activity-stream.asrouter.providers.cfr
  Bug 1528953 - Add pref to opt out of recommended features
  Bug 1499110 - Make CFR/ASR preferences compatible with roll-outs

• browser.newtabpage.activity-stream.asrouter.userprefs.cfr
  Bug 1528953 - Add pref to opt out of recommended features

• browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons
  Bug 1528953 - Add pref to opt out of recommended features

• browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features
  Bug 1528953 - Add pref to opt out of recommended features

• browser.sessionstore.max_tabs_undo
  Bug 1135303 - Don't warn when closing multiple tabs if sessionstore can undo close the requested amount of tabs.

• browser.tabs.remote.useCrossOriginOpenerPolicy
  Bug 1529004 - Add browser.tabs.remote.useCrossOriginOpenerPolicy to all.js

• browser.tabs.remote.useHTTPResponseProcessSelection
  Bug 1528360 - Enable httpResponseProcessSelection by default
  Bug 1522637 - Part 6: Enable httpResponseProcessSelection by default,

• browser.tabs.unloadOnLowMemory
  Bug 1533698 - Enable tab unloading in low-memory scenarios on beta too
  Bug 675539 - Unload tabs in low-memory scenarios

• browser.toolbars.keyboard_navigation
  Bug 1506510 - add keyboard focus styling for toolbar/urlbar buttons.
  Bug 1436086: Implement keyboard navigation for the main and Bookmarks toolbars.

• devtools.browserconsole.ui.filterbar
  Bug 1523861 - Remove toggle filter button and always show the filter buttons toolbar.

• devtools.canvasdebugger.enabled
  Bug 1403938 - remove Canvas Debugger client;

• devtools.flexboxinspector.enabled
  Bug 1526465 - Remove devtools.inspector.flexboxHighlighter.enabled and devtools.flexboxinspector.enabled prefs.
  Bug 1509908 - Enabling the flexbox tools on all channels;

• devtools.inspector.changes.enabled
  Bug 1529379 - Remove devtools.inspector.changes.enabled pref.
  Bug 1491887 - Enable tracking CSS changes and the Changes panel for all release channels;

• devtools.inspector.flexboxHighlighter.enabled
  Bug 1526465 - Remove devtools.inspector.flexboxHighlighter.enabled and devtools.flexboxinspector.enabled prefs.
  Bug 1509908 - Enabling the flexbox tools on all channels;

• devtools.inspector.fonthighlighter.enabled
  Bug 1529468 - Remove devtools.inspector.fonthighlighter.enabled pref.
  Bug 1486720 - Enable font highlighter.
  Bug 1440855 - New font text-run highlighter used from the font inspector;r=gl

• devtools.inspector.scrollable-badges.enabled
  Bug 1528181 - Enable the scrollable badge for good;
  Bug 1523543 - Enable the scrollable markup-badge in nightly;
  Bug 1521776 - Add new scrollable markup badges;

• devtools.inspector.shapesHighlighter.enabled
  Bug 1526591 - Remove devtools.inspector.shapesHighlighter.enabled pref.

• devtools.layout.boxmodel.highlightProperty
  Bug 1493677 - Link box-model values to their source CSS rules.

• devtools.markup.beautifyOnCopy
  Bug 1363990 - New pref to beautify HTML code when copying from the inspector;

• devtools.netmonitor.columnsData
  Bug 1358414 - Introduce column resizer in request list;

• devtools.netmonitor.features.resizeColumns
  Bug 1358414 - Introduce column resizer in request list;

• devtools.netmonitor.response.ui.limit
  Bug 1498565 - Getting Firefox to stop freezing when large file is loaded in Response tab

• devtools.performance.recording.objdirs
  Bug 1504101 - Add UI to the performance pane that lets the user pick an objdir for local builds.

• devtools.performance.recording.ui-base-url
  Bug 1525358 - Rename perf.html to profiler.firefox.com;
  Bug 1480593 - Allow setting a different instance of perf.html for the new performance panel, using a pref

• devtools.shadereditor.enabled
  Bug 1342237 - remove Shader Editor Panel;

• devtools.webaudioeditor.enabled
  Bug 1403944 - Remove Web Audio Editor front and panel;

• devtools.webaudioeditor.inspectorWidth
  Bug 1403944 - Remove Web Audio Editor front and panel;

• devtools.webconsole.groupWarningMessages
  Bug 1525613 - Create a preference to enable message grouping in the console.

• devtools.webconsole.ui.filterbar
  Bug 1523861 - Remove toggle filter button and always show the filter buttons toolbar.

• dom.block_external_protocol_in_iframes
  Bug 1522181 - multiple external protocol URL blocker behind pref,

• dom.clearSiteData.enabled
  Bug 1488957 - Get rid of dom.clearSiteData.enabled pref,

• dom.event.highrestimestamp.enabled
  Bug 1485264 - Removed dom.event.highrestimestamp.enabled pref

• dom.idle-observers-api.fuzz_time.disabled
  Bug 1532351. Remove idle observer API on navigator.

• dom.inputevent.data.enabled
  Bug 998941 - part 1-1: Implement InputEvent.data of UI Events

• dom.inputevent.datatransfer.enabled
  Bug 998941 - part 2-1: Implement InputEvent.dataTransfer declared by Input Events

• dom.keyboardevent.keypress.hack.dispatch_non_printable_keys
  Bug 1538966 - Beta/Release - Use legacy keyCode and charCode for sites with known issues.

• dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode
  Bug 1539618 - Remove superfluous dot from use_legacy_keycode_and_charcode pref.
  Bug 1538970 - Add IBM domains as wildcard exceptions for legacy keyCode and charCode.
  Bug 1538966 - Beta/Release - Use legacy keyCode and charCode for sites with known issues.
  Bug 1510111 - Remove www.rememberthemilk.com from the blacklist of keyCode/charCode mirroring of keypress events
  Bug 1502795 - Set keyCode or charCode of keypress event whose value is zero to the other's non-zero value by default again unless dispatched on known broken web apps

• dom.popup_allowed_events
  Bug 433274 - Allow popups from context menu events,

• dom.prototype_document_cache.enabled
  Bug 1527977 - Share XUL prototype cache with XUL and XHTML.

• dom.push.alwaysConnect
  Bug 1524655 - Remove dom.push.alwaysConnect and connect unconditionally.

• dom.select_popup_in_content.enabled
  Bug 1528098 - Remove content-select code.

• dom.storage.client_validation
  Bug 1517089 - Part 14: Use ClientManagerService for client validation;

• dom.storage_access.auto_grants.delayed
  Bug 1531538 - Delay resolving the promise returned from requestStorageAccess when the automatic storage access grants are invoked;

• dom.targetBlankNoOpener.enabled
  Bug 1503681 - rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set,

• dom.ua_widget.enabled
  Bug 1507895 - Part V, Remove dom.ua_widget.enabled pref

• dom.w3c_touch_events.legacy_apis.enabled
  Bug 1412485, disable legacy touch APIs on desktop,

• dom.webnotifications.allowinsecure
  Bug 1429432 - Require Secure Context for Notifications.

• dom.worker.use_medium_high_event_queue
  Bug 1522316, use medium high priority queue for worker->main thread control messages,

• extensions.allowPrivateBrowsingByDefault
  Bug 1511636: update incognito support to use pref and permissions

• extensions.geckoProfiler.getSymbolRules
  Bug 1509549 - Use ProfilerGetSymbols for geckoProfiler WebExtension symbolication and remove all other sources of symbolication.

• extensions.htmlaboutaddons.enabled
  Bug 1514316 - Basic HTML list view for about:addons behind a pref

• extensions.webextensions.restrictedDomains
  Bug 1523980 Revoke special testpilot permissions

• features.normandy-remote-settings.enabled
  Bug 1519276 - Use Feature Gates for Remote Settings integration

• fission.frontend.simulate-events
  Bug 1533467 - Rename the browser.fission.simulate pref.

• fission.frontend.simulate-messages
  Bug 1533467 - Rename the browser.fission.simulate pref.

• gfx.canvas.skiagl.dynamic-cache
  Bug 1530471 - remove prefs for related to SkiaGL canvas

• gfx.webrender.debug.small-screen
  Bug 1531196 - Add a "small-screen" debug pref to shrink the overlay a bit.

• gl.allow-high-power
  Bug 1523728 - Add gl.allow-high-power:true, webgl.default-low-power:false.

• identity.fxaccounts.pairing.enabled
  Bug 1539211 - Enable the Firefox Accounts pairing preference.
  Bug 1490671 - Add FxA device pairing.

• identity.fxaccounts.remote.pairing.uri
  Bug 1490671 - Add FxA device pairing.

• identity.fxaccounts.toolbar.accessed
  Bug 1524665 - Add FxA avatar toolbar menu,

• identity.fxaccounts.toolbar.enabled
  Bug 1524665 - Add FxA avatar toolbar menu,

• javascript.options.dynamicImport
  Bug 1517546 - Enable dyanmic module import by default
  Bug 1522491 - Enable dynamic module import on nightly builds only
  Bug 1342012 - Initial browser support for dynamic import from module scripts

• javascript.options.experimental.fields
  Bug 1529758 - Add a pref for fields.

• javascript.options.ion.full.threshold
  Bug 1382650 part 4 - Split Ion warmup threshold JitOption in 'normal' and 'full' options.

• layers.shared-buffer-provider.enabled
  Bug 1531417 - enable shared buffer provider for software canvas on all platforms.

• layout.css.scroll-snap-v1.enabled
  Bug 1528639 - Implement scroll-margin parser and serializer.

• layout.cursor.block.enabled
  Bug 1445844 - Add a pref to block large custom cursors outside of the viewport's bounds.

• layout.cursor.block.max-size
  Bug 1445844 - Add a pref to block large custom cursors outside of the viewport's bounds.

• layout.dynamic-reflow-roots.enabled
  Bug 1510369 part 3: Add about:config pref 'layout.dynamic-reflow-roots.enabled' (enabled by default).

• layout.lower_priority_refresh_driver_during_load
  Bug 1506949, use idle queue for RefreshDriver tick betweek fcp and load,

• media.av1.use-dav1d
  Bug 1536538 - Enable libdav1d on Linux on beta.
  Bug 1534814 - pref on rdd and av1 for linux.
  Bug 1535038 - Make dav1d the default AV1 decoder in OSX.
  Bug 1533742 - Flip dav1d pref to on for windows.
  Bug 1493400 - Implement platform decoder for dav1d.

• media.gmp-gmpopenh264.enabled
  Bug 1527811 - Hide OpenH264 by default on Windows on ARM.

• media.gmp-gmpopenh264.visible
  Bug 1527811 - Hide OpenH264 by default on Windows on ARM.

• media.rdd-vorbis.enabled
  Bug 1500596 - pt3 - Add remote audio decoding for Vorbis.

• media.wmf.low-latency.force-disabled
  Bug 1305340 - Enable low-latency decoding on Windows 10 and later.

• medium_high_event_queue.enabled
  Bug 1524006 - Add a medium-high priority queue between high and normal,

• network.cookie.leave-secure-alone
  Bug 1526214 - Get rid of network.cookie.leave-secure-alone,

• network.cookieSettings.unblocked_for_testing
  Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 1 - information stored into loadInfo,

• network.http.referer.defaultPolicy.trackers
  Bug 1530076 - Part 1: Add support for modifying the default referrer policy that is applied to third-party trackers when the cookie policy is set to reject third-party trackers;

• network.http.referer.defaultPolicy.trackers.pbmode
  Bug 1530076 - Part 1: Add support for modifying the default referrer policy that is applied to third-party trackers when the cookie policy is set to reject third-party trackers;

• network.proxy.allow_hijacking_localhost
  Bug 1507110 - Allow hijacking localhost only if network.proxy.allow_hijacking_localhost is set

• network.proxy.no_proxies_on
  Bug 1507110 - Allow hijacking localhost only if network.proxy.allow_hijacking_localhost is set

• privacy.documentCookies.maxage
  Bug 1529836 - Part 1: Add support for capping the maximum life-time of client-side cookies;

• privacy.permissionPrompts.showCloseButton
  Bug 1479335 - Remove permissions close button

• privacy.resistFingerprinting.jsmloglevel
  Bug 1407366 - Part 4: Adding a test case for testing letterboxing.

• privacy.trackingprotection.cryptomining.annotate.enabled
  Bug 1533074 - Implement Fingerprinting and Cryptomining annotation features - Part 3 - Cryptomining-annotation,

• privacy.trackingprotection.fingerprinting.annotate.enabled
  Bug 1533074 - Implement Fingerprinting and Cryptomining annotation features - Part 2 - Fingerprinting-annotation,

• security.block_importScripts_with_wrong_mime
  Bug 1514680 - Strictly enforce the MIME type of scripts loaded by importScripts().

• security.certerrors.mitm.auto_enable_enterprise_roots
  Bug 1529643 - Implement MitM priming on certificate error pages.

• security.certerrors.mitm.priming.enabled
  Bug 1529643 - Implement MitM priming on certificate error pages.

• security.certerrors.mitm.priming.endpoint
  Bug 1529643 - Implement MitM priming on certificate error pages.

• security.remote_settings.intermediates.downloads_per_poll
  Bug 1404934 - Wire-up Intermediate Preloading

• security.sandbox.rdd.win32k-disable
  Bug 1511438 Part 2: Enable win32k lockdown on RDD process.

• security.webauth.u2f
  Bug 1539541 - Enable FIDO U2F API, and permit registrations for Google Accounts
  Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler,

• services.common.uptake.sampleRate
  Bug 1535962: Introduce a sample rate for reporting uptake telemetry events

• services.sync.prefs.sync.media.autoplay.default
  Bug 1526945 - Sync Block websites from automatically playing sound option

• services.sync.prefs.sync.privacy.trackingprotection.cryptomining.annotate.enabled
  Bug 1533074 - Implement Fingerprinting and Cryptomining annotation features - Part 3 - Cryptomining-annotation,

• services.sync.prefs.sync.privacy.trackingprotection.cryptomining.enabled
  Bug 1529560 - Sync new options of blocking Cryptominers and Fingerprinters

• services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.annotate.enabled
  Bug 1533074 - Implement Fingerprinting and Cryptomining annotation features - Part 2 - Fingerprinting-annotation,

• services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.enabled
  Bug 1529560 - Sync new options of blocking Cryptominers and Fingerprinters

• signon.autofillForms.autocompleteOff
  Bug 1531135 - Honor autocomplete=off on password when signon.autofillForms.autocompleteOff is false.

• signon.privateBrowsingCapture.enabled
  Bug 1520960 - Allow login capture from form submissions in private browsing when pref'd on.

• signon.showAutoCompleteFooter
  Bug 1189618 - Add a 'View Saved Logins' footer to the password manager autocomplete popup.
  Bug 1534442 - Turn on the signon.showAutoCompleteFooter pref.
  Bug 1530029 - Turn on the signon.showAutoCompleteFooter pref.

• toolkit.lazyHiddenWindow
  Bug 827976 - Create the hidden window lazily on non-Mac platforms.

• ui.use_standins_for_native_colors
  Bug 1485266 - Use stand-ins for native colors when RFP is enabled

• urlclassifier.disallow_completions
  Bug 1329349 - Remove test lists from urlclassifier.disallow_completions.
  Bug 1517641 - [2.0] Rename blocklist names to use a three-part naming scheme.
  Bug 1517641 - [1.0] Add experimental ad-blocking category to the Tracking Protection API.
  Bug 1513490 - Support update cryptomining and fingerprinting list in SafeBrowsing.
  Bug 1519660 - Remove flash info bar from SafeBrowsing list.
  Bug 1509555 - Part 2: Remove the core fastblock code

• webgl.default-low-power
  Bug 1523728 - Add gl.allow-high-power:true, webgl.default-low-power:false.

[Atavic]

While looking at https://bugzilla.mozilla.org/show_bug.cgi?id=1519276 I got #688

You can check your DateTime on https://classify-client.services.mozilla.com/api/v1/classify_client/?format=json

[earthlng]

When the preference is set to true, the extensions are enabled by default in private windows.
When the preference is set to false, the extensions are not enabled by default in private windows.

Regardless of this pref, all already installed extensions at the time of updating to 67 will remain to be allowed in private windows unless you go in and toggle them to off.

I tested this by setting to true and opening a PB window, and sure enough all extension icons were removed

true = allow in private browsing. It sounds like your testing suggests that the pref is doing the opposite of what it's supposed to do!? Are you sure you tested correctly?

[earthlng]

dumped a load of items in ignore, feel free to scrutinize

the 3 security.certerrors.mitm.* might be worth considering since it's an outgoing connection that some people might not want

[earthlng]

67.0 changes since 67.0b18

new

pref("browser.contentblocking.introDelaySeconds", 1800);
pref("browser.tabs.remote.useHTTPResponseProcessSelection", false); // "new" with value true in 67.0b18
pref("network.protocol-handler.external.res", false);
pref("trailhead.firstrun.branches", "control");

removed, renamed or hidden

pref("browser.newtabpage.activity-stream.feeds.migration", true);
pref("browser.newtabpage.activity-stream.migrationExpired", false);
pref("browser.newtabpage.activity-stream.migrationLastShownDate", 0);
pref("browser.newtabpage.activity-stream.migrationRemainingDays", 4);
pref("dom.performance.enable_scheduler_timing", true);
pref("media.wmf.vp9.enabled", true);

changed

pref("app.releaseNotesURL", "https://www.mozilla.org/%LOCALE%/firefox/%VERSION%beta/releasenotes/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=whatsnew"); // prev: "https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=whatsnew"
pref("app.update.channel", "beta"); // prev: "release"
pref("app.update.url.details", "https://www.mozilla.org/%LOCALE%/firefox/beta/notes"); // prev: "https://www.mozilla.org/%LOCALE%/firefox/notes"
pref("app.update.url.manual", "https://www.mozilla.org/firefox/beta"); // prev: "https://www.mozilla.org/firefox/"
pref("extensions.webcompat-reporter.enabled", true); // prev: false
pref("toolkit.telemetry.enabled", true); // prev: false

EDIT : updated 1st post

[Thorin-Oakenpants]

Here's whats left. At this stage IDK if there's necessarily anything else that needs to be added. @earthlng what are your thoughts

I never know what to do with AS shit. These are false, so I think we can just ignore them

pref("browser.newtabpage.activity-stream.discoverystream.endpoints", "https://getpocket.cdn.mozilla.net/");
pref("browser.newtabpage.activity-stream.discoverystream.optOut.0", false);
pref("browser.newtabpage.activity-stream.telemetry.structuredIngestion", false);
pref("browser.newtabpage.activity-stream.telemetry.structuredIngestion.endpoint", "https://incoming.telemetry.mozilla.org/submit/activity-stream");

IDK what this all means, IDK if false is good or bad. Also keep in mind that a lot of things like this are off when first introduced (see more examples below) and get flipped in tests or when ready. If it's not that important, then maybe not worth adding? - @earthlng

pref("browser.tabs.remote.useCrossOriginOpenerPolicy", false);
  // https://bugzilla.mozilla.org/show_bug.cgi?id=1529004
pref("browser.tabs.remote.useCrossOriginPolicy", false);

IDK WTF this is

pref("browser.tabs.remote.useHTTPResponseProcessSelection", false);
  // https://bugzilla.mozilla.org/show_bug.cgi?id=1528360
  // https://bugzilla.mozilla.org/show_bug.cgi?id=1522637

These look cool. Note that we have SW's disabled. And that Mozilla will enable these soon. So again, IDK if it's worth adding.

pref("dom.webnotifications.requireuserinteraction", false);
pref("permissions.desktop-notification.postPrompt.enabled", false);
  // add these inactive true?
  // the first blocks WN until you have interacted with the site
  // the second, 99% sure, adds an icon in the urlbar to visually alert you, and so you can click it to change the WN permission (for that site)
  // test: https://www.bennish.net/web-notifications.html

Again. We clear cookies on close, or users use an extension (suckers!), or block them outright (like a ninja master). This will get changed when they play with it in studies. Might be ok to add inactive as a FYI?

pref("privacy.documentCookies.maxage", 0);
  // https://bugzilla.mozilla.org/show_bug.cgi?id=1529836

Not looked at yet

pref("signon.autofillForms.autocompleteOff", true);

Could maybe add this as a FYI to the passport section. Allows saving of pw's when in PB mode.

pref("signon.privateBrowsingCapture.enabled", true);

[ghost]

the first blocks WN until you have interacted with the site

Note that we have SW's disabled

WN = Web Notifications ...
SW = ? ...

I know you're doing a great job and handle settings so frequently that acronyms become obvious, but for those who wish to learn maybe having the full denomination rather than the acronym would help....

[claustromaniac]

SW = ? ...

Service Workers. We might need to add a section to the wiki just for acronyms at this point... 😹

[Thorin-Oakenpants]

I just watched Captain Marvel .. i know what u are now 🐈

[ghost]

Service Workers, OK I remember/know that.
I've been off for some from following user.js's development (though updating), have so many other things in mind, brains certainly not as zealous as 20 years ago, that I sort of forget letter links so to say. Forget, but others may just don't know them even if they know the full name...

Anyway, thanks @claustromaniac

[earthlng]

I never know what to do with AS shit. These are false, so I think we can just ignore them

Yes I think that's fine, because browser.newtabpage.activity-stream.feeds.discoverystreamfeed and browser.newtabpage.activity-stream.feeds.telemetry should kill that stuff early on anyway.

• browser.tabs.remote.useCrossOrigin* is probably not ready to use yet. Best to ignore for now, IMO. (not even enabled in nightly either atm)

• useHTTPResponseProcessSelection - not sure exactly what this is all about but probably best to wait until they enable it by default.

• webnotifications - afaik we disable that shit anyway but maybe you changed that, idk. Frankly I don't understand what you're doing anymore. You removed so much useful stuff that my file is now so very different from the master that I don't even bother to sync the changes anymore.

(privacy.documentCookies.maxage) Might be ok to add inactive as a FYI?

yes. Could be handy for people who don't clear cookies on shutdown

• signon.autofillForms.autocompleteOff - title of the ticket is "Honor autocomplete=off on password when signon.autofillForms.autocompleteOff is false." but we already disable signon autofills with 0905 so I don't think this matters at all.

• privateBrowsingCapture - again, you removed so much FYI stuff that I don't know why you'd include one but remove others. Up to you. IMO it's totally unnecessary to FYI this because it simply allows to save logins in PB windows but people can still choose not to save them. So why disable it? IDK

[Thorin-Oakenpants]

Frankly I don't understand what you're doing anymore

When or if you do the changelog, you'll see that the effective difference to your browser is almost nothing. Almost everything that was removed was already covered by another active pref, or was already at default, or was inactive (the SB ones are three ticks in the UI, sorry for the loss of that info). Once you ignore all those changes, then not much was actually changed.

The few things that were changed, stemmed from all the things that people found troublesome, or overrode (not everything was changed, just revisited). They changed because they don't make sense any more (it's still a template). It's really not that much.

You removed so much useful stuff that my file is now so very different from the master that I don't even bother to sync the changes anymore

Well, I hope you do get back in sync. Nothing of any real importance was lost. Anything from changelog that you feel strongly about, can always be put back.

changes

The password one was just a suggestion - inactive for those who wanted to keep the status quo as the old PB mode, but you're right, it's just extra crap. Users have to tick "ask to save passwords" for starters (options UI). And then when using passwords FF prompts to save them. And it would still do the same in PB mode (default true on the new pref).

Web Notifications: we disable Service Workers only. That's all that is needed to stop SW and Web Notifications and Push. I was just suggesting maybe adding the two WN prefs for those who want SW+WN but could then limit them. But TBH, I really can't see the point: as I said earlier: these will get flipped when ready. It's these sort of entries that just end up being the items we end up removing down the track as dead wood, matching default.

Thanks for your thoughts on the others

[Thorin-Oakenpants]

@earthlng close this when you want me to do a release, thanks

[earthlng]

^^ see my comment here. Other than that I think we're done here. Feel free to close and do a release. Thanks mate