ToDo: diffs FF76-FF77

[earthlng]

FF77 is scheduled for release June 2nd

FF77 release notes [when ready]
FF77 for developers
FF77 compatibility
FF77 security advisories

---

109 diffs ( 58 new, 33 gone, 18 different )

new in v77.0:

• pref("dom.security.https_only_mode.upgrade_local", false); - f69d92e

removed, renamed or hidden in v77.0:

ALL DONE - f6e6de8

• 0850e pref("browser.urlbar.oneOffSearches", true); - 1628926
• 2605 pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); - 1603007

changed in v77.0:

• FYI: re: link history timing attacks
  • pref("layout.css.always-repaint-on-unvisited", true); // prev: false
  • pref("layout.css.notify-of-unvisited", true); // prev: false

---

ignore

click me for details

==NEW

pref("accessibility.ARIAReflection.enabled", false);
pref("apz.windows.force_disable_direct_manipulation", true);
pref("browser.find.anonymous_content.enabled", true);
pref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiments", "{\"id\":\"messaging-experiments\",\"enabled\":true,\"type\":\"remote-experiments\",\"messageGroups\":[\"cfr\",\"whats-new-panel\",\"moments-page\",\"snippets\",\"cfr-fxa\"],\"updateCycleInMs\":3600000}");
pref("browser.tabs.documentchannel.parent-initiated", true);
pref("browser.tabs.documentchannel.ppdc", true);
pref("browser.urlbar.restyleSearches", false);
pref("devtools.contenttoolbox.webconsole.input.context", false);
pref("devtools.debugger.features.frame-step", true);
pref("devtools.experiment.f12.shortcut_disabled", false);
pref("devtools.inspector.compatibility.target-browsers", "");
pref("dom.security.https_only_mode.upgrade_onion", false);
pref("dom.security.https_only_mode_ever_enabled", false);
pref("dom.window.content.untrusted.enabled", true);
pref("editor.truncate_user_pastes", false);
pref("extensions.blocklist.addonItemURL", "https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/");
pref("extensions.blocklist.useMLBF", false);
pref("extensions.blocklist.useMLBF.stashes", false);
pref("gfx.vsync.force-disable-waitforvblank", false);
pref("gfx.webrender.gl-debug-message-critical-note", false);
pref("gfx.webrender.gl-debug-message-print", false);
pref("gfx.webrender.use-optimized-shaders", true);
pref("identity.sync.useOAuthForSyncToken", false);
pref("image.avif.enabled", false);
pref("image.honor_orientation_metadata.natural_size", true);
pref("image.honor-orientation-metadata", true);
pref("javascript.options.mem.gc_high_frequency_large_heap_growth", 150);
pref("javascript.options.mem.gc_high_frequency_small_heap_growth", 300);
pref("javascript.options.mem.gc_large_heap_incremental_limit", 110);
pref("javascript.options.mem.gc_large_heap_size_min_mb", 500);
pref("javascript.options.mem.gc_small_heap_incremental_limit", 140);
pref("javascript.options.mem.gc_small_heap_size_max_mb", 100);
pref("javascript.options.wasm_reftypes", true);
pref("layout.css.grid-template-masonry-value.enabled", false);
pref("layout.css.is-where-selectors.enabled", false);
pref("media.getdisplaymedia.enabled", true);
pref("media.testing-only-events", false);
pref("network.data.max-uri-length-mobile", 2097152);
pref("pdfjs.enablePermissions", false);
pref("privacy.restrict3rdpartystorage.expiration_visited", 2592000);
pref("privacy.restrict3rdpartystorage.heuristic.recently_visited", true);
pref("privacy.restrict3rdpartystorage.heuristic.recently_visited_time", 600);
pref("privacy.trackingprotection.testing.report_blocked_node", false);
pref("privacy.webrtc.allowSilencingNotifications", false);
pref("privacy.webrtc.legacyGlobalIndicator", true);
pref("privacy.webrtc.sharedTabWarning", false);
pref("prompts.defaultModalType", 3);
pref("prompts.modalType.confirmAuth", 2);
pref("prompts.modalType.insecureFormSubmit", 2);
pref("services.blocklist.addons-mlbf.checked", 0);
pref("services.blocklist.addons-mlbf.collection", "addons-bloomfilters");
pref("services.blocklist.addons-mlbf.signer", "remote-settings.content-signature.mozilla.org");
pref("services.sync.prefs.sync.intl.regional_prefs.use_os_locales", true);
pref("signon.showAutoCompleteImport", "");
pref("toolkit.asyncshutdown.report_writes_after", 20000);
pref("toolkit.osKeyStore.loglevel", "Warn");
pref("webgl.prototype.ipc-pcq", 0);

==REMOVED or HIDDEN

pref("apz.frame_delay.enabled", true);
pref("browser.aboutwelcome.log", "warn");
pref("browser.fixup.dns_first_for_single_words", false);
pref("browser.fixup.typo.scheme", true);
pref("browser.osKeyStore.loglevel", "Warn");
pref("browser.stopReloadAnimation.enabled", true);
pref("browser.tabs.multiselect", true);
pref("browser.tabs.showAudioPlayingIcon", true);
pref("browser.ui.scroll-toolbar-threshold", 10);
pref("browser.urlbar.update1", true);
pref("browser.urlbar.update1.view.stripHttps", true);
pref("browser.xul.error_pages.enabled", true);
pref("devtools.debugger.source-maps-enabled", true);
pref("devtools.inspector.use-new-box-model-highlighter", false);
pref("dom.mozBrowserFramesEnabled", true);
pref("dom.registerProtocolHandler.insecure.enabled", false);
pref("extensions.webservice.discoverURL", "https://discovery.addons.mozilla.org/%LOCALE%/firefox/discovery/pane/%VERSION%/%OS%/%COMPATIBILITY_MODE%");
pref("gfx.vsync.use-waitforvblank", false);
pref("javascript.options.mem.gc_avoid_interrupt_factor", 100);
pref("javascript.options.mem.gc_dynamic_heap_growth", true);
pref("javascript.options.mem.gc_dynamic_mark_slice", true);
pref("javascript.options.mem.gc_high_frequency_heap_growth_max", 300);
pref("javascript.options.mem.gc_high_frequency_heap_growth_min", 150);
pref("javascript.options.mem.gc_high_frequency_high_limit_mb", 500);
pref("javascript.options.mem.gc_high_frequency_low_limit_mb", 100);
pref("javascript.options.mem.gc_non_incremental_factor", 112);
pref("layout.css.contain.enabled", true);
pref("network.disable.ipc.security", true);
pref("privacy.purge_trackers.logging.enabled", false);
pref("security.identityblock.show_extended_validation", false);
pref("signon.management.overrideURI", "about:logins?filter=%DOMAIN%");

==CHANGED

pref("browser.contentblocking.report.monitor.how_it_works.url", "https://monitor.firefox.com/about"); // prev: "https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/monitor-faq"
pref("browser.newtabpage.activity-stream.asrouter.providers.message-groups", "{\"id\":\"message-groups\",\"enabled\":false,\"type\":\"remote-settings\",\"bucket\":\"message-groups\",\"updateCycleInMs\":3600000}"); // prev: "{\"id\":\"message-groups\",\"enabled\":true,\"type\":\"remote-settings\",\"bucket\":\"message-groups\",\"updateCycleInMs\":3600000}"
pref("browser.safebrowsing.provider.google.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?site="); // prev: "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&site="
pref("browser.safebrowsing.provider.google4.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?site="); // prev: "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&site="
pref("browser.tabs.remote.separatePrivilegedContentProcess", true); // prev: false
pref("browser.urlbar.maxCharsForSearchSuggestions", 100); // prev: 20
pref("devtools.netmonitor.columnsData", "[{\"name\":\"status\",\"minWidth\":30,\"width\":5}, {\"name\":\"method\",\"minWidth\":30,\"width\":5}, {\"name\":\"domain\",\"minWidth\":30,\"width\":10}, {\"name\":\"file\",\"minWidth\":30,\"width\":25}, {\"name\":\"url\",\"minWidth\":30,\"width\":25},{\"name\":\"initiator\",\"minWidth\":30,\"width\":10},{\"name\":\"type\",\"minWidth\":30,\"width\":5},{\"name\":\"transferred\",\"minWidth\":30,\"width\":10},{\"name\":\"contentSize\",\"minWidth\":30,\"width\":5},{\"name\":\"waterfall\",\"minWidth\":150,\"width\":15}]"); // prev: "[{\"name\":\"status\",\"minWidth\":30,\"width\":5}, {\"name\":\"method\",\"minWidth\":30,\"width\":5}, {\"name\":\"domain\",\"minWidth\":30,\"width\":10}, {\"name\":\"file\",\"minWidth\":30,\"width\":25}, {\"name\":\"url\",\"minWidth\":30,\"width\":25}, {\"name\":\"cause\",\"minWidth\":30,\"width\":10},{\"name\":\"initiator\",\"minWidth\":30,\"width\":10},{\"name\":\"type\",\"minWidth\":30,\"width\":5},{\"name\":\"transferred\",\"minWidth\":30,\"width\":10},{\"name\":\"contentSize\",\"minWidth\":30,\"width\":5},{\"name\":\"waterfall\",\"minWidth\":150,\"width\":15}]"
pref("devtools.netmonitor.visibleColumns", "[\"status\",\"method\",\"domain\",\"file\",\"initiator\",\"type\",\"transferred\",\"contentSize\",\"waterfall\"]"); // prev: "[\"status\",\"method\",\"domain\",\"file\",\"cause\",\"type\",\"transferred\",\"contentSize\",\"waterfall\"]"
pref("dom.quotaManager.useDOSDevicePathSyntax", true); // prev: false
pref("gfx.omta.background-color", true); // prev: false
pref("gfx.webrender.enable-item-cache", true); // prev: false
pref("layout.css.image-orientation.initial-from-image", true); // prev: false
pref("network.auth.confirmAuth.enabled", true); // prev: false
pref("network.http.http3.default-qpack-table-size", 0); // prev: 65536
pref("privacy.purge_trackers.logging.level", "Error"); // prev: "Warn"
pref("signon.management.page.os-auth.enabled", false); // prev: true

[earthlng]

some bugzilla tickets

• accessibility.ARIAReflection.enabled
  Bug 1628418 - ARIA reflection: implement AccessibilityRole interface

• apz.frame_delay.enabled
  Bug 1630781 - Eliminate the frame_delay pref, assume it true everywhere.

• apz.windows.force_disable_direct_manipulation
  Bug 1635243. Only use WS_EX_LAYERED | WS_EX_TRANSPARENT on the compositor window on nightly for now.
  Bug 1632357. Add a pref to disable adding the WS_EX_LAYERED style to the compositor window.

• browser.aboutwelcome.log
  Bug 1631668 - Consolidate messaging-system and about:welcome logging, add additional logs
  Bug 1617783 - Add JSWindowActors to about:welcome

• browser.contentblocking.report.monitor.how_it_works.url
  Bug 1602096 - update 'How it works' link on Firefox Monitor Card.

• browser.find.anonymous_content.enabled
  Bug 1627643 - Allow to find and display selection native anonymous content.

• browser.fixup.dns_first_for_single_words
  Bug 1496578 - convert nsDefaultURIFixup to URIFixup.jsm.

• browser.fixup.typo.scheme
  Bug 1496578 - convert nsDefaultURIFixup to URIFixup.jsm.

• browser.newtabpage.activity-stream.asrouter.providers.message-groups
  Bug 1633009 - Disable the Remote Settings message-group provider because it is not used
  Bug 1578754 - Implement groups configuration for Messaging System content

• browser.newtabpage.activity-stream.asrouter.providers.messaging-experiments
  Bug 1631456 - Create a CFR message loader for ExperimentAPI

• browser.osKeyStore.loglevel
  Bug 1631879 - Update the name of the osKeyStore log preference now that it has moved to toolkit.
  Bug 1194529 - Update OSKeyStore pref names now that the module is moved.

• browser.safebrowsing.provider.google.reportURL
  Bug 1408779 - link to report why page has been classified as malicious/deceptive/... should have variables %NAME% and %LOCALE% replaced

• browser.safebrowsing.provider.google4.reportURL
  Bug 1408779 - link to report why page has been classified as malicious/deceptive/... should have variables %NAME% and %LOCALE% replaced

• browser.stopReloadAnimation.enabled
  Bug 1629953 - Use prefers-reduced-motion media query for the stop/reload button animation.

• browser.tabs.documentchannel.parent-initiated
  Bug 1632098 - P3. Enable the ParentProcessDocumentChannel.
  Bug 1602318 - Enable parent initiated loads pref.
  Bug 1602318 - Initiate document loads in the parent process in parallel with setting up the content process side.
  Bug 1602318 - Start loads directly from CanonicalBrowsingContext when possible.

• browser.tabs.documentchannel.ppdc
  Bug 1632098 - P3. Enable the ParentProcessDocumentChannel.
  Bug 1607984 - P17. Put ParentProcessDocumentChannel behind a pref.

• browser.tabs.multiselect
  Bug 1634013 - Remove the browser.tabs.multiselect pref

• browser.tabs.remote.allowLinkedWebInFileUriProcess
  Bug 1603007 - Remove allowLinkedWebInFileUriProcess
  Bug 1626583 - Always disable allowLinkedWebInFileUriProcess
  Bug 1603006 - Ignore allowLinkedWebInFile when documentChannel is enabled

• browser.tabs.remote.separatePrivilegedContentProcess
  Bug 1621269 - Disable the privileged about content process on Linux64 ccov builds.
  Bug 1617983 - Re-enable separate privileged about content process for about:home, about:newtab, about:welcome on Nightly.

• browser.tabs.showAudioPlayingIcon
  Bug 1634012 - Remove the browser.tabs.showAudioPlayingIcon pref.r=dao

• browser.ui.scroll-toolbar-threshold
  Bug 1627716 - Remove APZ/composition code related to DynamicToolbarAnimator.

• browser.urlbar.maxCharsForSearchSuggestions
  Bug 1618769 - Increase max chars for search suggestions, and don't fetch suggestions at all when max is reached due to paste.

• browser.urlbar.oneOffSearches
  Bug 1628926 - Remove the browser.urlbar.oneOffSearches pref.

• browser.urlbar.restyleSearches
  Bug 1626946 - Remove search suggestions that dupe a search history result.

• browser.urlbar.update1
  Bug 1627988 - Remove the browser.urlbar.update1.view.stripHttps pref.
  Bug 1627969 - Remove the megabar pref.
  Bug 1617029 - Enable urlbar.update1.* prefs (quantumbar update 1) on Release.
  Bug 1616880 - Allow tabbing through urlbar results when there's a search string.
  Bug 1613869 - Enable urlbar.update1.* prefs on early Beta.
  Bug 1613699 - Rename browser.urlbar.update1.expandTextOnFocus pref to ...update2...
  Bug 1613608 - Enable Interventions in Nightly but not in xpcshell tests.
  Bug 1613608 - Enable Interventions in Nightly.
  Bug 1608766 - Disable tabbing through results after focusing the Urlbar with the keyboard, behind a pref.
  Bug 1606917 - Port the Interventions experiment into a new provider.
  Bug 1609699 - Rename browser.urlbar.searchTips pref to browser.urlbar.update1.searchTips.
  Bug 1603780 - Set browser.urlbar.update1.expandTextOnFocus default value in Nightly.
  Bug 1601339 - Disable expandTextOnFocus.

• browser.urlbar.update1.view.stripHttps
  Bug 1627988 - Remove the browser.urlbar.update1.view.stripHttps pref.
  Bug 1617029 - Enable urlbar.update1.* prefs (quantumbar update 1) on Release.

• browser.xul.error_pages.enabled
  Bug 1592780 - Empty alerts when browser.xul.error_pages.enabled=false,

• devtools.contenttoolbox.webconsole.input.context
  Bug 1628346 - Add a dedicated context selector pref for content toolbox.

• devtools.experiment.f12.shortcut_disabled
  Bug 1630228 - Basic implementation to disable F12 until toolbox opens

• devtools.inspector.compatibility.target-browsers
  Bug 1590981: Make target browsers persistent.

• devtools.inspector.use-new-box-model-highlighter
  Bug 1607755 - Remove box model highlighter implementation with setupInParent()

• dom.mozBrowserFramesEnabled
  Bug 1630691: Part 2 - Get rid of the "dom.mozBrowserFramesEnabled" pref.

• dom.quotaManager.useDOSDevicePathSyntax
  Bug 1632133 - Enable DOS device path syntax for quota storage by default;
  Bug 1626846 - Disable useDOSDevicePathSyntax for QuotaStorage on Windows;

• dom.registerProtocolHandler.insecure.enabled
  Bug 1597267 - Remove dom.registerProtocolHandler.insecure.enabled

• dom.security.https_only_mode.upgrade_local
  Bug 1631384 - Added upgrade exceptions for HTTPS Only Mode.

• dom.security.https_only_mode.upgrade_onion
  Bug 1631384 - Added upgrade exceptions for HTTPS Only Mode.

• dom.security.https_only_mode_ever_enabled
  Bug 1620244 - Retention telemetry for HTTPS Only Mode.

• dom.window.content.untrusted.enabled
  Bug 1632143 - Disable window.content in early betas
  Bug 1632116 - Introduce dom.window.content.untrusted.enabled

• editor.truncate_user_pastes
  Bug 1320229 - allow user pastes longer than input maxlength

• extensions.blocklist.addonItemURL
  Bug 1620621 - Add bloomfilter-based blocklist for addons

• extensions.blocklist.useMLBF
  Bug 1620621 - Implement blocklist stashing behind pref
  Bug 1620621 - Add bloomfilter-based blocklist for addons

• extensions.blocklist.useMLBF.stashes
  Bug 1620621 - Implement blocklist stashing behind pref

• extensions.webservice.discoverURL
  Bug 1620438 - Remove references to extensions.webservice.discoverURL.

• gfx.color_management.mode
  Bug 455077 - Enable color management for all CSS/images, not just tagged images.

• gfx.omta.background-color
  Bug 1535532 - Enable background color animations on the compositor by default on all channels.

• gfx.vsync.force-disable-waitforvblank
  Bug 1630389 - Enable WaitForVBlank by default on Windows 10

• gfx.vsync.use-waitforvblank
  Bug 1630389 - Enable WaitForVBlank by default on Windows 10
  Bug 1628137 - Switch to using WaitForVBlank for vsync on Windows

• gfx.webrender.enable-item-cache
  Bug 1633842 - Enable WR item cache
  Bug 1616412 - Enable WebRender display item caching

• gfx.webrender.gl-debug-message-critical-note
  Bug 1632096 - Forward WebRender gl(ANGLE) error message to gfx critical note

• gfx.webrender.gl-debug-message-print
  Bug 1632096 - Forward WebRender gl(ANGLE) error message to gfx critical note

• gfx.webrender.use-optimized-shaders
  Bug 1604615 - Use optimized shader source in webrender.

• identity.sync.useOAuthForSyncToken
  Bug 1631830 - Fetch Sync tokens with OAuth behind a pref

• image.avif.enabled
  Bug 1625363 - AVIF (AV1 Image File Format): experimental support.

• image.honor_orientation_metadata.natural_size
  Bug 1630165 - Remove nightly-only gate from naturalWidth/naturalHeight honoring orientation metadata.
  Bug 1566316 - Make naturalWidth/naturalHeight on images honor orientation metadata.

• image.honor-orientation-metadata
  Bug 1616411 - Part 3: Make RasterImage deal with and apply image orientation.

• javascript.options.mem.gc_avoid_interrupt_factor
  Bug 1630961 - Remove unused heurisitic to delaying GCs that may cause resets

• javascript.options.mem.gc_dynamic_heap_growth
  Bug 1633405 - Remove dynamic GC options that are enabled everywhere

• javascript.options.mem.gc_dynamic_mark_slice
  Bug 1633405 - Remove dynamic GC options that are enabled everywhere

• javascript.options.mem.gc_high_frequency_heap_growth_max
  Bug 1633457 - Rename some GC parameters for clarity

• javascript.options.mem.gc_high_frequency_heap_growth_min
  Bug 1633457 - Rename some GC parameters for clarity

• javascript.options.mem.gc_high_frequency_high_limit_mb
  Bug 1633457 - Rename some GC parameters for clarity

• javascript.options.mem.gc_high_frequency_large_heap_growth
  Bug 1633457 - Rename some GC parameters for clarity

• javascript.options.mem.gc_high_frequency_low_limit_mb
  Bug 1633457 - Rename some GC parameters for clarity

• javascript.options.mem.gc_high_frequency_small_heap_growth
  Bug 1633457 - Rename some GC parameters for clarity

• javascript.options.mem.gc_large_heap_incremental_limit
  Bug 1633752 - Calculate non-incremental threshold based on heap size and increase it for smaller heaps

• javascript.options.mem.gc_large_heap_size_min_mb
  Bug 1633457 - Rename some GC parameters for clarity

• javascript.options.mem.gc_non_incremental_factor
  Bug 1633752 - Calculate non-incremental threshold based on heap size and increase it for smaller heaps

• javascript.options.mem.gc_small_heap_incremental_limit
  Bug 1633752 - Calculate non-incremental threshold based on heap size and increase it for smaller heaps

• javascript.options.mem.gc_small_heap_size_max_mb
  Bug 1633457 - Rename some GC parameters for clarity

• javascript.options.wasm_reftypes
  Bug 1618595: Disable Cranelift on aarch64 when reftypes are enabled;

• layout.css.always-repaint-on-unvisited
  Bug 1632765 - Turn on some more :visited privacy mitigations.

• layout.css.contain.enabled
  Bug 1626458 part 1: Remove pref for CSS Containment (layout.css.contain.enabled)
  Bug 1623819 - Part 1: Fix a few initial values in Rust property definitions.

• layout.css.grid-template-masonry-value.enabled
  Bug 1607954 part 1 - [css-grid][css-align] Implement style system support for Masonry layout.

• layout.css.image-orientation.initial-from-image
  Bug 1616411 - Part 2: Don't bother passing in the size to OrientedImage::OrientSurface.
  Bug 1623820 - Part 2: Make image-orientation initial value change be Nightly only.

• layout.css.is-where-selectors.enabled
  Bug 1509418 - Enable the feature in Nightly.
  Bug 1629735 - Implement parsing / selector-matching for :is() and :where().

• layout.css.notify-of-unvisited
  Bug 1632765 - Turn on some more :visited privacy mitigations.

• media.getdisplaymedia.enabled
  Bug 1624181 - Omit getDisplayMedia() function on android to aid feature detection.

• media.testing-only-events
  Bug 1625615 - part5 : add test-only attribute and event for media element.

• network.data.max-uri-length-mobile
  Bug 1626687 - Do not handle data URIs larger than 2M on mobile

• network.disable.ipc.security
  Bug 1322254 - Remove network.disable.ipc.security pref

• network.http.http3.default-qpack-table-size
  Bug 1628460 - Turn off qpack dynamic table.

• privacy.purge_trackers.logging.enabled
  Bug 1628743 - Enable cookie purging by default in Nightly, clean up logging prefs.
  Bug 1599262 - Purge site data after identifying tracking site via cookies.

• privacy.purge_trackers.logging.level
  Bug 1628743 - Enable cookie purging by default in Nightly, clean up logging prefs.
  Bug 1624863 - Rewrite PurgeTrackerService.jsm logging to use console.createInstance

• privacy.restrict3rdpartystorage.expiration_visited
  Bug 1616585 - add heuristic for visited redirection;

• privacy.restrict3rdpartystorage.heuristic.recently_visited
  Bug 1616585 - add heuristic for visited redirection;

• privacy.restrict3rdpartystorage.heuristic.recently_visited_time
  Bug 1616585 - add heuristic for visited redirection;

• privacy.trackingprotection.testing.report_blocked_node
  Bug 1608516 - Part 3: Add a pref to prevent sending unnecessary IPC if we are not in testing.

• privacy.webrtc.allowSilencingNotifications
  Bug 1637336 - Add a preference that uses an alternative WebRTC screen sharing permission panel configuration.

• privacy.webrtc.legacyGlobalIndicator
  Bug 1636207 - Fork the WebRTC global indicator for a refresh.

• privacy.webrtc.sharedTabWarning
  Bug 1634796 - Add a panel that warns users before switching tabs when sharing the window over WebRTC.

• prompts.defaultModalType
  Bug 1615588 - Extended nsIPromptService to support tab modal prompts.

• prompts.modalType.confirmAuth
  Bug 1629808 - Updated ConfirmAuth dialogs to be tab modal and re-enabled them.

• prompts.modalType.insecureFormSubmit
  Bug 616849 - Made insecure form submission prompt tab modal.

• security.identityblock.show_extended_validation
  Bug 1599729 - Remove security.identityblock.show_extended_validation pref and related UI code.

• services.blocklist.addons-mlbf.checked
  Bug 1620621 - Add bloomfilter-based blocklist for addons

• services.blocklist.addons-mlbf.collection
  Bug 1620621 - Add bloomfilter-based blocklist for addons

• services.blocklist.addons-mlbf.signer
  Bug 1620621 - Add bloomfilter-based blocklist for addons

• services.sync.prefs.sync.intl.regional_prefs.use_os_locales
  Bug 1379910 - Add Preference option to change the locale strategy for regional preferences

• signon.management.overrideURI
  Bug 1569253 - remove old password manager UI.

• signon.management.page.os-auth.enabled
  Bug 1636511 - Disable the OS auth feature in about:logins on Release and Beta.
  Bug 1626138 - Add a temporary pref to disable the OS auth prompt.

• signon.showAutoCompleteImport
  Bug 1618311 - Contextually suggest importing passwords as an autocomplete entry

• toolkit.asyncshutdown.report_writes_after
  Bug 1610134: Part 1: add timeout pref that turns on late write checking to see if it's possible to crash browser earlier.

• toolkit.osKeyStore.loglevel
  Bug 1631879 - Update the name of the osKeyStore log preference now that it has moved to toolkit.

• webgl.prototype.ipc-pcq
  Bug 1621762: Part 7 - Add IpdlQueue actor traits to WebGLParent/WebGLChild

[Thorin-Oakenpants]

I think we can remove 0850c, 0850d, 0850e (b is already gone and e is deprecated this release: that the oneOffSearches). The urlbar is now switched to the new awesomebar (and urlbar1 prefs removed) and those prefs (c + d), AFAIK, relate to the old one, but we should check. It also wouldn't surprise me if everything we know about the location bar is up for re-checking: e.g. if all suggestion types are disabled, are search engine keywords still disabled, etc. I mean, they rebuilt all the logic around their UX studies

Anyway: maxRichResults (c) and autofill (d) have nothing to do with privacy and oneOffSearches (e) doesn't either, but at least that's deprecated now. I get the shoulder surfer aspect of it, but that's on the end user: even Tor Browser doesn't cover this. You can't code OpSec.

TBH: if you're like me and don't like the urlbar doing anything except being static (no suggestions, not UI changes, no movements, no color changes), then I've simply been using chrome css

[crssi]

^^ I am using 0850c and 0850d. And both are still valid in FF 76.
Don't know about 77 yet.

[rusty-snake]

dom.security.https_only_mode.upgrade_local:

If true and HTTPS-only mode is enabled, requests
to local IP addresses are also upgraded

dom.security.https_only_mode.upgrade_onion:

If true and HTTPS-only mode is enabled, requests
to .onion hosts are also upgraded

dom.security.https_only_mode_ever_enabled:

WARNING: Don't ever update that pref manually! It is only used
for telemetry purposes and allows to reason about retention of
the pref dom.security.https_only_mode from above.

Telemetry is disabled and reseting this in the user.js would be useless.

[earthlng]

#923 is an issue again in FF77 !! (but it only affects Windows)

The good news is that the problem is apparently already fixed in FF78+ (1634267).
So we can either temporarily set 0709 to false or add dom.quotaManager.useDOSDevicePathSyntax=false for the 77 release.

useDOSDevicePathSyntax=true is supposed to fix issues when file paths exceed the path limit on Windows so I think the better option is to just set 0709 to false.
(We should set it to false instead of making it inactive, for people who don't run the prefsCleaner after every update)

Linux and Mac users can add 0709 to their user-overrides if they deem it necessary but it's a pretty edge-case protection anyways and losing it for 1 release isn't too bad either, IMO.

[Thorin-Oakenpants]

speaking of breakage - did you get that email I sent about changes to the origin attributes and thus to the naming conventions? I don't have the email anymore so I can't find the ticket quickly. I hope we don't end up with a migration mess like when they applied OA to extensions

[earthlng]

this is the link you sent me: https://bugzilla.mozilla.org/show_bug.cgi?id=1558932#c16

FYI just found these 2 in FF78beta1 which sound like they're related:

pref("privacy.dynamic_firstparty.use_site", true);
pref("privacy.firstparty.isolate.use_site", false);

update: both prefs were implemented in 1637516

[earthlng]

updated OP for the final release.
Only 1 difference since RC1: the change to gfx.color_management.mode didn't land

[collinbarrett]

Sorry if I missed this somewhere, but Firefox release on Windows just updated to v77. With ghacksuserjs, extensions seem to be messed up. For example, trying to view the uBlock Origin settings page only shows the header bar but no content. This issue seems to affect other extensions as well. Without ghacksuserjs, there is no issue. Suggestions on a setting I should adjust? Thanks!

[crssi]

@collinbarrett see #951

[Thorin-Oakenpants]

this is the link you sent me

It's a tad somewhat quite fucking hard to follow ATM. There's a lot of dFPI stuff going on, and then baku is busy adding isolate* prefs (some sort of partitioning ), and then there's a bunch of over-arching tickets about principals and OA's

[Thorin-Oakenpants]

OT: anyone know the css for userChrome to modify the awesomebar and searchbar blue outlines when they have focus (as show in the top part of the pic)

[Thorin-Oakenpants]

@collinbarrett , @crssi 05580f5

Added to the master so no-one needs an override: I'll remove it some time well after 78 lands and it's known to be fixed

[Thorin-Oakenpants]

If anyone has a reddit account ... this totally looks like the UNC / DOS Path problem - just point them to #923 - TIA

• https://old.reddit.com/r/firefox/comments/gvc7zd/none_of_my_extensions_work_now_with_firefox_77/

[gwarser]

anyone know the css for userChrome to modify the awesomebar and searchbar blue outlines when they have focus

Maybe https://www.reddit.com/r/FirefoxCSS/comments/fxez4e/remove_new_megabar_grow_shrink_effect/fmvadbr/

[Shadowized]

OT: anyone know the css for userChrome to modify the awesomebar and searchbar blue outlines when they have focus (as show in the top part of the pic)

I use this.

#urlbar[focused] > #urlbar-background{
  border-color:hsla(240,5%,5%,.35) !important;
  box-shadow: 0 1px 6px rgba(0,0,0,.1) !important;
}

[Thorin-Oakenpants]

^^ thanks (I'll check it out), and @gwarser that helped with the css property name

this works for urlbar: cannot for the life of me get the selectors right for searchbar (the one on the right)

#urlbar, .searchbar-textbox {
	--toolbar-field-focus-border-color: #202124 !important;
}

[Shadowized]

my bad, didn't realize you needed both, this should work.

#urlbar[focused="true"] > #urlbar-background,
#searchbar:focus-within{

[Thorin-Oakenpants]

this should work

Excellent .. have a socially distanced hug 🤗

[MawerickCruz]

I think they fully broke 1633. Now its user_pref("ui.prefersReducedMotion", 1);. Can somebody confirm or its my imagination?

Classic urlbar CSS for Firefox 77

#urlbar[breakout][breakout-extend] {
top: 5px !important;
left: 0px !important;
width: 100% !important;
padding: 0px !important;
}
#urlbar[breakout][breakout-extend] > #urlbar-input-container {
height: var(--urlbar-height) !important;
padding: 0 !important;
}
#urlbar[breakout][breakout-extend] > #urlbar-background {
animation: none !important;;
}
#urlbar[breakout][breakout-extend] > #urlbar-background {
box-shadow: none !important;
}
#urlbar-results {
padding-top: 0 !important;
padding-bottom: 0 !important;
}
.urlbarView-body-inner {
border-top: 0px !important;
}

[MawerickCruz]

Yes. Im talking about toolkit.cosmeticAnimations.enabled in personal section. For exemple look on refresh page button with ui.prefersReducedMotion;1 and without it.
So its bad idea use ui.prefersReducedMotion;1? Somehowe rise entropy or something? I`am not disable RFP.

[Thorin-Oakenpants]

Here's the meta bug - there are at least 5 bugs in all of the ones for FF77 (I queried all 77 bugs) where the title indicates a change to UI animations to use PRM

The pref in the personal section will eventually be deprecated. Just use your custom chrome css. But long term the idea is that RFP exempts the UI (chrome) etc.

Yes, javascript can query what your prefers motion and prefers color etc are - so RFP locks that down to the default, otherwise it's just another bit of data that can be used overall in your fingerprint

[rugabunda]

@Thorin-Oakenpants

pref("privacy.dynamic_firstparty.use_site", true);
pref("privacy.firstparty.isolate.use_site", false);

Quoting FF Devs:

"We can keep FPI/dFPI have the same behavior here, and (if necessary, ) use another pref to control whether we should use site or not. The pref may keep some backward-compatibility for special cases, e.g. Tor Browser, and we can turn this pref on to use "site"."

src https://bugzilla.mozilla.org/show_bug.cgi?id=1637516#c9

[rugabunda]

"The first pieces of dynamic first-party isolation (DFPI) landed in Nightly. DFPI is an experimental approach to isolating all third party cookies and storage, similar to FPI (which is enabled by default in the Tor Browser and is also supported by Firefox). The most important difference between DFPI and FPI is that DFPI will adhere to exceptions granted through the storage access API and thus ensure better web compatibility. "

https://wiki.mozilla.org/Firefox_Security_Newsletter/FSN-2020-Q1

[Thorin-Oakenpants]

Thanks. I'm aware of all that and for the user.js I'm tracking it in #930

Edit: if FPI is on, dPFI is ignored, and until dFPI is enabled by default (which could be quite some time) there's nothing to do: and the longer it takes, the more bugs they fix and the more dFPI covers etc