ToDo: diffs FF118-FF119

[earthlng]

FF119 is scheduled for release Oct. 24th

FF119 release notes
FF119 for developers
FF119 security advisories

---

98 diffs ( 27 new, 49 gone, 22 different )

new in v119.0:

• FYI: 1851802 see ToDo: diffs FF118-FF119 #1755 (comment)
  • pref("security.mixed_content.upgrade_display_content.audio", true);
  • pref("security.mixed_content.upgrade_display_content.image", false);
  • pref("security.mixed_content.upgrade_display_content.video", true);

removed, renamed or hidden in v119.0:

• 0711 pref("network.dns.skipTRR-when-parental-control-enabled", true); 1586941
• 6051 pref("browser.fixup.alternate.enabled", false); 1850902 - already removed in AF118

changed in v119.0:

• FYI
  • pref("privacy.partition.bloburl_per_partition_key", true); // prev: false 1854403, 1843152
    • it's the blob, second line item at PrivacyTests.org
  • pref("browser.contentblocking.features.strict", "tp,tpPrivate,cookieBehavior5,cookieBehaviorPBM5,cm,fp,stp,emailTP,emailTPPrivate,lvl2,rp,rpTop,ocsp,qps,qpsPBM,fpp,fppPrivate"); // prev: "tp,tpPrivate,cookieBehavior5,cookieBehaviorPBM5,cm,fp,stp,emailTP,emailTPPrivate,lvl2,rp,rpTop,ocsp,qps,qpsPBM"
    • diff: added fpp,fppPrivate
  • pref("browser.search.serpEventTelemetry.enabled", true); // prev: false pref is temporary
• FYI

  • Recently closed tabs now persist between sessions that don't have automatic session restore enabled. Manually restoring a previous session will continue to reopen any previously open tabs or windows.

    • 1819675, 1820660, 1845836, 1852094
    • pref("browser.sessionstore.closedTabsFromAllWindows", true); // prev: false
    • pref("browser.sessionstore.closedTabsFromClosedWindows", true); // prev: false
    • pref("browser.sessionstore.persist_closed_tabs_between_sessions", true); // prev: false
  • we don't use session restore (SR) by default. if users do enable SR then their threat model is they accept this sort of thing. not interested in working out or discussing the permutations/effects of these three prefs

---

ignore

click me for details

==NEW

pref("browser.newtabpage.activity-stream.discoverystream.spocTopsitesPlacement.enabled", true);
pref("browser.places.interactions.enabled", true);
pref("browser.search.serpEventTelemetryCategorization.enabled", false);
pref("browser.shopping.experience2023.ads.userEnabled", false);
pref("browser.shopping.experience2023.survey.enabled", true);
pref("browser.shopping.experience2023.survey.hasSeen", false);
pref("browser.shopping.experience2023.survey.pdpVisits", 0);
pref("browser.tabs.firefox-view-newIcon", true);
pref("dom.input_events.security.isUserInputHandlingDelayTest", false);
pref("dom.input_events.security.minNumTicks", 3);
pref("dom.input_events.security.minTimeElapsedInMS", 100);
pref("dom.webgpu.swap-chain.external-texture-dx12", false);
pref("extensions.webcompat.useScriptingAPI", true);
pref("javascript.options.array_grouping", true);
pref("javascript.options.mem.gc_parallel_marking_threshold_mb", 20);
pref("javascript.options.well_formed_unicode_strings", true);
pref("layout.css.moz-broken.content.enabled", false);
pref("memory.phc.enabled", false);
pref("network.fetchpriority.enabled", false);
pref("network.http.http3.cc_algorithm", 1);
pref("webgl.max-vert-ids-per-draw", 30000000);
pref("widget.gtk.hide-pointer-while-typing.enabled", true);
pref("widget.gtk.rounded-bottom-corners.enabled", false);
pref("widget.windows.titlebar-accent.enabled", false);

==REMOVED, RENAMED or HIDDEN

pref("browser.privatebrowsing.enable-new-indicator", true);
pref("browser.privatebrowsing.enable-new-logo", true);
pref("browser.underline_anchors", true);
pref("canvas.createConicGradient.enabled", true);
pref("devtools.debugger.features.map-scopes", true);
pref("devtools.inspector.ruleview.inline-compatibility-warning.enabled", true);
pref("dom.animations-api.autoremove.enabled", true);
pref("dom.animations-api.core.enabled", true);
pref("dom.animations-api.implicit-keyframes.enabled", true);
pref("dom.enable_window_print", true);
pref("dom.focus.fixup", true);
pref("dom.forms.autocapitalize", true);
pref("dom.forms.inputmode", true);
pref("dom.media.mediasession.enabled", true);
pref("dom.mouseevent.click.hack.use_legacy_non-primary_dispatch", "");
pref("dom.picture_source_dimension_attributes.enabled", true);
pref("dom.storageManager.enabled", true);
pref("dom.visualviewport.enabled", true);
pref("dom.weblocks.enabled", true);
pref("dom.window.sidebar.enabled", false);
pref("dom.workers.requestAnimationFrame", true);
pref("gfx.downloadable_fonts.sanitize_omt", true);
pref("html5.inert.enabled", true);
pref("image.webp.enabled", true);
pref("javascript.options.mem.gc_parallel_marking_threshold_kb", 20000);
pref("javascript.options.wasm_final_types", false);
pref("layout.css.font-loading-api.enabled", true);
pref("layout.css.font-loading-api.workers.enabled", true);
pref("layout.css.font-metrics-overrides.enabled", true);
pref("layout.css.grid-item-baxis-measurement.enabled", true);
pref("layout.css.hyphenate-character.enabled", true);
pref("layout.css.line-height-moz-block-height.content.enabled", false);
pref("layout.css.linear-easing-function.enabled", true);
pref("layout.css.motion-path.enabled", true);
pref("layout.css.moz-document.content.enabled", false);
pref("layout.css.overflow-logical.enabled", true);
pref("layout.css.page-size.enabled", true);
pref("layout.css.scrollbar-gutter.enabled", true);
pref("layout.oopif_activity_grace_period_ms", 1000);
pref("network.auth.allow_multiple_challenges_same_line", true);
pref("network.auth.use_new_parse_realm", true);
pref("network.cookie.rejectForeignWithExceptions.enabled", false);
pref("network.dns.limit_253_chars", true);
pref("security.insecure_connection_icon.enabled", true);
pref("security.insecure_connection_icon.pbmode.enabled", true);
pref("ui.use_activity_cursor", false);
pref("widget.windows.hide_cursor_when_typing", false);

==CHANGED

pref("accessibility.ARIAReflection.enabled", true); // prev: false
pref("browser.firefox-view.max-history-rows", 300); // prev: 500
pref("browser.migrate.chrome.extensions.enabled", true); // prev: false
pref("browser.shopping.experience2023.ads.enabled", false); // prev: true
pref("browser.tabs.firefox-view-next", true); // prev: false
pref("browser.tabs.remote.coep.credentialless", true); // prev: false
pref("dom.events.phases.correctOrderOnTarget", true); // prev: false
pref("javascript.options.spectre.disable_for_isolated_content", true); // prev: false
pref("media.gmp.use-minimal-xpcom", true); // prev: false
pref("network.dns.echconfig.enabled", true); // prev: false
pref("network.dns.echconfig.fallback_to_origin_when_all_failed", false); // prev: true
pref("network.dns.force_waiting_https_rr", true); // prev: false
pref("network.dns.http3_echconfig.enabled", true); // prev: false
pref("security.tls.ech.disable_grease_on_fallback", false); // prev: true
pref("security.tls.ech.grease_http3", true); // prev: false
pref("security.tls.ech.grease_probability", 100); // prev: 0

[earthlng]

some bugzilla tickets

• accessibility.ARIAReflection.enabled
  Bug 1785412: Let ARIA reflection (non-idref) and default Accessibility Semantics for Custom Elements ride the trains.

• browser.contentblocking.features.strict
  Bug 1841104 - Add fingerprinting protection to ETP Strict.
  Bug 1826340 - Removed level2 PBM from ETP strict as it is now set as true by default pref from ETP strict.
  Bug 1818292 - Add email tracking protection to ETP strict.

• browser.firefox-view.max-history-rows
  Bug 1848633 - Prevent browser lockup when loading too many history entries
  Bug 1842056 - Add a pref to limit the number of rows shown in History

• browser.fixup.alternate.enabled
  Bug 1850902: Remove browser.fixup.alternate.enabled pref and its code path

• browser.migrate.chrome.extensions.enabled
  Bug 1853926 - Enable extensions migration for Chrome by default.
  Bug 1836773 - Disable importing extensions in the migration wizard by default.

• browser.newtabpage.activity-stream.discoverystream.spocTopsitesPlacement.enabled
  Bug 1853390 - Pocket newtab add a control to for the sponsored topsites Pocket placement

• browser.places.interactions.enabled
  Bug 1840118 - Enable engagement data by default.

• browser.privatebrowsing.enable-new-indicator
  Bug 1851163 - Remove obsolete felt privacy (2022) prefs.

• browser.privatebrowsing.enable-new-logo
  Bug 1851163 - Remove obsolete felt privacy (2022) prefs.

• browser.search.serpEventTelemetry.enabled
  Bug 1842554 - Enable SERP Telemetry improvements -
  Bug 1839461 - Enable SERP Telemetry improvements on Nightly -

• browser.search.serpEventTelemetryCategorization.enabled
  Bug 1846357 - Extract domains for basic SERP links.

• browser.sessionstore.closedTabsFromAllWindows
  Bug 1852094 - Enable the recently-closed tab-related sessionstore prefs by default.
  Bug 1819675 - Introduce a feature pref to toggle the recently-closed tabs from all windows behavior.r=sclements,dao,extension-reviewers,fxview-reviewers,robwu,sessionstore-reviewers

• browser.sessionstore.closedTabsFromClosedWindows
  Bug 1852094 - Enable the recently-closed tab-related sessionstore prefs by default.
  Bug 1845836 - Include closed tabs from closed windows in fxview-next's recently closed tabs list.

• browser.sessionstore.persist_closed_tabs_between_sessions
  Bug 1852094 - Enable the recently-closed tab-related sessionstore prefs by default.
  Bug 1820660 - Persist recently closed tabs between sessions

• browser.shopping.experience2023.ads.enabled
  Bug 1852106 - disable shopping recommended product by default,
  Bug 1848675 - Add pref for ads in shopping sidebar.

• browser.shopping.experience2023.ads.userEnabled
  Bug 1852106 - disable shopping recommended product by default,
  Bug 1840520 - make settings ad toggle show or hide recommended products.

• browser.shopping.experience2023.survey.enabled
  Bug 1851635 - Add surveyEnabled to shopping2023 Nimbus feature

• browser.shopping.experience2023.survey.hasSeen
  Bug 1846786 - Add microsurvey in shopping sidebar

• browser.shopping.experience2023.survey.pdpVisits
  Bug 1846786 - Add microsurvey in shopping sidebar

• browser.tabs.firefox-view-newIcon
  Bug 1851525 - Allow Firefox View icon to be set via Nimbus.

• browser.tabs.firefox-view-next
  Bug 1847981 - Flip pref to make firefoxview-next the default
  Bug 1837037 - Add a pref for enabling the new Firefox View.

• browser.tabs.remote.coep.credentialless
  Bug 1851467 - Enable COEP:credentialless on desktop

• browser.underline_anchors
  Bug 1853323 - Remove browser.underline_anchors.

• canvas.createConicGradient.enabled
  Bug 1851395 - Remove canvas.createConicGradient.enabled pref

• devtools.inspector.ruleview.inline-compatibility-warning.enabled
  Bug 1852526 - [devtools] Remove "devtools.inspector.ruleview.inline-compatibility-warning.enabled" preference.
  Bug 1840775 - [devtools] Enable compatibility tooltip everywhere.
  Bug 1659498 - [devtools] Enable CSS Compatibility tooltip in Nightly.

• dom.animations-api.autoremove.enabled
  Bug 1843999 - Remove dom.animations-api.core.enabled, dom.animations-api.implicit-keyframes.enabled, and dom.animations-api.autoremove.enabled prefs

• dom.animations-api.core.enabled
  Bug 1843999 - Remove dom.animations-api.core.enabled, dom.animations-api.implicit-keyframes.enabled, and dom.animations-api.autoremove.enabled prefs

• dom.animations-api.implicit-keyframes.enabled
  Bug 1843999 - Remove dom.animations-api.core.enabled, dom.animations-api.implicit-keyframes.enabled, and dom.animations-api.autoremove.enabled prefs

• dom.enable_window_print
  Bug 1853546 - Remove dom.enable_window_print pref

• dom.events.phases.correctOrderOnTarget
  Bug 1840620 - Activate dom.events.phases.correctOrderOnTarget.

• dom.focus.fixup
  Bug 1854546 - Remove dom.focus.fixup pref

• dom.forms.autocapitalize
  Bug 1851962 - Remove dom.forms.autocapitalize pref

• dom.forms.inputmode
  Bug 1842986 - Remove dom.forms.inputmode pref

• dom.input_events.security.isUserInputHandlingDelayTest
  Bug 1830820 - Add tests for user input delay handling

• dom.input_events.security.minNumTicks
  Bug 1858232 - Set dom.input_events.security.minNumTicks to 0 on Beta
  Bug 1830820 - Introduce some delays to user input handling

• dom.input_events.security.minTimeElapsedInMS
  Bug 1830820 - Introduce some delays to user input handling

• dom.media.mediasession.enabled
  Bug 1851099 - Remove dom.media.mediasession.enabled pref

• dom.mouseevent.click.hack.use_legacy_non-primary_dispatch
  Bug 1853832 - Remove dom.mouseevent.click.hack.use_legacy_non-primary_dispatch pref

• dom.picture_source_dimension_attributes.enabled
  Bug 1851959 - Remove dom.picture_source_dimension_attributes.enabled pref

• dom.storageManager.enabled
  Bug 1853841 - Remove dom.storageManager.enabled pref

• dom.visualviewport.enabled
  Bug 1853552 - Remove dom.visualviewport.enabled pref

• dom.webgpu.swap-chain.external-texture-dx12
  Bug 1852485 - Present WebGPU by using DX11 texture in swap chain with readback on Windows

• dom.weblocks.enabled
  Bug 1851539 - Remove dom.weblocks.enabled pref

• dom.window.sidebar.enabled
  Bug 1428302 - Remove window.sidebar

• dom.workers.requestAnimationFrame
  Bug 1853551 - Remove dom.workers.requestAnimationFrame pref

• extensions.webcompat.useScriptingAPI
  Bug 1853013 - Merge in scripting API and es module webcompat addon updates;

• gfx.downloadable_fonts.sanitize_omt
  Bug 1853262 - Remove gfx.downloadable_fonts.sanitize_omt pref

• html5.inert.enabled
  Bug 1851541 - Remove html5.inert.enabled pref

• image.webp.enabled
  Bug 1641389 - Remove image.webp.enabled pref, always on by default.

• javascript.options.array_grouping
  Bug 1792650 - Enable Object.groupBy and Map.groupBy by default.

• javascript.options.mem.gc_parallel_marking_threshold_kb
  Bug 1854072 - Change parallel marking threshold pref to use MB instead of KB
  Bug 1847567 - Add a browser pref for JSGC_PARALLEL_MARKING_THRESHOLD_KB and set it per platform

• javascript.options.mem.gc_parallel_marking_threshold_mb
  Bug 1854072 - Change parallel marking threshold pref to use MB instead of KB

• javascript.options.spectre.disable_for_isolated_content
  Bug 1851162 - Ship disabling Spectre JIT mitigations in Fission content processes.

• javascript.options.wasm_final_types
  Bug 1854011 - wasm: Enable final types by default in wasm-gc.
  Bug 1843668 - Add an option and pref to enable wasm-gc final types.

• javascript.options.well_formed_unicode_strings
  Bug 1850755 - Part 1: Turn on well-formed-unicode-strings by default in Browser and JS Shell.
  Bug 1850755 - Turn on well-formed-unicode-strings by default in Browser and JS Shell.

• layout.css.font-loading-api.enabled
  Bug 1851091 - Remove layout.css.font-loading-api.enabled pref

• layout.css.font-loading-api.workers.enabled
  Bug 1851553 - Remove layout.css.font-loading-api.workers.enabled pref

• layout.css.font-metrics-overrides.enabled
  Bug 1851093 - Remove layout.css.font-metrics-overrides.enabled pref

• layout.css.grid-item-baxis-measurement.enabled
  Bug 1851094 - Remove layout.css.grid-item-baxis-measurement.enabled pref

• layout.css.hyphenate-character.enabled
  Bug 1851096 - Remove layout.css.hyphenate-character.enabled pref

• layout.css.linear-easing-function.enabled
  Bug 1819453: Remove pref for linear easing function.

• layout.css.line-height-moz-block-height.content.enabled
  Bug 1853518 - Remove layout.css.line-height-moz-block-height.content.enabled pref

• layout.css.motion-path.enabled
  Bug 1842479 - Remove layout.css.motion-path.enabled pref

• layout.css.moz-broken.content.enabled
  Bug 1850342 - Do not expose :-moz-broken to content.

• layout.css.moz-document.content.enabled
  Bug 1851097 - Remove layout.css.moz-document.content.enabled pref

• layout.css.overflow-logical.enabled
  Bug 1842480 - Remove layout.css.overflow-logical.enabled pref

• layout.css.page-size.enabled
  Bug 1851098 - Remove layout.css.page-size.enabled pref

• layout.css.scrollbar-gutter.enabled
  Bug 1842503 - Remove layout.css.scrollbar-gutter.enabled pref

• layout.oopif_activity_grace_period_ms
  Bug 1847929 - Remove OOPIF activity grace period.

• media.gmp.use-minimal-xpcom
  Bug 1851876 - Enable minimal XPCOM for the GMP process.
  Bug 1845946 - Part 3. Use NS_InitMinimalXPCOM with the GMP process.

• memory.phc.enabled
  Bug 1814798 - pt 2. Add a PHCManager component to control PHC

• network.auth.allow_multiple_challenges_same_line
  Bug 1842326 - Remove network.auth.use_new_parse_realm and network.auth.allow_multiple_challenges_same_line prefs

• network.auth.use_new_parse_realm
  Bug 1842326 - Remove network.auth.use_new_parse_realm and network.auth.allow_multiple_challenges_same_line prefs

• network.cookie.rejectForeignWithExceptions.enabled
  Bug 1835913 - Deprecating RejectForeignAllowList.

• network.dns.echconfig.enabled
  Bug 1856928 - Enable ECH and ECH GREASE by default

• network.dns.echconfig.fallback_to_origin_when_all_failed
  Bug 1856928 - Enable ECH and ECH GREASE by default

• network.dns.force_waiting_https_rr
  Bug 1856928 - Enable ECH and ECH GREASE by default

• network.dns.http3_echconfig.enabled
  Bug 1856928 - Enable ECH and ECH GREASE by default

• network.dns.limit_253_chars
  Bug 1848874 - Removed network.dns.limit_253_chars pref.

• network.dns.skipTRR-when-parental-control-enabled
  Bug 1586941 - Removed network.dns.skipTRR-when-parental-control-enabled pref.

• network.fetchpriority.enabled
  Bug 1839316: part 5) Guard the "fetchpriority" attribute behind a pref.

• network.http.http3.cc_algorithm
  Bug 1851908 - Add a preference to specify neqo's congestion control algorithm

• privacy.partition.bloburl_per_partition_key
  Bug 1854403 - Set privacy.partition.bloburl_per_double_partition_key pref to be true.
  Bug 1843152 - Created pref privacy.partition.bloburl_per_double_partition_key.

• security.insecure_connection_icon.enabled
  Bug 1850492 - Remove security.insecure_connection_icon.enabled and security.insecure_connection_icon.pbmode.enabled prefs.r=dao

• security.insecure_connection_icon.pbmode.enabled
  Bug 1850492 - Remove security.insecure_connection_icon.enabled and security.insecure_connection_icon.pbmode.enabled prefs.r=dao

• security.mixed_content.upgrade_display_content.audio
  Bug 1851802 - Make mixed content upgrade for audio/video/image individually togglable.

• security.mixed_content.upgrade_display_content.image
  Bug 1851802 - Make mixed content upgrade for audio/video/image individually togglable.

• security.mixed_content.upgrade_display_content.video
  Bug 1851802 - Make mixed content upgrade for audio/video/image individually togglable.

• security.tls.ech.disable_grease_on_fallback
  Bug 1856928 - Enable ECH and ECH GREASE by default

• security.tls.ech.grease_http3
  Bug 1856928 - Enable ECH and ECH GREASE by default

• security.tls.ech.grease_probability
  Bug 1856928 - Enable ECH and ECH GREASE by default

• ui.use_activity_cursor
  Bug 1848896 - Remove ui.use_activity_cursor pref

• webgl.max-vert-ids-per-draw
  Bug 1849433 - Add webgl.max-vert-ids-per-draw, default 30M.

• widget.gtk.hide-pointer-while-typing.enabled
  Bug 1852365 - Enable hide-cursor-while-typing on Linux.

• widget.gtk.rounded-bottom-corners.enabled
  Bug 1852584 - Disable rounded bottom corners for performance regressions for now.
  Bug 1850827 - Implement rounded bottom corners in GTK.

• widget.windows.hide_cursor_when_typing
  Bug 1757463 - Implement hide cursor while typing at the DOM+Editor level.

• widget.windows.titlebar-accent.enabled
  Bug 1843044 - Make titlebar system colors on windows and macOS reflect reality.

[Thorin-Oakenpants]

thanks E 🥮

[Thorin-Oakenpants]

https://www.mozilla.org/en-US/firefox/119.0/releasenotes/

Recently closed tabs now persist between sessions that don't have automatic session restore enabled. Manually restoring a previous session will continue to reopen any previously open tabs or windows

hmmm

[Thorin-Oakenpants]

fyi for nerds: https://groups.google.com/a/mozilla.org/g/dev-platform/c/5MrpDdHIr-Y/m/p6ZHxy6sBQAJ - bye bye mercurial, hello git

[Thorin-Oakenpants]

• FYI: sounds good 1851802
  • pref("security.mixed_content.upgrade_display_content.audio", true);
  • pref("security.mixed_content.upgrade_display_content.image", false);
  • pref("security.mixed_content.upgrade_display_content.video", true);

NOTE: we use HoM 1244 which already does this- that's what the only part means. The difference being is that HoM will fail silently, but HTTPS-First will fallback to insecure (and one assumes will try all content). And in HoM if we allow an exception then the site is not secure and I would assume doesn't try upgrading regardless of the setting (maybe it does if the pref below is true - IDK and IDCare). So this seems to be for users who have neither HoM or HTTPS-First (default normal window users)

If I understand this correctly, if security.mixed_content.upgrade_display_content = true (the default is false), it used to try to upgrade all three types. The change is to be able to toggle parts of that as they roll "it" out - IDK what "it" is, parent ticket says "mixed content level 2"

Given we use HoM, and we don't bother with security.mixed_content.upgrade_display_content, and I suspect long term these prefs will be temporary, then we can ignore these. Just thought it was worthwhile typing something out