[tor-bugs] #33534 [Applications/Tor Browser]: Review FF release notes from FF69 to latest (FF73)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Mar 31 22:30:15 UTC 2020
#33534: Review FF release notes from FF69 to latest (FF73)
--------------------------------------+--------------------------------
Reporter: pospeselr | Owner: pospeselr
Type: defect | Status: assigned
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points: 12
Parent ID: | Points:
Reviewer: | Sponsor: Sponsor58-must
--------------------------------------+--------------------------------
Comment (by pospeselr):
Ok, diffed vanilla esr68 vs beta75 prefs in firefox.js and greprefs.js and
here's the noteworthy new values:
browser.aboutwelcome.enabled
- this pref seems enable a one-time welcome screen that shows off
firefox features and importing bookmarks and stuff
browser.search.modernConfig
- seems like mozilla working on a new system for configuring search
engines, setting to false falls back to legacy
browser.search.separatePrivateDefault
- separete search engine config for private browsing mode, redundant
for us since we're always in private browsing mode
browser.ssb.enabled
- site-specific browser (1602117) to launch websites in a window
without browser UI
browser.tabs.remote.separatedMozillaDomains
- so this is a list of mozilla domains which are allowed to be loaded
in a priviledged process, probably empty this list
browser.urlbar.update1
- new style for urlbar that sort of 'hovers' over the background when
true
device.storage.enabled
- set to false to disable -> https://developer.mozilla.org/en-
US/docs/Archive/B2G_OS/API/Device_Storage_API
dom.push.enabled
- set to false to disable push notifications
dom.serviceWorkers.enabled
- set to false to disable service workers
extensions.experiments.enabled
- enable to access experimental web extension APIs (suspect we want
false) -> https://firefox-source-
docs.mozilla.org/toolkit/components/extensions/webextensions/basics.html
#webextensions-experiments
javascript.options.blinterp
- enable the new experimental baseline interpeter ->
https://hacks.mozilla.org/2019/08/the-baseline-interpreter-a-faster-js-
interpreter-in-firefox-70/
marionette.enabled
- enables the marionette remote access/testing thing, like Selenium ->
https://firefox-source-docs.mozilla.org/testing/marionette/Intro.html
media.autoplay.default
- 0 => allow all, 1 => block audio, 5 => block audio+video (suspect we
should disable all autoplay)
media.videocontrols.picture-in-picture.enabled
- enables the new picture-in-picture video viewer
network.dns.skipTRR-when-parental-control-enabled
- disable DoH when parental controls are enabled
network.http.http3.enabled
- enable http3 (seems http3 uses udp so I would guess we want to
disable this) -> https://techdows.com/2019/11/mozilla-adds-http3-support-
to-firefox-72-nightly.html
permissions.fullscreen.allowed
- when this is enabled permissions prompt will appear when ff is in
full screen, when not it drops out of fullscreen (to avoid chrome spoofing
we want this to be false)
privacy.purge_trackers.enabled
- purges cookies from tracking sites that have not been interacted
with (we don't use tracking protection and we're in private browsing mode
so this is not needed -> https://www.ghacks.net/2020/03/04/firefox-75
-will-purge-site-data-if-associated-with-tracking-cookies/
security.aboutcertificate.enabled
- enables the new cert viewer (if we enable this, we need to port over
our work adding in 'Onion Service' string to the security info of a page
#23247)
security.allow_eval_in_parent_process
security.allow_eval_with_system_principal
- these disable eval in certain contexts, ensure these are false ->
https://bugzilla.mozilla.org/show_bug.cgi?id=1582512
security.cert_pinning.hpkp.enabled
- used to disable HPKP (HTTP Public Key Pinning) when false, pretty
sure we want to keep it that way?
security.enterprise_roots.enabled
- lets firefox look to the OS for additional valid root CA issuers,
set to false -> https://support.mozilla.org/en-US/kb/how-disable-
enterprise-roots-preference
security.identityblock.show_extended_validation
- false in firefox, do we want to show the EV text?
security.insecure_connection_icon.enabled
- when true shows crossed out padlock on HTTP sites ->
https://www.askvg.com/firefox-tip-show-hide-insecure-connection-icon-in-
address-bar/
security.osclientcerts.autoload
- when true autoloads certs from OS cert store (I assume we want this
false) -> https://bugzilla.mozilla.org/show_bug.cgi?id=1592111
security.pki.crlite_mode
- when set to 2 this enables crlite, 0 disables, an offline cert
revocation store -> https://blog.mozilla.org/security/2020/01/09/crlite-
part-1-all-web-pki-revocations-compressed/
security.tls.version.enable-deprecated
- we probably want this to be false to disable old TLS
signon.generation.enabled
- enables generation AND storage of passwords, presumably violates
disk avoidance ->
https://wiki.mozilla.org/Toolkit:Password_Manager/Password_Generation
trailhead.firstrun.branches
- seems like a thing for ff devs to enable experiments, we want this
to be empty string
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33534#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list