ToDo: diffs FF109-FF110

[earthlng]

FF110 is scheduled for release Feb. 14th

FF110 release notes
FF110 for developers
FF110 security advisories

---

88 diffs ( 40 new, 34 gone, 14 different )

changed in v110.0:

• FYI
  • pref("browser.contentblocking.features.strict", "tp,tpPrivate,cookieBehavior5,cookieBehaviorPBM5,cm,fp,stp,lvl2,lvl2PBM,rp,rpTop,ocsp,qps,qpsPBM");
    • // prev "tp,tpPrivate,cookieBehavior5,cookieBehaviorPBM5,cm,fp,stp,lvl2,rp,rpTop,ocsp,qps,qpsPBM"
    • diff: added lvl2PBM - 1763660, 1776760, 1778457, 1783496, 1808212 part3
  • pref("security.sandbox.gpu.level", 1); // prev: 0 - cool 🎉
• pref("network.cookie.sameSite.schemeful", false); // prev: true - see comment below

---

ignore

click me for details

==NEW

pref("browser.aboutwelcome.showModal", false);
pref("browser.opaqueResponseBlocking.javascriptValidator", false);
pref("browser.theme.colorway-migration", false);
pref("cookiebanners.listService.testSkipRemoteSettings", false);
pref("dom.events.dataTransfer.imageAsFile.enabled", false);
pref("dom.fs.writable_file_stream.enabled", false);
pref("dom.media.autoplay-policy-detection.enabled", false);
pref("dom.security.credentialmanagement.identity.reject_delay.duration_ms", 120000);
pref("dom.security.credentialmanagement.identity.reject_delay.enabled", true);
pref("dom.security.setHTML.enabled", false);
pref("editor.inline_style.range.compatible_with_the_other_browsers", true);
pref("gfx.canvas.accelerated.debug", false);
pref("gfx.canvas.accelerated.force-enabled", false);
pref("gfx.video.convert-i420-to-nv12.force-enabled", false);
pref("gfx.webrender.dcomp-video-sw-overlay-win", false);
pref("layout.css.floating-first-letter.tight-glyph-bounds", 1);
pref("layout.css.nth-child-of.enabled", false);
pref("layout.css.overflow-overlay.enabled", false);
pref("layout.css.scroll-driven-animations.enabled", false);
pref("media.getusermedia.camera.macavf.enabled", false);
pref("media.peerconnection.allow_old_setParameters", true);
pref("media.video-wakelock", true);
pref("media.webrtc.capture.allow-directx", false);
pref("media.webrtc.capture.allow-wgc", false);
pref("media.wmf.media-engine.raw-data-threshold.audio", 2000000);
pref("media.wmf.media-engine.raw-data-threshold.video", 500000);
pref("network.cors_preflight.block_userpass_uri", false);
pref("network.early-hints.parent-connect-timeout", 10000);
pref("network.early-hints.preconnect.enabled", false);
pref("network.http.http2.websockets", true); // prev: false
pref("network.http.useragent.forceRVOnly", 109);
pref("network.trr_ui.skip_reason_learn_more_url", "https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#");
pref("network.webtransport.datagram_size", 1200);
pref("network.webtransport.redirect.enabled", false);
pref("pdfjs.defaultZoomDelay", 400);
pref("privacy.annotate_channels.strict_list.pbmode.enabled", false);
pref("signon.firefoxRelay.base_url", "https://relay.firefox.com/api/v1/");
pref("signon.firefoxRelay.feature", "not available");
pref("signon.firefoxRelay.learn_more_url", "https://relay.firefox.com/");
pref("widget.gtk.grab-pointer", 2);
pref("widget.gtk.ignore-bogus-leave-notify", 2);

==REMOVED, RENAMED or HIDDEN

pref("browser.places.snapshots.expiration.days", 210);
pref("browser.places.snapshots.expiration.userManaged.days", 420);
pref("browser.places.snapshots.relevancy.timeOfDayIntervalSeconds", 3600);
pref("browser.places.snapshots.score.CurrentSession", 1);
pref("browser.places.snapshots.score.IsUserPersisted", 1);
pref("browser.places.snapshots.score.IsUserRemoved", -10);
pref("browser.places.snapshots.score.Visit", 1);
pref("browser.places.snapshots.source.CommonReferrer", 3);
pref("browser.places.snapshots.source.Overlapping", 3);
pref("browser.places.snapshots.source.TimeOfDay", 3);
pref("devtools.browserconsole.contentMessages", false);
pref("devtools.browsertoolbox.fission", true);
pref("dom.fs.main_thread_writable_file_stream", false);
pref("dom.security.sanitizer.rewrite_no_bounty", false);
pref("dom.streams.byte_streams.enabled", true);
pref("dom.streams.pipeTo.enabled", true);
pref("dom.streams.readable_stream_default_controller.enabled", true);
pref("dom.streams.readable_stream_default_reader.enabled", true);
pref("dom.streams.transferable.enabled", true);
pref("dom.streams.transform_streams.enabled", true);
pref("dom.streams.writable_streams.enabled", true);
pref("extensions.formautofill.creditCards.hideui", false);
pref("extensions.formautofill.creditCards.used", 0);
pref("html5.offmainthread", true);
pref("javascript.options.large_arraybuffers", true);
pref("layout.css.caption-side-non-standard.enabled", false);
pref("layout.css.grid-template-subgrid-value.enabled", true);
pref("layout.css.scroll-linked-animations.enabled", false);
pref("media.peerconnection.simulcast", true);
pref("media.webrtc.capture.allow-iosurface", true);
pref("network.cookie.move.interval_sec", 0);
pref("privacy.restrict3rdpartystorage.rollout.preferences.learnMoreURLSuffix", "total-cookie-protection");
pref("privacy.restrict3rdpartystorage.rollout.preferences.TCPToggleInStandard", false);
pref("webgl.force-layers-readback", false);

==CHANGED

pref("browser.migrate.opera-gx.enabled", true); // prev: false
pref("browser.migrate.opera.enabled", true); // prev: false
pref("browser.migrate.vivaldi.enabled", true); // prev: false
pref("content.sink.perf_parse_time", 30000); // prev: 360000
pref("dom.focus.fixup", true); // prev: false
pref("dom.sitepermsaddon-provider.separatedBlocklistedDomains", "shopee.co.th,alipay.com,miravia.es"); // prev: "shopee.co.th"
pref("layout.css.container-queries.enabled", true); // prev: false
pref("layout.css.named-pages.enabled", true); // prev: false
pref("toolkit.shutdown.lateWriteChecksStage", 2); // prev: 3
pref("webgl.out-of-process.async-present", true); // prev: false

[earthlng]

some bugzilla tickets

• browser.aboutwelcome.showModal
  Bug 1801224 - Invoke window modal for new users on first startup

• browser.contentblocking.features.strict
  Bug 1808212 - Part 3: Adding the content blocking pref setting for the level2 list pref in private windows.
  Bug 1783496 - Add cookieBehavior5,cookieBehaviorPBM5 back to strict ETP pref so dFPI item is shown in the strict category.
  Bug 1778457 - Enable query parameter stripping in Private Browsing Mode if ETP strict is enabled.
  Bug 1776760 - Enable dFPI by default for Beta and Release via cookieBehavior pref.
  Bug 1763660 - Add query parameter stripping pref to ETP strict.

• browser.migrate.opera.enabled
  Bug 1806711 - Enable Opera, Opera GX and Vivaldi migrators by default.
  Bug 1800923 Not able to import data from Opera/Vivaldi on first run migration.
  Bug 1284106 Make Possible import data from (new) Opera

• browser.migrate.opera-gx.enabled
  Bug 1806711 - Enable Opera, Opera GX and Vivaldi migrators by default.
  Bug 1800923 Not able to import data from Opera/Vivaldi on first run migration.
  Bug 1795462 - Importing data from OperaGX.

• browser.migrate.vivaldi.enabled
  Bug 1806711 - Enable Opera, Opera GX and Vivaldi migrators by default.
  Bug 1800923 Not able to import data from Opera/Vivaldi on first run migration.
  Bug 1795739 - Make it possible to import data from Vivaldi.

• browser.opaqueResponseBlocking.javascriptValidator
  Bug 1532644 - Implement the initial version of the Javascript Validator for ORB

• browser.places.snapshots.expiration.days
  Bug 1808915: Remove snapshots and session manager functionality.
  Bug 1763577 - MR2-426 - Implement initial snapshots expiration.

• browser.places.snapshots.expiration.userManaged.days
  Bug 1808915: Remove snapshots and session manager functionality.
  Bug 1763577 - MR2-426 - Implement initial snapshots expiration.

• browser.places.snapshots.relevancy.timeOfDayIntervalSeconds
  Bug 1808915: Remove snapshots and session manager functionality.
  Bug 1804223: Normalise snapshot pref names and allow enabling interaction logging without turning on snapshotting.

• browser.places.snapshots.score.CurrentSession
  Bug 1808915: Remove snapshots and session manager functionality.
  Bug 1804223: Normalise snapshot pref names and allow enabling interaction logging without turning on snapshotting.

• browser.places.snapshots.score.IsUserPersisted
  Bug 1808915: Remove snapshots and session manager functionality.
  Bug 1804223: Normalise snapshot pref names and allow enabling interaction logging without turning on snapshotting.

• browser.places.snapshots.score.IsUserRemoved
  Bug 1808915: Remove snapshots and session manager functionality.
  Bug 1804223: Normalise snapshot pref names and allow enabling interaction logging without turning on snapshotting.

• browser.places.snapshots.score.Visit
  Bug 1808915: Remove snapshots and session manager functionality.
  Bug 1804223: Normalise snapshot pref names and allow enabling interaction logging without turning on snapshotting.

• browser.places.snapshots.source.CommonReferrer
  Bug 1808915: Remove snapshots and session manager functionality.
  Bug 1804223: Normalise snapshot pref names and allow enabling interaction logging without turning on snapshotting.

• browser.places.snapshots.source.Overlapping
  Bug 1808915: Remove snapshots and session manager functionality.
  Bug 1804223: Normalise snapshot pref names and allow enabling interaction logging without turning on snapshotting.

• browser.places.snapshots.source.TimeOfDay
  Bug 1808915: Remove snapshots and session manager functionality.
  Bug 1804223: Normalise snapshot pref names and allow enabling interaction logging without turning on snapshotting.

• browser.theme.colorway-migration
  Bug 1806701 - Lock colorways migration behind a pref, disable by default on all channels.

• content.sink.perf_parse_time
  Bug 1808824 - decrease content.sink.perf_parse_time,

• cookiebanners.listService.testSkipRemoteSettings
  Bug 1804129 - Tests for nsICookieBannerService::hasRuleForBrowsingContextTree.

• devtools.browserconsole.contentMessages
  Bug 1806405 - [devtools] Remove code related to "show content message" toggle.

• devtools.browsertoolbox.fission
  Bug 1625939 - [devtools] Remove devtools.browsertoolbox.fission preference and remove old non-fission Browser Toolbox.
  Bug 1625937 - [devtools] Enable multiprocess browser toolbox on all channels.

• dom.events.dataTransfer.imageAsFile.enabled
  Bug 1812611 - Disable image dragging as files by default again.

• dom.focus.fixup
  Bug 1810077 - Let the focus fixup rule ride the trains.

• dom.fs.main_thread_writable_file_stream
  Bug 1802279 - Extend preference to disable WritableFileStream in all contexts.
  Bug 1798459 - Disable WritableFileStream on the main thread;

• dom.fs.writable_file_stream.enabled
  Bug 1802279 - Extend preference to disable WritableFileStream in all contexts.

• dom.media.autoplay-policy-detection.enabled
  Bug 1773551 - part2 : implement the navigator autoplay policy API.

• dom.security.credentialmanagement.identity.reject_delay.duration_ms
  Bug 1803245 - Add Timeout nsiTimer onto the Document to track active IdentityCredential requests,

• dom.security.credentialmanagement.identity.reject_delay.enabled
  Bug 1803245 - Add Timeout nsiTimer onto the Document to track active IdentityCredential requests,

• dom.security.sanitizer.rewrite_no_bounty
  Bug 1806447 - Always use the new Sanitizer implementation instead of the old nsTreeSanitizer code.

• dom.security.setHTML.enabled
  Bug 1805632 - Add a new pref just for Element.setHTML without enabling the Sanitizer interface.

• dom.sitepermsaddon-provider.separatedBlocklistedDomains
  Bug 1812195 — Add alipay.com and miravia.es to the site permission blocklist.
  Bug 1795927 - Add SitePermsAddon blocklist.

• dom.streams.byte_streams.enabled
  Bug 1807845 - Remove the dom.streams prefs

• dom.streams.pipeTo.enabled
  Bug 1807845 - Remove the dom.streams prefs

• dom.streams.readable_stream_default_controller.enabled
  Bug 1807845 - Remove the dom.streams prefs

• dom.streams.readable_stream_default_reader.enabled
  Bug 1807845 - Remove the dom.streams prefs

• dom.streams.transferable.enabled
  Bug 1807845 - Remove the dom.streams prefs

• dom.streams.transform_streams.enabled
  Bug 1807845 - Remove the dom.streams prefs

• dom.streams.writable_streams.enabled
  Bug 1807845 - Remove the dom.streams prefs

• editor.inline_style.range.compatible_with_the_other_browsers
  Bug 1792386 - part 1: Make HTMLEditor::SetInlinePropertiesAsSubAction extend and/or shrink range smarter

• extensions.formautofill.creditCards.hideui
  Bug 1805838 - Remove 'extensions.formautofill.creditCards.hideui' preference

• extensions.formautofill.creditCards.used
  Bug 1808303 - Remove the pref to determine whether a user has ever used credit card autofill

• gfx.canvas.accelerated.debug
  Bug 1806392 - Add a debug indicator for Accelerated Canvas2D.

• gfx.canvas.accelerated.force-enabled
  Bug 1806058 - Add blocklist for Accelerated Canvas2D.

• gfx.video.convert-i420-to-nv12.force-enabled
  Bug 1753373 - Upload software decoded video to NV12 for video overlay on Windows

• gfx.webrender.dcomp-video-sw-overlay-win
  Bug 1807515 - Enable video overlay of software decoded video until early beta on Windows
  Bug 1753373 - Upload software decoded video to NV12 for video overlay on Windows

• html5.offmainthread
  Bug 1801862 - Remove the pref to run the HTML parser on the main thread.

• javascript.options.large_arraybuffers
  Bug 1703508 part 1 - Remove pref for large ArrayBuffers.

• layout.css.caption-side-non-standard.enabled
  Bug 1807963 - Remove non-standard values of caption-side for good.

• layout.css.container-queries.enabled
  Bug 1809720 - Let container queries ride the trains.
  Bug 1801123 - Enable container queries on nightly.

• layout.css.floating-first-letter.tight-glyph-bounds
  Bug 290125 - Create a pref to treat floated ::first-letter more like webkit/blink, not tightly wrapping the glyph extents.

• layout.css.grid-template-subgrid-value.enabled
  Bug 1804980: Remove the about:config pref for subgrid, layout.css.grid-template-subgrid-value.enabled, since it's been default-enabled for years.

• layout.css.named-pages.enabled
  Bug 1802239 - Enable CSS named pages on all channels
  Bug 1787947 - pref on CSS named pages in Nightly

• layout.css.nth-child-of.enabled
  Bug 1808227 - Implement parsing and serialization for nth-child(An+B of selector list) and :nth-last-child(An+B of selector list)

• layout.css.overflow-overlay.enabled
  Bug 1521631 - Implement overflow: overlay as an alias on auto, and enable on Nightly.

• layout.css.scroll-driven-animations.enabled
  Bug 1807685 - Rename scroll-linked (animations) to scroll-driven (excluding WPT tests).

• layout.css.scroll-linked-animations.enabled
  Bug 1807685 - Rename scroll-linked (animations) to scroll-driven (excluding WPT tests).

• media.getusermedia.camera.macavf.enabled
  Bug 1806605 - Enable new mac camera backend on nightly and early beta.
  Bug 1806521 - Disable new mac camera backend.
  Bug 1451394 - Enable new Mac camera backend in Nightly and early Beta.
  Bug 1451394 - Integrate with the libwebrtc camera backend for Mac.

• media.peerconnection.allow_old_setParameters
  Bug 1401592: Add a config option to imitate the old setParameters behavior.

• media.peerconnection.simulcast
  Bug 1401592: Remove the media.peerconnection.simulcast pref.

• media.video-wakelock
  Bug 1804770 - add a pref to control video wakelock.

• media.webrtc.capture.allow-directx
  Bug 1808667 - Configure windows desktop capture settings.

• media.webrtc.capture.allow-iosurface
  Bug 1808667 - Only set the media.webrtc.capture.allow-iosurface pref on mac.

• media.webrtc.capture.allow-wgc
  Bug 1808667 - Configure windows desktop capture settings.

• media.wmf.media-engine.raw-data-threshold.audio
  Bug 1807108 - use prefs to control the raw data threshold for engine streams.

• media.wmf.media-engine.raw-data-threshold.video
  Bug 1807108 - use prefs to control the raw data threshold for engine streams.

• network.cookie.move.interval_sec
  Bug 1808206 - Remove code that moves cookies around in memory
  Bug 1737080 - Disable moving cookies to save power

• network.cookie.sameSite.schemeful
  Bug 1800273 - Disable network.cookie.sameSite.schemeful,

• network.cors_preflight.block_userpass_uri
  Bug 1738251 - CORS requests to URL with userpassword should only fail for redirects

• network.early-hints.parent-connect-timeout
  Bug 1804034 - Early Hints: Remove EarlyHintPreloader from EarlyHintRegistrar with timer when connect back doesn't happen

• network.early-hints.preconnect.enabled
  Bug 1740692 - Establish a speculative connection when receiving rel=preconnect in 103 response,

• network.http.http2.websockets
  Bug 1774572 - Enable websocket over http2,

• network.http.useragent.forceRVOnly
  Bug 1806675 - fixate rv portion of UA string to 109.0 on android, too,
  Bug 1805967 - keep android the same because the issue doesn't occur there and its tests are unhappy. CLOSED TREE
  Bug 1805967 - cap rv: bits in User Agent string to 109 because some sites detect IE11 based on rv:11*,

• network.trr_ui.skip_reason_learn_more_url
  Bug 1596845 - Make custom about:neterror page for TRR mode3 DNS failures

• network.webtransport.datagram_size
  Bug 1791834 - Implement WebTransport Datagram,

• network.webtransport.redirect.enabled
  Bug 1792678 - add webtransport redirect preference.

• privacy.annotate_channels.strict_list.pbmode.enabled
  Bug 1808212 - Part 1: Add a pref for controlling ETP level 2 list in the private browsing mode.

• privacy.restrict3rdpartystorage.rollout.preferences.learnMoreURLSuffix
  Bug 1797513 - TCP rollout clean up TCP-in-standard checkbox.
  Bug 1774739 - Update ETP preferences section for TCP in standard mode.

• privacy.restrict3rdpartystorage.rollout.preferences.TCPToggleInStandard
  Bug 1797513 - TCP rollout clean up TCP-in-standard checkbox.

• security.sandbox.gpu.level
  Bug 1809519 - Enable the GPU sandbox in Release
  Bug 1803135 - Enable the GPU sandbox in Early Beta
  Bug 1347710 - Re-enable GPU sandbox on Windows Nightly
  Bug 1347710 - Change sandbox.gpu to a static pref

• signon.firefoxRelay.base_url
  Bug 1751763 - Firefox Relay integration

• signon.firefoxRelay.feature
  Bug 1751763 - Firefox Relay integration

• signon.firefoxRelay.learn_more_url
  Bug 1751763 - Firefox Relay integration

• toolkit.shutdown.lateWriteChecksStage
  Bug 1768581 - Part 3 Swap the order of MaybeFastShutdown and KillClearOnShutdown inside AdvanceShutdownPhase and add extra NS_ProcessPendingEvents for the main thread.
  Bug 1768581 - Part 12: Swap the order of MaybeFastShutdown and KillClearOnShutdown inside AdvanceShutdownPhase and add extra NS_ProcessPendingEvents for the main thread.

• webgl.force-layers-readback
  Bug 1809768 - Remove pref webgl.force-layers-readback

• webgl.out-of-process.async-present
  Bug 1800178 - Enable RemoteTexture on WebGL with sync present on android nightly
  Bug 1800032 - Enable RemoteTexture on WebGL with sync present until release

• widget.gtk.grab-pointer
  Bug 1807482 - Re-introduce a reduced version of mouse grabs for desktop environments that need it.
  Bug 1807482 - Re-introduce a reduced version of mouse grabs.

• widget.gtk.ignore-bogus-leave-notify
  Bug 1805939 - Ignore bogus leave-notify events on known-broken environments.

[Thorin-Oakenpants]

thanks E .. have some 🥮

[Thorin-Oakenpants]

I wonder if we should enforce network.cookie.sameSite.schemeful - see https://bugzilla.mozilla.org/show_bug.cgi?id=1800273#c7

without digging too far back, this was enabled FF104 1750972, now disabled. That's half a year. Clearly not a massive breakage, and they are flipping back out of an abundance of precaution.

@fxbrit what say you fishy 🎣 ? we're using HoM so scheme must be the same (that's what the "only" part means - no insecure fallbacks even for subresources), so I guess really it doesn't make a difference - perhaps we should just ignore it and let Mozilla eventually flip it again in future ?

[fxbrit]

that's what the "only" part means - no insecure fallbacks even for subresources

for clarity, do you mean that only Secure cookies are allowed? asking because I really don't know this.

my understanding of the bugzilla is that the HTTP page is setting a Strict cookie that it then expects to use after the redirect to HTTPS, but since SameSite is schemeful on that FF version it doesn't work. I think it would make sense to trigger the schemeful implementation unless we expect users to set a lot of exceptions to HoM: basically cookies would be set with the right scheme because the redirect is internal so it happens before the cookies are even set.

also cool stuff lulz --> https://bugzilla.mozilla.org/show_bug.cgi?id=1812195#c0

[Thorin-Oakenpants]

my understanding is (and PB mode is HTTPS-First, not HoM) that we never connect to HTTP because we always try HTTPS first and with AF's settings we never even test if an insecure version exists and timeout to the interstitial. For HoM, schemeful doesn't even apply since everything will be HTTPS, same scheme, as per the "only" part - cogito ergo sum, right? amiright?

so, as per my linked bugzilla comment, this does not affect us - it only affects some sites with HoM exceptions (took 6 months for someone to complain about it and get it flipped) - so we could either set that pref, or ignore it and one day moz will flip it back on (maybe they never do) - I do not expect our users to be using insecure sites, and I'd rather not have the maintenance burden - but if you think we should add it, then confirm - otherwise I'm happy to close this and move on

[rusty-snake]

• pref("security.sandbox.gpu.level", 1); // prev: 0 - cool tada

FWIW: Windows only

[fxbrit]

I do not expect our users to be using insecure sites

then let's leave it alone, we're not chasing standard's compliance. I think eventually Mozilla will flip it because they want to adhere to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite (as they should).