ToDo: diffs FF114-FF115

[earthlng]

FF115 is scheduled for release July 4th

FF115 release notes
FF115 for developers
FF115 security advisories

---

123 diffs ( 49 new, 55 gone, 19 different )

• pref("browser.tabs.searchclipboardfor.middleclick", false); - 1418462 - 2eb1b3c
• pref("extensions.quarantinedDomains.enabled", true); - 1834825 - 0377c14
• FYI
  • pref("privacy.query_stripping.strip_on_share.enabled", false);

new in v115.0:

• FYI: for visibility
  • pref("browser.urlbar.addons.featureGate", false); / pref("browser.urlbar.suggest.addons", true);

removed, renamed or hidden in v115.0:

• 7001 pref("browser.cache.offline.enable", true); - 1677718

changed in v115.0:

• FYI
  • pref("browser.contentblocking.features.strict", "tp,tpPrivate,cookieBehavior5,cookieBehaviorPBM5,cm,fp,stp,emailTP,emailTPPrivate,lvl2,rp,rpTop,ocsp,qps,qpsPBM"); // prev: "tp,tpPrivate,cookieBehavior5,cookieBehaviorPBM5,cm,fp,stp,emailTP,emailTPPrivate,lvl2,lvl2PBM,rp,rpTop,ocsp,qps,qpsPBM"
    • diff lvl2PBM removed
  • pref("dom.indexedDB.privateBrowsing.enabled", true); // prev: false
    • this is nice: IDB can now be used in PB mode, which may help some logins. AFAIK it encrypts the storage to disk with a one-time session key (in memory), so other sessions cannot access it. And it cleans up on exit and on startup for ungraceful exits. Didn't re-read the tickets, going off memory.
    • next up: Service Workers

---

ignore

click me for details

==NEW

pref("browser.migrate.bookmarks-file.enabled", true);
pref("browser.migrate.chrome.payment_methods.enabled", true);
pref("browser.opaqueResponseBlocking.filterFetchResponse", 2);
pref("browser.opaqueResponseBlocking.mediaExceptionsStrategy", 1);
pref("browser.shell.defaultBrowserAgent.thanksURL", "https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/");
pref("browser.topsites.contile.sov.enabled", false);
pref("browser.translations.alwaysTranslateLanguages", "");
pref("browser.translations.chaos.errors", false);
pref("browser.translations.chaos.timeoutMS", 0);
pref("browser.translations.neverTranslateLanguages", "");
pref("browser.urlbar.addons.minKeywordLength", 0);
pref("devtools.debugger.hide-ignored-sources", false);
pref("devtools.debugger.threads-visible", true);
pref("devtools.f12_enabled", true);
pref("devtools.netmonitor.har.multiple-pages", false);
pref("extensions.quarantinedDomains.list", "");
pref("layout.css.nesting.enabled", false);
pref("layout.css.properties-and-values.enabled", false);
pref("layout.css.scroll-anchoring.reset-heuristic-during-animation", false);
pref("layout.css.stylo-parallelism-threshold", 32);
pref("layout.css.stylo-threads", -1);
pref("layout.css.stylo-work-unit-size", 16);
pref("media.aboutwebrtc.hist.closed_stats_to_retain", 8);
pref("media.aboutwebrtc.hist.enabled", false);
pref("media.aboutwebrtc.hist.poll_interval_ms", 250);
pref("media.aboutwebrtc.hist.prune_after_m", 2880);
pref("media.aboutwebrtc.hist.storage_window_s", 60);
pref("media.devices.enumerate.legacy.enabled", true);
pref("media.ffmpeg.allow-openh264", true);
pref("media.gmp.decoder.reorder_frames", true);
pref("media.videocontrols.picture-in-picture.respect-disablePictureInPicture", false);
pref("media.webrtc.platformencoder.sw_only", true);
pref("network.cors_preflight.authorization_covered_by_wildcard", true);
pref("network.jar.max_available_size", 268435456);
pref("network.modulepreload", true);
pref("network.wifi.scanning_period", 60000);
pref("places.frecency.pages.alternative.featureGate", false);
pref("places.frecency.pages.alternative.halfLifeDays", 30);
pref("places.frecency.pages.alternative.highWeight", 100);
pref("places.frecency.pages.alternative.lowWeight", 20);
pref("places.frecency.pages.alternative.mediumWeight", 50);
pref("places.frecency.pages.alternative.numSampledVisits", 10);
pref("signon.firefoxRelay.privacy_policy_url", "https://www.mozilla.org/%LOCALE%/privacy/subscription-services/");
pref("signon.firefoxRelay.terms_of_service_url", "https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/");

==REMOVED, RENAMED or HIDDEN

pref("accessibility.cache.enabled", true);
pref("browser.bookmarks.editDialog.delayedApply.enabled", true);
pref("browser.display.force_inline_alttext", false);
pref("browser.download.improvements_to_download_panel", true);
pref("devtools.debugger.auto-black-box", true);
pref("devtools.debugger.component-visible", false);
pref("devtools.debugger.features.async-stepping", false);
pref("devtools.debugger.features.blackbox-lines", false);
pref("devtools.debugger.features.chrome-scopes", false);
pref("devtools.debugger.features.code-coverage", false);
pref("devtools.debugger.features.column-breakpoints", true);
pref("devtools.debugger.features.dom-mutation-breakpoints", true);
pref("devtools.debugger.features.event-listeners-breakpoints", true);
pref("devtools.debugger.features.frame-step", true);
pref("devtools.debugger.features.overlay", true);
pref("devtools.debugger.features.remove-command-bar-options", false);
pref("devtools.debugger.features.root", true);
pref("devtools.debugger.features.shortcuts", true);
pref("devtools.debugger.features.workers", true);
pref("devtools.debugger.features.xhr-breakpoints", true);
pref("devtools.debugger.pretty-print-enabled", true);
pref("devtools.debugger.ui.panes-instruments-width", 300);
pref("devtools.debugger.ui.panes-visible-on-startup", false);
pref("devtools.debugger.ui.panes-workers-and-sources-width", 200);
pref("devtools.debugger.ui.variables-only-enum-visible", false);
pref("devtools.debugger.ui.variables-searchbox-visible", false);
pref("devtools.debugger.ui.variables-sorting-enabled", true);
pref("devtools.debugger.workers", false);
pref("devtools.debugger.workers-visible", false);
pref("devtools.experiment.f12.shortcut_disabled", false);
pref("font.size.systemFontScale", 100);
pref("general.utility-process.startup_timeout_ms", 5000);
pref("gfx.webrender.dcomp-apply-1704954", true);
pref("intl.ime.hack.on_any_apps.fire_key_events_for_composition", false);
pref("intl.ime.hack.on_ime_unaware_apps.fire_key_events_for_composition", false);
pref("layout.css.always-repaint-on-unvisited", true);
pref("layout.css.named-pages.enabled", true);
pref("layout.css.notify-of-unvisited", true);
pref("media.webrtc.platformencoder.sw_mft", false);
pref("media.wmf.media-engine.drm-playback", false);
pref("network.trr.odoh.configs_uri", "");
pref("network.trr.odoh.enabled", false);
pref("network.trr.odoh.min_ttl", 60);
pref("network.trr.odoh.proxy_uri", "");
pref("network.trr.odoh.target_host", "");
pref("network.trr.odoh.target_path", "");
pref("plugin.state.flash", 1);
pref("plugins.favorfallback.mode", "follow-ctp");
pref("plugins.favorfallback.rules", "nosrc,video");
pref("plugins.http_https_only", true);
pref("services.sync.prefs.sync.browser.offline-apps.notify", true);
pref("toolkit.osfile.log", false);
pref("widget.content.allow-gtk-dark-theme", false);
pref("widget.gtk.non-native-menu-styling", true);

==CHANGED

pref("browser.migrate.content-modal.about-welcome-behavior", "legacy"); // prev: "default"
pref("browser.migrate.content-modal.enabled", true); // prev: false
pref("browser.migrate.content-modal.import-all.enabled", true); // prev: false
pref("browser.newtabpage.activity-stream.discoverystream.onboardingExperience.enabled", false); // prev: true
pref("browser.startup.homepage.abouthome_cache.enabled", true); // prev: false
pref("dom.media.mozPreservesPitch.enabled", false); // prev: true
pref("editor.join_split_direction.compatible_with_the_other_browsers", true); // prev: false
pref("extensions.browser_style_mv3.same_as_mv2", false); // prev: true
pref("javascript.options.experimental.enable_array_from_async", true); // prev: false
pref("javascript.options.experimental.enable_change_array_by_copy", true); // prev: false
pref("layout.css.animation-composition.enabled", true); // prev: false
pref("layout.css.import-supports.enabled", true); // prev: false
pref("media.gmp.decoder.enabled", true); // prev: false
pref("media.wmf.media-engine.enabled", 0); // prev: false
pref("network.early-hints.preconnect.max_connections", 10); // prev: 0
pref("network.http.http2.send-buffer-size", 0); // prev: 131072
pref("signon.signupDetection.enabled", true); // prev: false

[earthlng]

some bugzilla tickets

• accessibility.cache.enabled
  Bug 1821955 part 6: Remove the CtW pref.

• browser.bookmarks.editDialog.delayedApply.enabled
  Bug 1820979 - Remove instant apply bookmarks panels code
  Bug 1820978 - Enable delayed bookmarks panels in Firefox 113
  Bug 1812083 - Enable delayed apply bookmarks in Firefox Nightly

• browser.cache.offline.enable
  Bug 1677718 - Completely remove AppCache API implementation
  Bug 1677718 - Disable the AppCache API on release

• browser.contentblocking.features.strict
  Bug 1826340 - Removed level2 PBM from ETP strict as it is now set as true by default pref from ETP strict.
  Bug 1818292 - Add email tracking protection to ETP strict.
  Bug 1808212 - Part 3: Adding the content blocking pref setting for the level2 list pref in private windows.

• browser.display.force_inline_alttext
  Bug 1831850 - Remove force_inline_alttext pref.
  Bug 1817360 - Clean-up image icon loading code.

• browser.download.improvements_to_download_panel
  Bug 1822864 - Remove browser.download.improvements_to_download_panel pref

• browser.migrate.bookmarks-file.enabled
  Bug 1833427 - Add bookmark import from HTML file in new migration wizard.

• browser.migrate.chrome.payment_methods.enabled
  Bug 1835116 - Make it possible to disable payment method import from Chrome via a pref.

• browser.migrate.content-modal.about-welcome-behavior
  Bug 1838507 - Default the about:welcome migration behaviour to the legacy XUL dialog.
  Bug 1825854 - Add a preference to control the behavior of the migration wizard when opened from about:welcome.

• browser.migrate.content-modal.enabled
  Bug 1837009 - Enable variant 2 of the new migration wizard to ride out by default.
  Bug 1821744 - Enable the new migration wizard by default on Nightly.
  Bug 1795334 - Add a pref that opens the existing migration.xhtml document in a tab dialog box modal.

• browser.migrate.content-modal.import-all.enabled
  Bug 1837009 - Enable variant 2 of the new migration wizard to ride out by default.
  Bug 1803446 Implement 'variant 2' version of the main selector page for the migration wizard.

• browser.newtabpage.activity-stream.discoverystream.onboardingExperience.enabled
  Bug 1832165 - Pocket newtab international expansion turn off onboarding dialog
  Bug 1830913 - Pocket new tab turn on new regions.
  Bug 1812690 - Pocket newtab enabling onboarding experience for new users seeing the Pocket section for the first time.

• browser.opaqueResponseBlocking.filterFetchResponse
  Bug 1730960 - Detect ambiguous preprocessor.py commands
  Bug 1823877 - Part 1: Filter opaque results from fetch() in the parent for ORB.

• browser.opaqueResponseBlocking.mediaExceptionsStrategy
  Bug 1838208 - Part 1: Add pref to allow choosing exception strategy.

• browser.shell.defaultBrowserAgent.thanksURL
  Bug 1835352 - Part 3: Record telemetry event when Firefox is launched from WDBA.

• browser.startup.homepage.abouthome_cache.enabled
  Bug 1824799 - Let the about:home startup cache ride out to release.

• browser.tabs.searchclipboardfor.middleclick
  Bug 1418462 - Middleclick on new tab button launch clipboard

• browser.topsites.contile.sov.enabled
  Bug 1834795 - Implement Share-of-Voice for sponsored tiles

• browser.translations.alwaysTranslateLanguages
  Bug 1829691 - Add Translations settings panel to about:preferences

• browser.translations.chaos.errors
  Bug 1820247 - Add a chaos mode to translations;

• browser.translations.chaos.timeoutMS
  Bug 1820247 - Add a chaos mode to translations;

• browser.translations.neverTranslateLanguages
  Bug 1829691 - Add Translations settings panel to about:preferences

• browser.urlbar.addons.featureGate
  Bug 1832474: Implement addon suggestions result menu

• browser.urlbar.addons.minKeywordLength
  Bug 1832474: Implement addon suggestions result menu

• browser.urlbar.suggest.addons
  Bug 1833553: Add browser.urlbar.suggest.addons pref

• devtools.debugger.hide-ignored-sources
  Bug 1824703 - [devtools] Add context menu item to hide / show ignored files

• devtools.experiment.f12.shortcut_disabled
  Bug 1704521 - [devtools] Remove F12 experiment preference

• devtools.f12_enabled
  Bug 1704521 - [devtools] Add a preference to disable the F12 shortcut

• devtools.netmonitor.har.multiple-pages
  Bug 1248454 - [devtools] Handle multiple navigations in devtools har builder

• dom.indexedDB.privateBrowsing.enabled
  Bug 1831058 - Enable IndexedDB in Private Browsing Mode by default on Nightly;

• dom.media.mozPreservesPitch.enabled
  Bug 1831205 - Disable mozPreservesPitch by default.

• editor.join_split_direction.compatible_with_the_other_browsers
  Bug 1735608 - Ship the new (compatible) join/split node direction in all channels
  Bug 1792387 - part 1: Make HTMLEditor join/split node direction switchable by a pref

• extensions.browser_style_mv3.same_as_mv2
  Bug 1830710 - Default browser_style to false in MV3
  Bug 1827910 - Show deprecation warnings for browser_style in MV3

• extensions.quarantinedDomains.enabled
  Bug 1834825 - Implement Quarantined Domains list,

• extensions.quarantinedDomains.list
  Bug 1834825 - Implement Quarantined Domains list,

• font.size.systemFontScale
  Bug 1831136 - Plumb android text scale via nsLookAndFeel.

• general.utility-process.startup_timeout_ms
  Bug 1829108 - Remove Utility specific launch timeout and rely on IPC timeouts

• gfx.webrender.dcomp-apply-1704954
  Bug 1834612 - [1/1] Restrict DComp-disabling mitigation to Windows 10

• intl.ime.hack.on_any_apps.fire_key_events_for_composition
  Bug 1832726 - part 1: Make Android widget always dispatch keyboard events during composition

• intl.ime.hack.on_ime_unaware_apps.fire_key_events_for_composition
  Bug 1832726 - part 1: Make Android widget always dispatch keyboard events during composition

• javascript.options.experimental.enable_array_from_async
  Bug 1795816 - Ship Array.fromAsync

• javascript.options.experimental.enable_change_array_by_copy
  Bug 1795816 - Ship Array.fromAsync
  Bug 1811057 - Ship Change Array by Copy Feature

• layout.css.always-repaint-on-unvisited
  Bug 1834133 part 1: Remove about:config prefs layout.css.notify-of-unvisited and layout.css.always-repaint-on-unvisited.

• layout.css.animation-composition.enabled
  Bug 1823862 - Ship animation-composition.

• layout.css.import-supports.enabled
  Bug 1830779 - Enable @import supports conditions by default
  Bug 1427715 - Implement supports() syntax for @import rules

• layout.css.named-pages.enabled
  Bug 1828020 - Remove the layout.css.named-pages.enabled pref

• layout.css.nesting.enabled
  Bug 1835066 - [css-nesting] Enable on nightly.
  Bug 1833536 - [css-nesting] Do a first pass at parsing nested rules mixed with declarations.

• layout.css.notify-of-unvisited
  Bug 1834133 part 1: Remove about:config prefs layout.css.notify-of-unvisited and layout.css.always-repaint-on-unvisited.

• layout.css.properties-and-values.enabled
  Bug 1833540 - [css-properties-values-api] Implement parsing and serialization for @Property at-rule

• layout.css.scroll-anchoring.reset-heuristic-during-animation
  Bug 1833758 - Add a pref not to reset max consecutive adjustment count during running APZ async scroll.

• layout.css.stylo-parallelism-threshold
  Bug 1835280 - Double stylo parallelism threshold.
  Bug 1834145 - Make style parallel traversal more tunable at runtime.

• layout.css.stylo-threads
  Bug 1834144 - Make stylo thread pool size configurable via pref rather than just env.

• layout.css.stylo-work-unit-size
  Bug 1834145 - Make style parallel traversal more tunable at runtime.

• media.aboutwebrtc.hist.closed_stats_to_retain
  Bug 1830790 - P2 - webrtc stats history prefs;r=bwc

• media.aboutwebrtc.hist.enabled
  Bug 1836417 - pref on aboutwebrtc hist for linux;r=bwc
  Bug 1830790 - P2 - webrtc stats history prefs;r=bwc

• media.aboutwebrtc.hist.poll_interval_ms
  Bug 1830790 - P2 - webrtc stats history prefs;r=bwc

• media.aboutwebrtc.hist.prune_after_m
  Bug 1830790 - P2 - webrtc stats history prefs;r=bwc

• media.aboutwebrtc.hist.storage_window_s
  Bug 1830790 - P2 - webrtc stats history prefs;r=bwc

• media.devices.enumerate.legacy.enabled
  Bug 1528042 - Add media.devices.enumerate.legacy.enabled pref.

• media.ffmpeg.allow-openh264
  Bug 1755361 - Don't accept OpenH264 as h264 decoder from ffmpeg by default.

• media.gmp.decoder.enabled
  Bug 1839617 - Allow GMP video decoder in release.
  Bug 1832568 - Enable GMP video decoder on nightly only.

• media.gmp.decoder.reorder_frames
  Bug 1831342 - Add pref to control whether the reorder queue is used with GMP plugins.

• media.videocontrols.picture-in-picture.respect-disablePictureInPicture
  Bug 1811321 - Create PiP panel for disablePiP.

• media.webrtc.platformencoder.sw_mft
  Bug 1818567 - enable software platform encoder for WebRTC.

• media.webrtc.platformencoder.sw_only
  Bug 1818567 - enable software platform encoder for WebRTC.

• media.wmf.media-engine.drm-playback
  Bug 1833266 - part2 : remove the pref 'media.wmf.media-engine.drm-playback'.

• network.cors_preflight.authorization_covered_by_wildcard
  Bug 1687364 - Authorization header can't be wildcarded for Access-Control-Allow-Headers,

• network.early-hints.preconnect.max_connections
  Bug 1836255 - Set network.early-hints.preconnect.max_connections to 10 also in non-nightly channels

• network.http.http2.send-buffer-size
  Bug 1596576 - No longer force tcp send buffer size on HTTP/2 uploads > 128KB

• network.jar.max_available_size
  Bug 1812038 - Avoid OOM with corrupt JAR archive

• network.modulepreload
  Bug 1425310 - Implement modulepreload for link rel.

• network.trr.odoh.configs_uri
  Bug 1835805 - Remove odoh code

• network.trr.odoh.enabled
  Bug 1835805 - Remove odoh code

• network.trr.odoh.min_ttl
  Bug 1835805 - Remove odoh code

• network.trr.odoh.proxy_uri
  Bug 1835805 - Remove odoh code

• network.trr.odoh.target_host
  Bug 1835805 - Remove odoh code

• network.trr.odoh.target_path
  Bug 1835805 - Remove odoh code

• network.wifi.scanning_period
  Bug 1810421: Only scan wifi when the network changes or when on mobile

• places.frecency.pages.alternative.featureGate
  Bug 1832082 - Introduce alternative frecency for pages.

• places.frecency.pages.alternative.halfLifeDays
  Bug 1832082 - Introduce alternative frecency for pages.

• places.frecency.pages.alternative.highWeight
  Bug 1832082 - Introduce alternative frecency for pages.

• places.frecency.pages.alternative.lowWeight
  Bug 1832082 - Introduce alternative frecency for pages.

• places.frecency.pages.alternative.mediumWeight
  Bug 1832082 - Introduce alternative frecency for pages.

• places.frecency.pages.alternative.numSampledVisits
  Bug 1832082 - Introduce alternative frecency for pages.

• plugin.state.flash
  Bug 1833189 - Remove plugin.state.flash pref

• plugins.favorfallback.mode
  Bug 1833054 - Remove unused plugins.favorfallback.* prefs

• plugins.favorfallback.rules
  Bug 1833054 - Remove unused plugins.favorfallback.* prefs

• plugins.http_https_only
  Bug 1835440 - Remove unused plugins.http_https_only pref

• privacy.query_stripping.strip_on_share.enabled
  Bug 1825584 - Integrate clean copy into QueryStringStripper.

• services.sync.prefs.sync.browser.offline-apps.notify
  Bug 1773098 - Remove unused browser.offline-apps.notify pref

• signon.firefoxRelay.privacy_policy_url
  Bug 1823952 - Update the Relay integration UI

• signon.firefoxRelay.terms_of_service_url
  Bug 1823952 - Update the Relay integration UI

• signon.signupDetection.enabled
  Bug 1828679 - Set the preference signon.signupDetection.enabled to true to enable SignUpFormRuleset for all channels
  Bug 1828678 - Set signon.signupDetection.enabled to true in Nightly
  Bug 1815446 - Integrating SignUpScenarioRuleset
  Bug 1819213 - Firefox Relay Integration: Change the learn more link to a sumo link

• toolkit.osfile.log
  Bug 1776480 - Remove OS.File et al.

• widget.content.allow-gtk-dark-theme
  Bug 1804657 - Remove dead code related to having native theme in content on Linux.

• widget.gtk.non-native-menu-styling
  Bug 1831841 - Remove dead GTK menu styling code.
  Bug 1828413 - Use more non-native rendering of menus.

[Thorin-Oakenpants]

any linux users want to comment on browser.tabs.searchclipboardfor.middleclick - 1418462

I know default is currently false, but I'm happy to add it now so I don't have to chase it up later

/* 2612: disable middle click on new tab button opening URLs or searches using clipboard [FF115+] [LINUX]
 * When true, on Linux, middle clicks on the new tab button will open the xclipboard contents in a new tab. If the
 * xclipboard content is an URL, that URL is opened, and any other text is opened with your default search provider. */
user_pref("browser.tabs.searchclipboardfor.middleclick", false); // [DEFAULT: false]

cc @rusty-snake

[rusty-snake]

It's default true for Linux:

// Does middleclick paste of clipboard to new tab button
#ifdef UNIX_BUT_NOT_MAC
pref("browser.tabs.searchclipboardfor.middleclick", true);
#else
pref("browser.tabs.searchclipboardfor.middleclick", false);
#endif

https://searchfox.org/mozilla-central/source/browser/app/profile/firefox.js#865

It relates to middlemouse.contentLoadURL and keyword.enabled.
If keyword.enabled=false it will always interpret it as an url.
IMHO the win is rather low. Maybe OPTIONAL OPSEC? Can you accidental middleclick the newtab button?

[xe-3]

I'm not 100% sure what sort of comment you are requesting, but what I can tell you after 5 minutes of playing around with this is:

• browser.tabs.searchclipboardfor.middleclick is set to true by default in my case.
• When I 'middle click' new tab:
  • If a URL is in my clipboard the new tab will load that URL
  • If a word or phrase is in my clipboard, loads search results with the default search provider

For reference, my setup is Firefox 115 (with AF) on Fedora Workstation 38

[Thorin-Oakenpants]

Can you accidental middleclick the newtab button?

I know what you're getting at, so I'm going to flip this on it's head. The new tab button is specifically designed to be CLICKED .. it's a click magnet ... with multiple results - e.g. right click = containers menu, left click = newtab, and now middle-click (on linux). So it's VERY likely to be magnitudes of order greater as an accidental wrong click-type vs say, some page content. So to answer your question ... YES :)

If keyword.enabled=false it will always interpret it as an url

We do set that (but I'm sure lots of people override that, trusting their search engine) in which case they trust their search engine - so in the case of a non-URL, this would only be fallback, or yet another pref to flip (assuming they want to use the middle click new behavior)

So the question then becomes about not leaking URLs from clipboard. More to follow

[Thorin-Oakenpants]

https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40783#note_2854455

middlemouse.contentLoadURL: #10089 (closed), it's false by default since Firefox 57

@rusty-snake is it really default false in Linux - if so we can remove it from the user.js

[rusty-snake]

is it really default false in Linux

Yes.

[Thorin-Oakenpants]

if so we can remove it from the user.js

actually, not sure when the default changed on linux, except pierov said it was in ESR102, so ... yup, we can remove it

[Thorin-Oakenpants]

FYI - https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41884

[mik0l]

https://bugzilla.mozilla.org/show_bug.cgi?id=1828939

// Handing URLs to external apps via the "Share URL" menu item could allow a proxy bypass
#ifdef MOZ_PROXY_BYPASS_PROTECTION
  pref("browser.menu.share_url.allow", false);
#endif

[Jee-Hex]

pref("extensions.quarantinedDomains.list", "");

AFAICT this is only true in a new 115 profile created offline. When I checked this string immediately after upgrading to 115, the actual value is autoatendimento.bb.com.br,ibpf.sicredi.com.br,ibpj.sicredi.com.br,internetbanking.caixa.gov.br,www.ib12.bradesco.com.br,www2.bancobrasil.com.br, so I'd guess they must have pushed something via RemoteSettings beforehand? It would also seem like that these sites were added to extensions.webextensions.restrictedDomains at one point.

The string will also repopulate itself after a restart (if you have emptied it manually) and FF will actually force itself to re-download RemoteSettings configs. If anyone wanted to disable it would probably be best to just use the .enabled pref instead.

[Thorin-Oakenpants]

^ yup, it's populated via remote services

[Thorin-Oakenpants]

@mik0l thanks

The WebShare API is only enabled on mobile (and windows if not stable release), it is behind the pref dom.webshare.enabled, so there is nothing for us to do here - edit, unless I'm missing something, also edit, have some links

dom.webshare.enabled

• https://developer.mozilla.org/en-US/docs/Web/API/Web_Share_API
• 1653481 [Meta] Implement and maintain WebShare API
• desktop: false except windows if @IS_EARLY_BETA_OR_EARLIER@ source
• mobile: true source
• navigator keys: share, canShare

[Thorin-Oakenpants]

#1689 (comment)

it's not just linux .. flip the pref to true and try it in windows :)

[ExceptionGit]

Please STOP force pref 0377c14 where mozilla decides where extensions should work - "mozilla remote access"

support.mozilla.org: We understand that installing add-ons is a user choice and, as with your security, we also take this matter very seriously. If you are aware of the associated risk and still wish to allow add-ons disallowed on a site by Mozilla

[fxbrit]

we already discussed this at length elsewhere and it was carefully considered, it is enforced to the default as the rest of the other security features in section 6000. just like any other pref you can set an override at your own risk.

[xe-3]

we already discussed this at length elsewhere and it was carefully considered, it is enforced to the default

Do you recall where this discussion took place? I didn't see it in the recent open or closed issues, but I may have overlooked it.