ToDo: diffs FF57-FF58

[earthlng]

v57.0 and v58.0 - 130 diffs ( 63 new, 42 gone, 25 different )

FF58 is scheduled for release 2018-01-23

new in v58.0:

• reminder: when we do a 57 final, redo scratchpad clearing prefs
• pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); 1424373 - 0da73d6
• safebrowsing - 1351147 - 5005376
  • pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);
  • pref("browser.safebrowsing.provider.google4.dataSharingURL", "https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_API_KEY%&$httpMethod=POST");
• pref("network.cookie.thirdparty.nonsecureSessionOnly", false); 1160368 - 91c8da5
• permissions.default.* - 1379560 & 380637
  • pref("permissions.default.camera", 0); - ea6e9be
  • pref("permissions.default.desktop-notification", 0); - 2969ab5
  • pref("permissions.default.geo", 0); - a4eaf94
  • pref("permissions.default.microphone", 0); - ea6e9be
  • pref("permissions.default.shortcuts", 0); - 3405bae
• RFP timing prefs (for internal testing) left up here for reference 1424341
  • pref("privacy.reduceTimerPrecision", false);
  • pref("privacy.resistFingerprinting.reduceTimerPrecision.microseconds", 20);

removed, renamed or hidden in v58.0:

• pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); 1424373 - 0da73d6
• pref("extensions.e10sBlocksEnabling", true); 1406212 - c83670f
• pref("social.directories", "https://activations.cdn.mozilla.net");
• pref("social.remote-install.enabled", true);
• pref("social.toast-notifications.enabled", true);
• pref("social.whitelist", "https://mozsocial.cliqz.com");

changed in v58.0:

• pref("javascript.options.shared_memory", false); // prev: true - 93c3457
• pref("javascript.options.wasm_baselinejit", true); // prev: false
  • added to sticky items to keep an eye on, to be revisited FF60
• pref("browser.tabs.remote.autostart", true); // prev: false 1101
• pref("dom.ipc.processCount", 4); // prev: 1 1102
• pref("extensions.formautofill.available", "detect"); // prev: "staged-rollout" 0517
• pref("security.sandbox.content.level", 4); // prev: 3 1110
• pref("security.tls.enable_0rtt_data", false); // prev: true 1205

---

ignore

==NEW

pref("browser.sessionstore.max_write_failures", 5);
pref("browser.schedulePressure.defaultCount", 3);
pref("browser.schedulePressure.enabled", true);
pref("browser.schedulePressure.timeoutMs", 1000);
pref("browser.urlbar.switchTabs.adoptIntoActiveWindow", false);
pref("browser.xul.error_pages.show_safe_browsing_details_on_load", false);
pref("devtools.changesview.enabled", false);
pref("devtools.debugger.features.column-breakpoints", false);
pref("devtools.debugger.features.project-text-search", true);
pref("devtools.debugger.features.root", false);
pref("devtools.debugger.features.shortcuts", true);
pref("devtools.debugger.project-directory-root", "");
pref("devtools.eventsview.enabled", false);
pref("devtools.flexboxinspector.enabled", false);
pref("devtools.layout.flexbox.opened", true);
pref("devtools.new-animationinspector.enabled", false);
pref("devtools.onboarding.experiment", "off"); // shield study already covered 1418266
pref("devtools.onboarding.experiment.flipped", false);
pref("devtools.onboarding.telemetry.logged", false);
pref("dom.enable_performance_navigation_timing", true);
pref("dom.vr.display.rafMaxDuration", 50);
pref("extensions.formautofill.creditCards.used", 0);
pref("general.smoothScroll.msdPhysics.continuousMotionMaxDeltaMS", 120);
pref("general.smoothScroll.msdPhysics.enabled", false);
pref("general.smoothScroll.msdPhysics.motionBeginSpringConstant", 1250);
pref("general.smoothScroll.msdPhysics.regularSpringConstant", 1000);
pref("general.smoothScroll.msdPhysics.slowdownMinDeltaMS", 12);
pref("general.smoothScroll.msdPhysics.slowdownMinDeltaRatio", "1.3");
pref("general.smoothScroll.msdPhysics.slowdownSpringConstant", 2000);
pref("gfx.webrender.debug.alpha-primitives", false);
pref("layers.omtp.release-capture-on-main-thread", false);
pref("layout.css.servo.chrome.enabled", false);
pref("layout.display-list.dump-parent", false);
pref("layout.display-list.rebuild-frame-limit", 500);
pref("layout.display-list.retain", false);
pref("media.omt_data_delivery.enabled", true);
pref("media.peerconnection.video.vp9_preferred", false);
pref("media.recorder.audio_node.enabled", false);
pref("media.recorder.video.frame_drops", true);
pref("media.wmf.dxva.d3d11.enabled", true);
pref("media.wmf.dxva.enabled", true);
pref("media.wmf.dxva.max-videos", 8);
pref("media.wmf.play-stand-alone", true);
pref("media.wmf.use-nv12-format", true);
pref("media.wmf.use-sync-texture", true);
pref("mousewheel.debug.make_window_under_cursor_foreground", false);
pref("network.auth.non-web-content-triggered-resources-http-auth-allow", false);
pref("network.http.tls-handshake-timeout", 30);
pref("services.sync.prefs.sync.privacy.reduceTimerPrecision", true);
pref("services.sync.prefs.sync.privacy.resistFingerprinting", true);
pref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.microseconds", true);
pref("ui.context_menus.after_mouseup", false); // Mac/Linux
  // ^^ changes OS behavior, can be controlled by WE's eg FireGestures for those
  // who want those gesture extension see: https://bugzilla.mozilla.org/show_bug.cgi?id=1419426

==REMOVED or HIDDEN

pref("browser.preferences.offlineGroup.enabled", false);
pref("browser.urlbar.daysBeforeHidingSuggestionsPrompt", 4);
pref("browser.urlbar.lastSuggestionsPromptDate", 20160601);
pref("devtools.debugger.client-source-maps-enabled", true);
pref("devtools.debugger.project-text-search-enabled", true);
pref("devtools.debugger.scopes-visible", false);
pref("devtools.fontinspector.enabled", true);
pref("devtools.inspector.mdnDocsTooltip.enabled", false);
pref("devtools.promote.layoutview", 1);
pref("devtools.promote.layoutview.showPromoteBar", true);
pref("devtools.responsive.html.enabled", true);
pref("devtools.responsiveUI.no-reload-notification", false);
pref("dom.abortController.enabled", true);
pref("dom.abortController.fetch.enabled", true);
pref("dom.allow_named_properties_object_for_xrays", 1);
pref("extensions.e10sMultiBlocksEnabling", true);
pref("gfx.webrender.layers-free", false);
pref("gfx.webrendest.enabled", false);
pref("idle_queue.long_period", 50);
pref("idle_queue.min_period", 3);
pref("layers.advanced.boxshadow-inset-layers", 2);
pref("layers.advanced.boxshadow-outer-layers", 2);
pref("layers.advanced.button-foreground-layers", 2);
pref("layers.advanced.displaybuttonborder-layers", 2);
pref("layers.advanced.filter-layers", 2);
pref("layout.css.style-attr-with-xml-base.disabled", true);
pref("media.webrtc.debug.aec_log_dir", "");
pref("media.windows-media-foundation.allow-d3d11-dxva", true);
pref("media.windows-media-foundation.use-nv12-format", true);
pref("memory.free_dirty_pages", true);
pref("memory.low_commit_space_threshold_mb", 128);
pref("memory.low_memory_notification_interval_ms", 10000);
pref("memory.low_physical_memory_threshold_mb", 0);
pref("memory.low_virtual_memory_threshold_mb", 128);
pref("network.standard-url.enable-rust", false);
pref("security.onecrl.via.amo", false);

==CHANGED

pref("browser.places.useAsyncTransactions", true); // prev: false
pref("browser.search.defaultenginename.US", "data:text/plain,browser.search.defaultenginename.US=Google"); // prev: "data:text/plain,browser.search.defaultenginename.US=Yahoo"
pref("browser.search.order.US.1", "data:text/plain,browser.search.order.US.1=Google"); // prev: "data:text/plain,browser.search.order.US.1=Yahoo"
pref("browser.search.order.US.2", "data:text/plain,browser.search.order.US.2=Yahoo"); // prev: "data:text/plain,browser.search.order.US.2=Google"
pref("devtools.inspector.shapesHighlighter.enabled", true); // prev: false
pref("dom.ipc.processPrelaunch.enabled", true); // prev: false
pref("dom.script_loader.bytecode_cache.enabled", true); // prev: false
pref("dom.timeout.enable_budget_timer_throttling", true); // prev: false
pref("layers.advanced.background-color", false); // prev: 2
pref("layers.advanced.caret-layers", false); // prev: 2
pref("layers.advanced.solid-color", false); // prev: 2
pref("layers.advanced.table", false); // prev: 2
pref("layers.omtp.enabled", true); // prev: false
pref("layout.css.font-display.enabled", true); // prev: false
pref("mousewheel.with_alt.action", 2); // prev: 1
pref("mousewheel.with_shift.action", 4); // prev: 2
pref("security.use_sqldb", true); // prev: false
pref("webgl.force-index-validation", 0); // prev: false

[earthlng]

bugzilla tickets

• browser.places.useAsyncTransactions
  Bug 1404267 - Enable Async Places Transactions for all builds, not just nightly. r=mak
  Bug 1071513 - Enable async PlacesTransactions for nightly builds. r=mak

• browser.preferences.offlineGroup.enabled
  Bug 1399398 - Turn on the Storage Management feature, r=Gijs
  Bug 1399808 - Remove the offlineGroup UI in about:preferences, r=jaws

• browser.safebrowsing.provider.google4.dataSharing.enabled
  Bug 1351147 - Support ThreatHit requests in SafeBrowsing V4 r=francois

• browser.safebrowsing.provider.google4.dataSharingURL
  Bug 1351147 - Support ThreatHit requests in SafeBrowsing V4 r=francois

• browser.schedulePressure.defaultCount
  Bug 1406414 - Switch to an APNG loading indicator when the browser is under schedule pressure. r=francois,mconley

• browser.schedulePressure.enabled
  Bug 1406414 - Switch to an APNG loading indicator when the browser is under schedule pressure. r=francois,mconley

• browser.schedulePressure.timeoutMs
  Bug 1406414 - Switch to an APNG loading indicator when the browser is under schedule pressure. r=francois,mconley

• browser.sessionstore.max_write_failures
  Bug 1402267 - Restart the SessionWorker each time there are failures reported as much as defined in the 'browser.sessionstore.max_write_failures' pref. r=ttaubert

• browser.tabs.remote.autostart
  Bug 1410376 - Disable e10s for non-Firefox Gecko users. r=Felipe
  Bug 1406212 - Default to e10s on with 4 content processes. r=Felipe
  Bug 1369399 - Re-enable e10s for DevEdition. r=Felipe

• browser.urlbar.daysBeforeHidingSuggestionsPrompt
  Bug 1367790 - Remove code for the opt-in Search Suggestions notification. r=Paolo

• browser.urlbar.lastSuggestionsPromptDate
  Bug 1367790 - Remove code for the opt-in Search Suggestions notification. r=Paolo

• browser.urlbar.switchTabs.adoptIntoActiveWindow
  Bug 1402489 - Add a pref for switch to tab moving the target tab into the current window, r=mak

• browser.xul.error_pages.show_safe_browsing_details_on_load
  Bug 1400660 - Create a new pref to determine the initial state of the 'See details' panel in about:blocked pages. r=francois,johannh

• dom.abortController.enabled
  Bug 1402317 - Remove dom.abortController.enabled and dom.abortController.fetch.enabled prefs, r=qdot
  Bug 1394085 - Enable Abort API by default, r=bkelly
  Bug 1378342 - AbortSignal/AbortController - part 5 - Some WPTs pass, r=bkelly

• dom.abortController.fetch.enabled
  Bug 1402317 - Remove dom.abortController.enabled and dom.abortController.fetch.enabled prefs, r=qdot
  Bug 1394085 - Enable Abort API by default, r=bkelly
  Bug 1378342 - AbortSignal/AbortController - part 5 - Some WPTs pass, r=bkelly

• dom.allow_named_properties_object_for_xrays
  Bug 1354730. Disable named property object (aka global scope polluter) behavior for all Xrays. r=kmag

• dom.enable_performance_navigation_timing
  Bug 1403926 - Add pref for PerformanceNavigationTiming r=baku

• dom.ipc.processCount
  Bug 1406212 - Default to e10s on with 4 content processes. r=Felipe

• dom.ipc.processPrelaunch.enabled
  Bug 1385249 - Reenable the preallocated process. r=mrbkap
  Bug 1363601 - Disabling the preallocated process manager on all channels. r=mrbkap
  Bug 1381804 - Disable process prelaunch while activity-stream is enabled. r=mconley
  Bug 1363601 - Turn off the preallocated process manager on Firefox 55. r=mrbkap, a=lizzard

• dom.script_loader.bytecode_cache.enabled
  Bug 1405738 - Enable the JavaScript Start-up Bytecode Cache. r=mrbkap
  Bug 900784 - Enable the JavaScript Start-up Bytecode Cache. r=mrbkap

• dom.timeout.enable_budget_timer_throttling
  Bug 1377766 - Enable budget throttling by default. r=bkelly

• dom.vr.display.rafMaxDuration
  Bug 1392216 - Part 3: VRPuppet dispatch submit frame result to VRListener thread; r=kip

• extensions.e10sBlocksEnabling
  Bug 1406212 - Remove references to extensions.e10sBlocksEnabling. r=Felipe

• extensions.e10sMultiBlocksEnabling
  Bug 1406212 - Remove references to extensions.e10sBlocksEnabling. r=Felipe

• extensions.formautofill.available
  Bug 1398656 - Always build the form autofill system add-on but disable it by default on release. r=lchang, a=gchang on a CLOSED TREE
  Bug 1385201 - [Form Autofill] Rename "extensions.formautofill.experimental". r=MattN

• extensions.formautofill.creditCards.available
  Bug 1417336 - [Form Autofill] Enable credit card autofill by default on beta build. r=steveck a=gchang
  Bug 1399382 - Add a pref to hide credit card autofill feature, r=lchang

• extensions.formautofill.creditCards.used
  Bug 1414189 - [Form Autofill] Add a pref to determine whether a user has ever used credit card autofill. r=steveck

• general.smoothScroll.msdPhysics.continuousMotionMaxDeltaMS
  Bug 1402498 - Add ScrollAnimationMSDPhysics, can be enabled using general.smoothScroll.msdPhysics.enabled. r=rhunt

• general.smoothScroll.msdPhysics.enabled
  Bug 1402498 - Add ScrollAnimationMSDPhysics, can be enabled using general.smoothScroll.msdPhysics.enabled. r=rhunt

• general.smoothScroll.msdPhysics.motionBeginSpringConstant
  Bug 1402498 - Add ScrollAnimationMSDPhysics, can be enabled using general.smoothScroll.msdPhysics.enabled. r=rhunt

• general.smoothScroll.msdPhysics.regularSpringConstant
  Bug 1402498 - Add ScrollAnimationMSDPhysics, can be enabled using general.smoothScroll.msdPhysics.enabled. r=rhunt

• general.smoothScroll.msdPhysics.slowdownMinDeltaMS
  Bug 1402498 - Add ScrollAnimationMSDPhysics, can be enabled using general.smoothScroll.msdPhysics.enabled. r=rhunt

• general.smoothScroll.msdPhysics.slowdownMinDeltaRatio
  Bug 1402498 - Add ScrollAnimationMSDPhysics, can be enabled using general.smoothScroll.msdPhysics.enabled. r=rhunt

• general.smoothScroll.msdPhysics.slowdownSpringConstant
  Bug 1402498 - Add ScrollAnimationMSDPhysics, can be enabled using general.smoothScroll.msdPhysics.enabled. r=rhunt

• gfx.webrender.debug.alpha-primitives
  Bug 1403214 - Fix webrender debug prefs. r=nical

• gfx.webrender.layers-free
  Bug 1404325 - Remove the layers-free pref from about:config. r=jrmuizel
  Bug 1389000 - Turn on webrender layers-free mode by default. r=jrmuizel

• gfx.webrendest.enabled
  Bug 1410824 - Remove pref 'gfx.webrendest.enabled'. r=kats

• idle_queue.long_period
  Bug 1414150 - Remove the "idle_queue.*" prefs. r=farre.

• idle_queue.min_period
  Bug 1414150 - Remove the "idle_queue.*" prefs. r=farre.

• javascript.options.wasm_baselinejit
  Bug 1391196 - Let javascript.options.wasm_baselinejit default to true. r=luke

• layers.advanced.background-color
  Bug 1405778. Remove largely unneeded call to nsDisplayBackgroundColor::GetLayerState. r=kats

• layers.advanced.boxshadow-inset-layers
  Bug 1415989 - Do not use 'ShouldUseAdvancedLayer' for button type display items. r=jrmuizel
  Bug 1405957 - Part2. Remove the unnecessary GetLayerState in CreateWebRenderCommands and adjust the related pref type/value. r=kats

• layers.advanced.boxshadow-outer-layers
  Bug 1415989 - Do not use 'ShouldUseAdvancedLayer' for button type display items. r=jrmuizel
  Bug 1405957 - Part2. Remove the unnecessary GetLayerState in CreateWebRenderCommands and adjust the related pref type/value. r=kats

• layers.advanced.button-foreground-layers
  Bug 1415989 - Do not use 'ShouldUseAdvancedLayer' for button type display items. r=jrmuizel

• layers.advanced.caret-layers
  Bug 1405957 - Part2. Remove the unnecessary GetLayerState in CreateWebRenderCommands and adjust the related pref type/value. r=kats

• layers.advanced.displaybuttonborder-layers
  Bug 1415989 - Do not use 'ShouldUseAdvancedLayer' for button type display items. r=jrmuizel

• layers.advanced.filter-layers
  Bug 1405957 - Part1. Remove advanced filter layer. r=kats

• layers.advanced.solid-color
  Bug 1405957 - Part2. Remove the unnecessary GetLayerState in CreateWebRenderCommands and adjust the related pref type/value. r=kats

• layers.advanced.table
  Bug 1405957 - Part2. Remove the unnecessary GetLayerState in CreateWebRenderCommands and adjust the related pref type/value. r=kats

• layers.omtp.enabled
  Bug 1403935: Enable OMTP by default on windows only. r=dvander

• layers.omtp.release-capture-on-main-thread
  Bug 1412850: Release capture drawtargets on the paint thread. r=rhunt
  Bug 1404749: Release our DrawTargetCapture on the main thread. r=mattwoodrow

• layout.css.font-display.enabled
  Bug 1317445 - Enable support for the 'font-display' descriptor in @font-face rules. r=dbaron

• layout.css.servo.chrome.enabled
  Bug 1411532 part 1 - Add a pref for enabling stylo on chrome documents. r=bz

• layout.css.style-attr-with-xml-base.disabled
  Bug 1406277 - Completely remove xml:base for style attribute. r=bz

• layout.display-list.dump-parent
  Bug 1406008 - Add pref for just dumping the parent process display list. r=jrmuizel

• layout.display-list.rebuild-frame-limit
  Bug 1411248 - Add some early exit heuristics to avoid complicated partial display list builds r=mattwoodrow

• layout.display-list.retain
  Bug 1416055 - Enable retained display lists for Nightly builds. r=miko
  Bug 1404181 - Part 12: Add pref for retained display lists (starting with it disabled). r=mstange

• media.omt_data_delivery.enabled
  Bug 1407886 - enable OMT data delivery. r=gerald
  Bug 1405962. P1 - give MediaCache a thread on which we will run data callbacks from the HTTP channel. r=gerald

• media.peerconnection.video.vp9_preferred
  Bug 1392961 - Add preference to make VP9 the preferred video codec. r=jesup

• media.recorder.audio_node.enabled
  Bug 1409727 - Expose the audio node recording pref to about:config. r=jib

• media.recorder.video.frame_drops
  Bug 1409727 - Add a mode and pref to disallow frame drops in MediaRecorder. r=SingingTree

• media.webrtc.debug.aec_log_dir
  Bug 1407492: remove aec log dir user pref. r=mjf

• media.windows-media-foundation.allow-d3d11-dxva
  Bug 1403190 - P1. Rename media.windows-media-foundation.* into media.wmf.* prefs. r=cpearce

• media.windows-media-foundation.use-nv12-format
  Bug 1403190 - P1. Rename media.windows-media-foundation.* into media.wmf.* prefs. r=cpearce
  Bug 1352016 - P4. Enable NV12 preference. r=mattwoodrow
  Bug 1352016 - P3. Enable NV12 preference. r=mattwoodrow

• media.wmf.dxva.d3d11.enabled
  Bug 1403190 - P3. Rename and re-organise dxva prefs. r=cpearce

• media.wmf.dxva.enabled
  Bug 1403190 - P3. Rename and re-organise dxva prefs. r=cpearce

• media.wmf.dxva.max-videos
  Bug 1403190 - P3. Rename and re-organise dxva prefs. r=cpearce

• media.wmf.play-stand-alone
  Bug 1403190 - P2. Make wmf prefs public. r=cpearce

• media.wmf.use-nv12-format
  Bug 1403190 - P1. Rename media.windows-media-foundation.* into media.wmf.* prefs. r=cpearce

• media.wmf.use-sync-texture
  Bug 1403190 - P2. Make wmf prefs public. r=cpearce

• memory.free_dirty_pages
  Bug 1414150 - Remove the "memory.free_dirty_pages" pref. r=glandium.
  Bug 1398033 - Free dirty pages on memory pressure. r=njn

• memory.low_commit_space_threshold_mb
  Bug 1414150 - Remove the "memory.low_*" prefs. r=erahm,dmajor.

• memory.low_memory_notification_interval_ms
  Bug 1414150 - Remove the "memory.low_*" prefs. r=erahm,dmajor.

• memory.low_physical_memory_threshold_mb
  Bug 1414150 - Remove the "memory.low_*" prefs. r=erahm,dmajor.

• memory.low_virtual_memory_threshold_mb
  Bug 1414150 - Remove the "memory.low_*" prefs. r=erahm,dmajor.

• mousewheel.debug.make_window_under_cursor_foreground
  Bug 1410988 - Add a debug mode pref to emulate odd touchpad utils which give focus to window under mouse cursor when user tries to scroll the content r=jimm

• mousewheel.with_alt.action
  Bug 143038 Make users can scroll contents horizontally with vertical wheel operation with a modifier r=smaug

• mousewheel.with_shift.action
  Bug 143038 Make users can scroll contents horizontally with vertical wheel operation with a modifier r=smaug

• network.cookie.thirdparty.nonsecureSessionOnly
  Bug 1160368 - Part 1: Add flag to treat third-party cookies set over nonsecure HTTP as session cookies. r=jdm

• network.http.tls-handshake-timeout
  Bug 1393691 - timeout connection if tls takes too long. r=mcmanus

• network.standard-url.enable-rust
  Bug 1415206 - Remove RustURL from Gecko r=bagder

• permissions.default.camera
  Bug 1379560 - Part 1 - Add a default permission pref in the permission manager. r=mystor,Paolo

• permissions.default.desktop-notification
  Bug 1379560 - Part 1 - Add a default permission pref in the permission manager. r=mystor,Paolo

• permissions.default.geo
  Bug 1379560 - Part 1 - Add a default permission pref in the permission manager. r=mystor,Paolo

• permissions.default.microphone
  Bug 1379560 - Part 1 - Add a default permission pref in the permission manager. r=mystor,Paolo

• permissions.default.shortcuts
  Bug 380637, add a general preference to prevent pages from overriding keyboard shortcuts. If a key doesn't specify the reserved attribute, this preference will be used, r=felipe

• security.onecrl.via.amo
  Bug 1359428 - Remove preference to select OneCRL update mechanism r=keeler,leplatrem,rhelmer

• security.sandbox.content.level
  Bug 1417959 - Bump Alternate Desktop to Level 5 and make that the Default on Nightly. r=jimm, a=gchang
  Bug 1415250 Part 2: Make level 4 the default for the Windows content process sandbox. r=jimm
  Bug 1402351 - Make the Linux level 3 / read sandbox ride the trains. r=jld
  Bug 1402351 - Make the Linux level 3 / read sandbox ride the trains. r=jld, a=sledru
  Bug 1402340 - On non-Nightly revert back to Windows content process sandbox level 3 to fix suspected top crashes. r=jimm, a=sledru
  Bug 1229829 - Part 2 - Use an alternate desktop on the local winstation for content processes; r=bobowen
  Bug 1388046 - Disable sandbox read restrictions (level 3) on beta/release. r=jld
  Bug 1388046 - Disable sandbox read restrictions (level 3) on beta/release. r=jld, a=gchang
  Bug 1366697: Let the windows level 3 content process sandbox ride the trains. r=jimm
  Bug 1377522 - let the macOS level 3 content sandbox ride the trains! r=haik
  Bug 1308400 - Support file process, whitelist path prefs. r=jld
  Bug 1366694 Part 4: Change Windows content process sandbox level to 3 on Nightly. r=jimm
  Bug 1332190 - [Mac] Enable level 3 Mac content sandbox, removing filesystem read access. r=Alex_Gaynor

• security.tls.version.max
  Bug 1368599 - Disable TLS 1.3 by default for Release 55. r=keeler, a=jcristau
  Bug 1368599 - Disable TLS 1.3 by default for Release 54 r=dkeeler a=ritu

• security.use_sqldb
  bug 783994 - use the sqlite-backed certificate and key DBs r=jcj
  bug 1398932 - add a preference for enabling the sqlite-backed NSS databases r=Cykesiopka,jcj

• services.sync.prefs.sync.privacy.resistFingerprinting
  Bug 1414153 - Sync the privacy.resistFingerprinting pref by default. r=eoger, a=gchang

• social.directories
  Bug 1406193 - Remove last remaining SocialAPI bits. r=dao

• social.remote-install.enabled
  Bug 1406193 - Remove last remaining SocialAPI bits. r=dao

• social.toast-notifications.enabled
  Bug 1406193 - Remove last remaining SocialAPI bits. r=dao

• social.whitelist
  Bug 1406193 - Remove last remaining SocialAPI bits. r=dao

• ui.context_menus.after_mouseup
  Bug 1360278 - Add preference to trigger context menu on mouse up for GTK+ and macOS, r=mstange,smaug a=gchang

• webgl.force-index-validation
  Bug 1414977 - Allow webgl.force-index-validation:-1 to disable index validation for testing. - r=daoshengmu

[2glops]

pref("security.sandbox.content.level", 4); // prev: 3
Ignore, covered in 1110 and OS specific. The links seems now to be:
https://wiki.mozilla.org/Security/Sandbox

pref("security.tls.version.max", 4); // prev: 3
Move to ignore ? We already enforce value 4 in release 57.

[earthlng]

Thanks, I've updated the link: 183a624

[Atavic]

The SchedulePressure object provides the ability to alter the behavior of a program based on the idle activity of the host machine.

Starts an interval timeout that periodically waits for an idle callback. If the idle callback fails to get called within the timeout specified by TIMEOUT_AMOUNT, the highPressureFn callback will get called. Otherwise the lowPressureFn callback will get called.

https://dxr.mozilla.org/mozilla-central/source/browser/modules/SchedulePressure.jsm

[earthlng]

^^ we already make ALL 3rdparty cookies sessionOnly with network.cookie.thirdparty.sessionOnly.

[Atavic]

Don't know. Just-in-Time Compilation for Javascript (JIT) has this reference.

And the same german source from #244 (comment) says:

The Just-in-time compilation for javascript (JIT) also facilitates ROP attacks and can be used with JIT spraying protection mechanisms such as ASLR.

[earthlng]

browser.crashReports.unsubmittedCheck.autoSubmit2 - false is fine, no need to add this as it's likely just a temporary pref anyway
network.auth.non-web-content-triggered-resources-http-auth-allow - no need to enforce false IMO
browser.crashReports.unsubmittedCheck.autoSubmit - we should keep this because they probably just renamed it to autoSubmit2
privacy.resistFingerprinting.reduceTimerPrecision.microseconds - they want to make RFP always use 100ms with https://bugzilla.mozilla.org/show_bug.cgi?id=1431455 but it landed too late for 58, so we could set it to 100ms with this pref until that change lands
privacy.reduceTimerPrecision - users without RFP can set this to true to also make use of the above pref. Maybe add it as inactive but I'd rather not include it at all because it's risky and there's a reason they didn't ship it as true.

[Atavic]

Yes, it is a workaround for browsers.

[earthlng]

.autoSubmit - IMO we can add the new one but I wouldn't move the old one to deprecated just yet simply because it will look a bit weird if they do rename it back and we'd have to move it back up from 9999.
javascript.options.shared_memory - we can enforce false even though I don't think they'll be able to turn this back on anytime soon anyway.

[Atavic]

See: BrowserWorks/Waterfox#356

For a test, here there's a Parallel Mandelbrot computation window.

[fmarier]

Hey Francois, this "Support v4/ThreatHit request in Safe Browsing V4" ... can you tell us a quick bit about it? Is this similar to reporting urls such as all the browser.safebrowsing.*report ones (in our 0415)?

No, it's a separate thing. The other report URLs are for when a user actually clicks on a button to manually send a report to Google. This new one will cause reports to be sent automatically when you encounter a Safe Browsing warning page, as long as you have previously opted into this (i.e. checkbox on the warning pages, off by default).

It is anonymized by google (eg IP removed) or agreed to never be used for marketing etc under a Mozilla/Google deal? Is the information sent used by SB (which google runs) or is it also used by Mozilla for their benefit to improve FF?

The IP will be removed since we'll be proxying the reports and sending them to Google from our proxy server's IP address. Initially, the information will be for the Safe Browsing team at Google to make the service better for Firefox users (they already get that data for Chrome users).

[earthlng]

reminder: when we do a 57 final, redo scratchpad clearing prefs

let's just scratch that. It is what it is and that's good enough.

permissions.default.*

apart from .shortcuts everything defaults to "Always ask" which is fine. And we already disable all the APIs and shit for those anyway so we can just ignore them. For .shortcuts there's only Allow and Block and we could add that somewhere (24xx or 26xx or 50xx, IDK).

network.auth.non-web-content-triggered-resources-http-auth-allow

this is for CVE-2018-5115.
1409449 is still private but the changeset is public.
False is what we want and it's unlikely to ever change. We can ignore it IMO.

extensions.e10sBlocksEnabling

let's just remove it completely. I'm not even sure this made any sense in the 1st place because I think this was overwritten by the e10s system addon. Let's also remove 1106 + 1107 because changing them to anything higher than 1 doesn't seem to be supported yet anyway.

javascript.options.shared_memory

/* 24xx: disable Shared Memory (Spectre mitigation)
 * [1] https://github.com/tc39/ecmascript_sharedmem/blob/master/TUTORIAL.md
 * [2] https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ ***/
user_pref("javascript.options.shared_memory", false);

^^ if you want.

layout.css.font-display.enabled

https://bugzilla.mozilla.org/show_bug.cgi?id=1317445
https://developer.mozilla.org/en-US/docs/Web/CSS/@font-face/font-display

I've disabled it in my user.js because I block downloadable fonts with uBO and don't need this "timeline" with a swap period and shit. But it's probably not really necessary and ignoring it is fine too.

[earthlng]

I see no reason not to remove it all now, except 1108 we can keep and relocate

👍

[earthlng]

But the URL used google's, and the key is their's. I don't follow.

I assume they're just using the google url until they have finalized all the code, the format of the data, etc.

[fmarier]

Where is the option for this? A website cookie - surely not? Or do you mean the pref browser.safebrowsing.provider.google4.dataSharing.enabled?

Yes, that's the one.

But the URL used google's, and the key is their's. I don't follow.

I assume they're just using the google url until they have finalized all the code, the format of the data, etc.

@earthlng is right. We're not going to expose this in the UI until we've sorted the proxy.

[earthlng]

Would be nice to know the FF+ values for the two prefs we already have to remove any ambiguity

dom.webnotifications.enabled exists since FF22 and dom.webnotifications.serviceworker.enabled since FF44 if that's what you mean

Just trying to remove unnecessary roadblocks for users

but isn't setting these prefs to default-block an unnecessary roadblock itself?
I understand what you're trying to do but it's just not worth it IMO. Too many prefs need to be enabled for Cam+Mic to work and barely anyone ever needs that in a browser nowadays.
For Web Notifications you would probably need to enable all of 2300 and the pref would only ask/block the actual Web Notifications and all the rest would be freely available all the time.
And Geo is disabled by RFP and this new permission pref is almost completely useless.
IMO we don't need these 4 prefs because "Always ask" is a good default already and anyone using our user.js will never see any of these prompts anyway.

[earthlng]

That's just nasty

no it's not, that's just part of the preparation for making Devtools a system addon. And since Telemetry is now locked to false in all Release versions and Devtools is still built-in at the moment it doesn't actually do anything other than just set the pref to true.
https://dxr.mozilla.org/mozilla-central/source/devtools/shim/devtools-startup.js#290

anyway, mixing the default permission into 2304 was too messy

I agree but for once I didn't wanna bitch about it :)

and I'll do a 58-alpha release

do it. And thanks for finishing this

[earthlng]

shouldn't the version be 58-beta at the moment + until you release the final 58 shortly before Firefox 59 is released?