Paul Zuehlcke authored 5 months ago and ma1 committed 4 months ago

Differential Revision: https://phabricator.services.mozilla.com/D224349

This commits makes it possible to disable OS spoofing in the HTTP
User-Agent header, to see if matching header and JS property improve
usability.

This component adds a new Security Level toolbar button which visually
indicates the current global security level via icon (as defined by the
extensions.torbutton.security_slider pref), a drop-down hanger with a
short description of the current security level, and a new section in
the about:preferences#privacy page where users can change their current
security level. In addition, the hanger and the preferences page will
show a visual warning when the user has modified prefs associated with
the security level and provide a one-click 'Restore Defaults' button to
get the user back on recommended settings.

Bug 40125: Expose Security Level pref in GeckoView

henry authored 1 year ago and Pier Angelo Vendrame committed 4 months ago

This hides it from both the toolbar and the unified extensions panel.

We also hide the unified-extension-button if the panel would be empty:
not including the NoScript button when it is hidden. As a result, this
will be hidden by default until a user installs another extension (or
shows the NoScript button and unpins it).

Matthew Finkel authored 3 years ago and Pier Angelo Vendrame committed 4 months ago

Bug 40253: Explicitly allow NoScript in Private Browsing mode.

Firefox strings use { -brand-product-name }.
As a result, it seems that the fork is recommending extensions, whereas
AMO curators are doing that.
So, we replace the strings with custom ones that clarify that Mozilla is
recommending them.

We assign the strings with JS because our translation backend does not
support Fluent attributes, yet, but once it does, we should switch to
them, instead.

Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1825033

Bug 42747: Discard unsupported updates earlier.

Firefox's updater has a function to select updates, which checks mainly
the version number.
Therefore, a more recent update that is unsupported will be chosen over
a compatible one.
We patch this to be able to provide an alternative update path to
Windows 7.

Kathleen Brade authored 8 years ago and Pier Angelo Vendrame committed 4 months ago

Windows: disable "runas" code path in updater (15201).
Windows: avoid writing to the registry (16236).
Also includes fixes for tickets 13047, 13301, 13356, 13594, 15406,
  16014, 16909, 24476, and 25909.

Also fix bug 27221: purge the startup cache if the Base Browser
version changed (even if the Firefox version and build ID did
not change), e.g., after a minor Base Browser update.

Also fix 32616: Disable GetSecureOutputDirectoryPath() functionality.

Bug 26048: potentially confusing "restart to update" message

Within the update doorhanger, remove the misleading message that mentions
that windows will be restored after an update is applied, and replace the
"Restart and Restore" button label with an existing
"Restart to update Tor Browser" string.

Bug 28885: notify users that update is downloading

Add a "Downloading Base Browser update" item which appears in the
hamburger (app) menu while the update service is downloading a MAR
file. Before this change, the browser did not indicate to the user
that an update was in progress, which is especially confusing in
Tor Browser because downloads often take some time. If the user
clicks on the new menu item, the about dialog is opened to allow
the user to see download progress.

As part of this fix, the update service was changed to always show
update-related messages in the hamburger menu, even if the update
was started in the foreground via the about dialog or via the
"Check for Tor Browser Update" toolbar menu item. This change is
consistent with the Tor Browser goal of making sure users are
informed about the update process.

Removed #28885 parts of this patch which have been uplifted to Firefox.

henry authored 2 years ago and Pier Angelo Vendrame committed 4 months ago

Treat about:blank as the default home page and new tab page.

Avoid loading AboutNewTab in BrowserGlue.sys.mjs in order
to avoid several network requests that we do not need.

Bug 41624: Disable about:pocket-* pages.

Bug 40144: Redirect about:privatebrowsing to the user's home

ma1 authored 2 years ago and Pier Angelo Vendrame committed 4 months ago

Bug 30556: align letterboxing with 200x100 new win width stepping

ma1 authored 2 years ago and Pier Angelo Vendrame committed 4 months ago

Bug 41434: Letterboxing, preemptively apply margins in a global CSS rule to mitigate race conditions on newly created windows and tabs.

The datetime input is inconsistent with other inputs when using spoof
English: its placeholder is not translated, unlike the default values
and texts of all the other inputs.

This commit adds all the strings needed by following Base Browser
patches.

Alex Catarineu authored 5 years ago and Pier Angelo Vendrame committed 4 months ago

Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1429838

This commit makes Firefox look for the default profile directory in a
directory relative to the binary path.
The directory can be specified through the --with-relative-data-dir.
This is relative to the same directory as the firefox main binary for
Linux and Windows.

On macOS, we remove Contents/MacOS from it.
Or, in other words, the directory is relative to the application
bundle.

This behavior can be overriden at runtime, by placing a file called
system-install adjacent to the firefox main binary (also on macOS).

Do not include Normandy at all whenever MOZ_NORMANDY is False.

Alex Catarineu authored 5 years ago and Pier Angelo Vendrame committed 4 months ago

More concretely, SearchService.jsm 'hijack-blocklists' and
url-classifier-skip-urls.

Avoid creating instance for 'anti-tracking-url-decoration'.

If prefs are disabling their usage, avoid creating instances for
'cert-revocations' and 'intermediates'.

Do not ship JSON dumps for collections we do not expect to need. For
the ones in the 'main' bucket, this prevents them from being synced
unnecessarily (the code in remote-settings does so for collections
in the main bucket for which a dump or local data exists). For the
collections in the other buckets, we just save some size by not
shipping their dumps.

We also clear the collections database on the v2 -> v3 migration.

Arthur Edelstein authored 6 years ago and Pier Angelo Vendrame committed 4 months ago

Connections were observed in the catch-all circuit when
the user entered an https or http URL in the URL bar, or
typed a search term.

Bug 17858: Cannot create incremental MARs for hardened builds.
Define HOST_CFLAGS, etc. to avoid compiling programs such as mbsdiff
(which is part of mar-tools and is not distributed to end-users) with
ASan.

Bug 21849: Don't allow SSL key logging.

Bug 25741 - TBA: Disable features at compile-time

Define MOZ_ANDROID_NETWORK_STATE and MOZ_ANDROID_LOCATION

Bug 27623 - Export MOZILLA_OFFICIAL during desktop builds

This fixes a problem where some preferences had the wrong default value.
Also see bug 27472 where we made a similar fix for Android.

Bug 29859: Disable HLS support for now

Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING

Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT

Bug 33734: Set MOZ_NORMANDY to False

Bug 33851: Omit Parental Controls.

Bug 40252: Add --enable-rust-simd to our tor-browser mozconfig files

Bug 41584: Move some configuration options to base-browser level