Compare revisions

8d5b04bb · 1eb23599 · 9f0d981f · fbb00729 · f6f0dc97 · 3b4952c9
--- a/.eslintignore
+++ b/.eslintignore
@@ -268,3 +268,8 @@ browser/extensions/translations/extension/
 # "scaffolding" used by uniffi which isn't valid JS in its original form.
 toolkit/components/uniffi-bindgen-gecko-js/src/templates/js/
 toolkit/components/uniffi-bindgen-gecko-js/components/generated/*
+
+browser/app/profile/001-base-profile.js
+browser/app/profile/000-tor-browser.js
+mobile/android/app/000-tor-browser-android.js
+tools/torbrowser/bridges.js
--- a/.gitignore
+++ b/.gitignore
@@ -212,3 +212,6 @@ tools/esmify/package-lock.json

 # Ignore automatically generated mots documentation
 docs/mots/index.rst
+
+# Ignore binary base of tor browser
+.binaries
--- a/.gitlab/issue_templates/Backport Android Security Fixes.md
+++ b/.gitlab/issue_templates/Backport Android Security Fixes.md
+<details>
+  <summary>Explanation of Variables</summary>
+
+- `$(ESR_VERSION)`: the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc
+  - **Example**: `102.8.0`
+- `$(RR_VERSION)`: the Mozilla defined Rapid-Release version; Tor Browser for Android is based off of the `$(ESR_VERSION)`, but Mozilla's Firefox for Android is based off of the `$(RR_VERSION)` so we need to keep track of security vulnerabilities to backport from the monthly Rapid-Release train and our frozen ESR train.
+  - **Example**: `110`
+- `$(PROJECT_NAME)`: the name of the browser project, either `base-browser` or `tor-browser`
+- `$(TOR_BROWSER_MAJOR)`: the Tor Browser major version
+  - **Example**: `12`
+- `$(TOR_BROWSER_MINOR)`: the Tor Browser minor version
+  - **Example**: either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
+- `$(BUILD_N)`: a project's build revision within a its branch; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build.
+  - **Example**: `build1`
+</details>
+
+**NOTE:** It is assumed the `tor-browser` rebases (stable and alpha) have already happened and there exists a `build1` build tags for both `base-browser` and `tor-browser` (stable and alpha)
+
+### **Bookkeeping**
+
+- [ ] Link this issue to the appropriate [Release Prep](https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/?sort=updated_desc&state=opened&label_name%5B%5D=Release%20Prep) issues (stable and alpha).
+
+### **Security Vulnerabilities Report**: https://www.mozilla.org/en-US/security/advisories/
+
+- Potentially Affected Components:
+  - `firefox`/`geckoview`: https://github.com/mozilla/gecko-dev
+  - `application-services`: https://github.com/mozilla/application-services
+  - `android-components` (ESR 102 only): https://github.com/mozilla-mobile/firefox-android
+  - `fenix` (ESR 102 only): https://github.com/mozilla-mobile/firefox-android
+  - `firefox-android`: https://github.com/mozilla-mobile/firefox-android
+
+**NOTE:** `android-components` and `fenix` used to have their own repos, but since November 2022 they have converged to a single `firefox-android` repo. Any backports will require manually porting patches over to our legacy repos until we have transitioned to ESR 115.
+
+- [ ] Go through the `Security Vulnerabilities fixed in Firefox $(RR_VERSION)` report and create a candidate list of CVEs which potentially need to be backported in this issue:
+  - CVEs which are explicitly labeled as 'Android' only
+  - CVEs which are fixed in Rapid Release but not in ESR
+  - 'Memory safety bugs' fixed in Rapid Release but not in ESR
+- [ ] Foreach issue:
+  - Create link to the CVE on [mozilla.org](https://www.mozilla.org/en-US/security/advisories/)
+    - **Example**: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25740
+  - Create link to the associated Bugzilla issues (found in the CVE description)
+  - Create links to the relevant `gecko-dev`/other commit hashes which need to be backported OR a brief justification for why the fix does not need to be backported
+    - To find the `gecko-dev` version of a `mozilla-central`, search for a unique string in the relevant `mozilla-central` commit message in the `gecko-dev/release` branch log.
+    - **NOTE:** This process is unfortunately somewhat poorly defined/ad-hoc given the general variation in how Bugzilla issues are labeled and resolved. In general this is going to involve a bit of hunting to identify needed commits or determining whether or not the fix is relevant.
+
+### CVEs
+
+<!-- CVE Resolution Template, foreach CVE to investigate add an entry in the form:
+- [ ] https://www.mozilla.org/en-US/security/advisories/mfsaYYYY-NN/#CVE-YYYY-XXXXX // CVE description
+  - https://bugzilla.mozilla.org/show_bug.cgi?id=NNNNNN // Bugzilla issue
+  - **Note**: Any relevant info about this fix, justification for why it is not necessary, etc
+  - **Patches**
+    - firefox-android: https://link.to/relevant/patch
+    - firefox: https://link.to/relevant/patch
+ -->
+
+### **tor-browser**: https://gitlab.torproject.org/tpo/applications/tor-browser.git
+- [ ] Backport any Android-specific security fixes from Firefox rapid-release
+  - [ ] Backport patches to `tor-browser` stable branch
+  - [ ] Open MR
+  - [ ] Merge
+  - [ ] Rebase patches onto:
+    - [ ] `base-browser` stable
+    - [ ] `tor-browser` alpha
+    - [ ] `base-browser` alpha
+  - [ ] Sign/Tag commits:
+    - **Tag**: `$(PROJECT_NAME)-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
+    - **Message**: `Tagging $(BUILD_N) for $(ESR_VERSION)-based stable|alpha)`
+    - [ ] `base-browser` stable
+    - [ ] `tor-browser` stable
+    - [ ] `base-browser` alpha
+    - [ ] `tor-browser` alpha
+  - [ ] Push tags to `upstream`
+- **OR**
+- [ ] No backports
+
+### **application-services**: https://gitlab.torproject.org/tpo/applications/application-services
+- **NOTE**: we will need to setup a gitlab copy of this repo and update `tor-browser-build` before we can apply security backports here
+- [ ] Backport any Android-specific security fixes from Firefox rapid-release
+  - [ ] Backport patches to `application-services` stable branch
+  - [ ] Open MR
+  - [ ] Merge
+  - [ ] Rebase patches onto `application-services` alpha
+  - [ ] Sign/Tag commits:
+    - **Tag**: `application-services-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
+    - **Message**: `Tagging $(BUILD_N) for $(ESR_VERSION)-based stable|alpha`
+    - [ ] `application-services` stable
+    - [ ] `application-services` alpha
+  - [ ] Push tags to `upstream`
+- **OR**
+- [ ] No backports
+
+
+### **android-components (Optional, ESR 102)**: https://gitlab.torproject.org/tpo/applications/android-components.git
+- [ ] Backport any Android-specific security fixes from Firefox rapid-release
+  - **NOTE**: Since November 2022, this repo has been merged with `fenix` into a singular `firefox-android` repo: https://github.com/mozilla-mobile/firefox-android. Any backport will require a patch rewrite to apply to our legacy `android-components` project.
+  - [ ] Backport patches to `android-components` stable branch
+  - [ ] Open MR
+  - [ ] Merge
+  - [ ] Rebase patches onto `android-components` alpha
+  - [ ] Sign/Tag commits:
+    - **Tag**: `android-components-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
+    - **Message**: `Tagging $(BUILD_N) for $(ESR_VERSION)-based stable|alpha)`
+    - [ ] `android-components` stable
+    - [ ] `android-components` alpha
+  - [ ] Push tags to `upstream`
+- **OR**
+- [ ] No backports
+
+
+### **fenix (Optional, ESR 102)**: https://gitlab.torproject.org/tpo/applications/fenix.git
+- [ ] Backport any Android-specific security fixes from Firefox rapid-release
+  - **NOTE**: Since February 2023, this repo has been merged with `android-components` into a singular `firefox-android` repo: https://github.com/mozilla-mobile/firefox-android. Any backport will require a patch rewrite to apply to our legacy `fenix` project.
+  - [ ] Backport patches to `fenix` stable branch
+  - [ ] Open MR
+  - [ ] Merge
+  - [ ] Rebase patches onto `fenix` alpha
+  - [ ] Sign/Tag commits:
+    - **Tag**: `tor-browser-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
+    - **Message**: `Tagging $(BUILD_N) for $(ESR_VERSION)-based stable|alpha)`
+    - [ ] `fenix` stable
+    - [ ] `fenix` alpha
+  - [ ] Push tags to `upstream`
+- **OR**
+- [ ] No backports
+
+### **firefox-android**: https://gitlab.torproject.org/tpo/applications/firefox-android
+- [ ] Backport any Android-specific security fixes from Firefox rapid-release
+  - [ ] Backport patches to `firefox-android` stable branch
+  - [ ] Open MR
+  - [ ] Merge
+  - [ ] Rebase patches onto `fenix` alpha
+  - [ ] Sign/Tag commits:
+    - **Tag**: `firefox-android-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
+    - **Message**: `Tagging $(BUILD_N) for $(ESR_VERSION)-based stable|alpha)`
+    - [ ] `firefox-android` stable
+    - [ ] `firefox-android` alpha
+  - [ ] Push tags to `upstream`
+- **OR**
+- [ ] No backports
+
+/confidential
--- a/.gitlab/issue_templates/Rebase Browser - Alpha.md
+++ b/.gitlab/issue_templates/Rebase Browser - Alpha.md
+**NOTE:** All examples in this template reference the rebase from 102.7.0esr to 102.8.0esr
+
+<details>
+  <summary>Explanation of Variables</summary>
+
+- `$(ESR_VERSION)`: the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc
+  - **Example**: `102.8.0`
+- `$(ESR_TAG)`: the Mozilla defined hg (Mercurial) tag associated with `$(ESR_VERSION)`
+  - **Example**: `FIREFOX_102_8_0esr_RELEASE`
+- `$(ESR_TAG_PREV)`: the Mozilla defined hg (Mercurial) tag associated with the previous ESR version when rebasing (ie, the ESR version we are rebasing from)
+  - **Example**: `FIREFOX_102_7_0esr_BUILD1`
+- `$(BROWSER_MAJOR)`: the browser major version
+  - **Example**: `12`
+- `$(BROWSER_MINOR)`: the browser minor version
+  - **Example**: either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
+- `$(BASE_BROWSER_BRANCH)`: the full name of the current `base-browser` branch
+  - **Example**: `base-browser-102.8.0esr-12.5-1`
+- `$(BASE_BROWSER_BRANCH_PREV)`: the full name of the previous `base-browser` branch
+  - **Example**: `base-browser-102.7.0esr-12.5-1`
+- `$(TOR_BROWSER_BRANCH)`: the full name of the current `tor-browser` branch
+  - **Example**: `tor-browser-102.8.0esr-12.5-1`
+- `$(TOR_BROWSER_BRANCH_PREV)`: the full name of the previous `tor-browser` branch
+  - **Example**: `tor-browser-102.7.0esr-12.5-1`
+</details>
+
+**NOTE:** It is assumed that we've already identified the new ESR branch during the tor-browser stable rebase
+
+### **Bookkeeping**
+
+- [ ] Link this issue to the appropriate [Release Prep](https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/?sort=updated_desc&state=opened&label_name%5B%5D=Release%20Prep) issue.
+
+### Update Branch Protection Rules
+
+- [ ] In [Repository Settings](https://gitlab.torproject.org/tpo/applications/tor-browser/-/settings/repository):
+  - [ ] Remove previous alpha `base-browser` and `tor-browser` branch protection rules (this will prevent pushing new changes to the branches being rebased)
+  - [ ] Create new `base-browser` and `tor-browser` branch protection rule:
+    - **Branch**: `*-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1*`
+      - **Example**: `*-102.8.0esr-12.5-1*`
+    - **Allowed to merge**: `Maintainers`
+    - **Allowed to push and merge**: `Maintainers`
+    - **Allowed to force push**: `false`
+    - If you copied and pasted from old rules, double check you didn't add spaces at the end, as GitLab will not trim them!
+
+### **Create New Branches**
+
+- [ ] Find the Firefox mercurial tag `$(ESR_TAG)`
+  - If `$(BROWSER_MINOR)` is 5, the tag should already exist from the stable release
+  - Otherwise:
+    - [ ] Go to `https://hg.mozilla.org/releases/mozilla-esr$(ESR_MAJOR)/tags`
+    - [ ] Find and inspect the commit tagged with `$(ESR_TAG)`
+      - Tags are in yellow in the Mercurial web UI
+    - [ ] Find the equivalent commit in `https://github.com/mozilla/gecko-dev/commits/esr$(ESR_MAJOR)`
+      - The tag should be very close to `HEAD` (usually the second, before a `No bug - Tagging $(HG_HASH) with $(ESR_TAG)`)
+      - **Notice**: GitHub sorts commits by time, you might want to use `git log gecko-dev/esr$(ESR_MAJOR)` locally, instead
+    - [ ] Sign/Tag the `gecko-dev` commit: `git tag -as $(ESR_TAG) $(GIT_HASH) -m "Hg tag $(ESR_TAG)"`
+- [ ] Create new alpha `base-browser` branch from Firefox mercurial tag
+  - Branch name in the form: `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1`
+  - **Example**: `base-browser-102.8.0esr-12.5-1`
+- [ ] Create new alpha `tor-browser` branch from Firefox mercurial tag
+  - Branch name in the form: `tor-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1`
+  - **Example**: `tor-browser-102.8.0esr-12.5-1`
+- [ ] Push new `base-browser` branch to `upstream`
+- [ ] Push new `tor-browser` branch to `upstream`
+
+### **Rebase tor-browser**
+
+- [ ] Checkout a new local branch for the `tor-browser` rebase
+  - **Example**: `git branch tor-browser-rebase FIREFOX_102_8_0esr_BUILD1`
+- [ ] **(Optional)** `base-browser` rebase and autosquash
+  - **NOTE** This step may be skipped if the `HEAD` of the previous `base-browser` branch is a `-buildN` tag
+  - [ ] Cherry-pick the previous `base-browser` commits up to `base-browser`'s `buildN` tag onto new `base-browser` rebase branch
+    - **Example**: `git cherry-pick FIREFOX_102_7_0esr_BUILD1..base-browser-102.7.0esr-12.5-1-build1`
+  - [ ] Rebase and autosquash these cherry-picked commits
+    - **Example**: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_BUILD1 HEAD`
+  - [ ] Cherry-pick remainder of patches after the `buildN` tag
+    - **Example**: `git cherry-pick base-browser-102.7.0esr-12.5-1-build1..upstream/base-browser-102.7.0esr-12.5-1`
+
+- [ ] `tor-browser` rebase and autosquash
+  - [ ] Note the current git hash of `HEAD` for `tor-browser` rebase+autosquash step: `git rev-parse HEAD`
+  - [ ] Cherry-pick the appropriate previous `tor-browser` branch's commit range up to the last `tor-browser` `buildN` tag
+    - **Example**: `git cherry-pick base-browser-102.7.0esr-12.5-1-build1..tor-browser-102.7.0esr-12.5-1-build1`
+    - **Example (if separate base-browser rebase was skipped)**: `git cherry-pick FIREFOX_102_7_0esr_BUILD1..tor-browser-102.7.0esr-12.5-1-build1`
+  - [ ] Rebase and autosquash  **ONLY** these newly cherry-picked commits using the commit noted previously: `git rebase --autosquash --interactive $(PREV_HEAD)`
+     - **Example**: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_RELEASE`
+  - [ ] **(Optional)** Patch reordering
+    - **NOTE**: We typically want to do this after new features or bug fix commits which are not !fixups to an existing commit have been merged and are just sitting at the end of the commit history
+    - Relocate new `base-browser` patches in the patch-set to enforce this rough thematic ordering:
+      - **MOZILLA BACKPORTS** - official Firefox patches we have backported to our ESR branch: Android-specific security updates, critical bug fixes, worthwhile features, etc
+      - **MOZILLA REVERTS** - revert commits of official Firefox patches
+      - **UPLIFT CANDIDATES** - patches which stand on their own and should be uplifted to `mozilla-central`
+      - **BUILD CONFIGURATION** - tools/scripts, gitlab templates, etc
+      - **BROWSER CONFIGURATION** - branding, mozconfigs, preference overrides, etc
+      - **SECURITY PATCHES** - security improvements, hardening, etc
+      - **PRIVACY PATCHES** - fingerprinting, linkability, proxy bypass, etc
+      - **FEATURES** - new functionality: updater, UX, letterboxing, security level, add-on
+    - Relocate new `tor-browser` patches in the patch-set to enforce this rough thematic ordering:
+      - **BUILD CONFIGURATION** - tools/scripts, gitlab templates, etc
+      - **BROWSER CONFIGURATION** - branding, mozconfigs, preference overrides, etc
+      - **UPDATER PATCHES** - updater tweaks, signing keys, etc
+      - **SECURITY PATCHES** - non tor-dependent security improvements, hardening, etc
+      - **PRIVACY PATCHES** - non tor-dependent fingerprinting, linkability, proxy bypass, etc
+      - **FEAURES** - non tor-dependent features
+      - **TOR INTEGRATION** - legacy tor-launcher/torbutton, tor modules, bootstrapping, etc
+      - **TOR SECURITY PATCHES** - tor-specific security improvements
+      - **TOR PRIVACY PATCHES** - tor-specific privacy improvements
+      - **TOR FEATURES** - new tor-specific functionality: manual, onion-location, onion service client auth, etc
+  - [ ] Cherry-pick remainder of patches after the last `tor-browser` `buildN` tag
+    - **Example**: `git cherry-pick tor-browser-102.7.0esr-12.5-1-build1..upstream/tor-browser-102.7.0esr-12.5-1`
+  - [ ] Rebase and autosquash again, this time replacing all `fixup` and `squash` commands with `pick`. The goal here is to have all of the `fixup` and `squash` commits beside the commit which they modify, but kept un-squashed for easy debugging/bisecting.
+    - **Example**: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_RELEASE`
+- [ ] Compare patch sets to ensure nothing *weird* happened during conflict resolution:
+  - [ ] diff of diffs:
+    -  Do the diff between `current_patchset.diff` and `rebased_patchset.diff` with your preferred difftool and look at differences on lines that starts with + or -
+    - `git diff $(ESR_TAG_PREV)..$(BROWSER_BRANCH_PREV) > current_patchset.diff`
+    - `git diff $(ESR_TAG)..$(BROWSER_BRANCH) > rebased_patchset.diff`
+    - diff `current_patchset.diff` and `rebased_patchset.diff`
+      - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456` (unless the previous `base-browser` branch includes changes not included in the previous `tor-browser` branch)
+  - [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) $(ESR_TAG)..HEAD`
+    - **Example**: `git range-dif FIREFOX_102_7_0esr_BUILD1..upstream/tor-browser-102.7.0esr-12.5-1 FIREFOX_102_8_0esr_BUILD1..HEAD`
+- [ ] Open MR for the `tor-browser` rebase
+- [ ] Merge
+- Update and push `base-browser` branch
+  - [ ] Reset the new `base-browser` branch to the appropriate commit in this new `tor-browser` branch
+  - [ ] Push these commits to `upstream`
+- [ ] Set `$(TOR_BROWSER_BRANCH)` as the default GitLab branch
+  - [ ] Go to [Repository Settings](https://gitlab.torproject.org/tpo/applications/tor-browser/-/settings/repository)
+  - [ ] Expand `Branch defaults`
+  - [ ] Set the branch and leave the `Auto-close` checkbox unchecked
+  - [ ] Save changes
+
+### **Sign and Tag**
+
+- [ ] Sign/Tag `HEAD` of the merged `tor-browser` branch:
+  - **Tag**: `tor-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1`
+  - **Message**: `Tagging build1 for $(ESR_VERSION)esr-based alpha`
+  - [ ] Push tag to `upstream`
+- [ ] Sign/Tag HEAD of the merged `base-browser` branch:
+  - **Tag**: `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1`
+  - **Message**: `Tagging build1 for $(ESR_VERSION)esr-based alpha`
+  - [ ] Push tag to `upstream`
--- a/.gitlab/issue_templates/Rebase Browser - Stable.md
+++ b/.gitlab/issue_templates/Rebase Browser - Stable.md
+**NOTE:** All examples in this template reference the rebase from 102.7.0esr to 102.8.0esr
+
+<details>
+  <summary>Explanation of Variables</summary>
+
+- `$(ESR_VERSION)`: the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc
+  - **Example**: `102.8.0`
+- `$(ESR_TAG)`: the Mozilla defined hg (Mercurial) tag associated with `$(ESR_VERSION)`
+  - **Example**: `FIREFOX_102_8_0esr_RELEASE`
+- `$(ESR_TAG_PREV)`: the Mozilla defined hg (Mercurial) tag associated with the previous ESR version when rebasing (ie, the ESR version we are rebasing from)
+  - **Example**: `FIREFOX_102_7_0esr_BUILD1`
+- `$(BROWSER_MAJOR)`: the browser major version
+  - **Example**: `12`
+- `$(BROWSER_MINOR)`: the browser minor version
+  - **Example**: either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
+- `$(BASE_BROWSER_BRANCH)`: the full name of the current `base-browser` branch
+  - **Example**: `base-browser-102.8.0esr-12.0-1`
+- `$(BASE_BROWSER_BRANCH_PREV)`: the full name of the previous `base-browser` branch
+  - **Example**: `base-browser-102.7.0esr-12.0-1`
+- `$(TOR_BROWSER_BRANCH)`: the full name of the current `tor-browser` branch
+  - **Example**: `tor-browser-102.8.0esr-12.0-1`
+- `$(TOR_BROWSER_BRANCH_PREV)`: the full name of the previous `tor-browser` branch
+  - **Example**: `tor-browser-102.7.0esr-12.0-1`
+</details>
+
+### **Bookkeeping**
+
+- [ ] Link this issue to the appropriate [Release Prep](https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/?sort=updated_desc&state=opened&label_name%5B%5D=Release%20Prep) issue.
+
+### Update Branch Protection Rules
+
+- [ ] In [Repository Settings](https://gitlab.torproject.org/tpo/applications/tor-browser/-/settings/repository):
+  - [ ] Remove previous stable `base-browser` and `tor-browser` branch protection rules (this will prevent pushing new changes to the branches being rebased)
+  - [ ] Create new `base-browser` and `tor-browser` branch protection rule:
+    - **Branch**: `*-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1*`
+      - **Example**: `*-102.8.0esr-12.0-1*`
+    - **Allowed to merge**: `Maintainers`
+    - **Allowed to push and merge**: `Maintainers`
+    - **Allowed to force push**: `false`
+
+### **Identify the Firefox Tagged Commit and Create New Branches**
+
+- [ ] Find the Firefox mercurial tag here: https://hg.mozilla.org/releases/mozilla-esr102/tags
+   - **Example**: `FIREFOX_102_8_0esr_BUILD1`
+- [ ] Find the analogous `gecko-dev` commit: https://github.com/mozilla/gecko-dev
+  - **Tip**: Search for unique string (like the Differential Revision ID) found in the mercurial commit in the `gecko-dev/esr102` branch to find the equivalent commit
+  - **Example**: `3a3a96c9eedd02296d6652dd50314fccbc5c4845`
+- [ ] Sign and Tag `gecko-dev` commit
+  - Sign/Tag `gecko-dev` commit :
+    - **Tag**: `$(ESR_TAG)`
+    - **Message**: `Hg tag $(ESR_TAG)`
+- [ ] Create new stable `base-browser` branch from tag
+  - Branch name in the form: `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1`
+  - **Example**: `base-browser-102.8.0esr-12.0-1`
+- [ ] Create new stable `tor-browser` branch from
+  - Branch name in the form: `tor-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1`
+  - **Example**: `tor-browser-102.8.0esr-12.0-1`
+- [ ] Push new `base-browser` branch to `upstream`
+- [ ] Push new `tor-browser` branch to `upstream`
+- [ ] Push new `$(ESR_TAG)` to `upstream`
+
+### **Rebase tor-browser**
+
+- [ ] Checkout a new local branch for the `tor-browser` rebase
+  - **Example**: `git branch tor-browser-rebase FIREFOX_102_8_0esr_BUILD1`
+- [ ] **(Optional)** `base-browser` rebase
+  - **NOTE** This step may be skipped if the `HEAD` of the previous `base-browser` branch is a `-buildN` tag
+  - [ ] Cherry-pick the previous `base-browser` commits up to `base-browser`'s `buildN` tag onto new `base-browser` rebase branch
+    - **Example**: `git cherry-pick FIREFOX_102_7_0esr_BUILD1..base-browser-102.7.0esr-12.0-1-build1`
+  - [ ] Rebase and autosquash these cherry-picked commits
+    - **Example**: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_BUILD1 HEAD`
+  - [ ] Cherry-pick remainder of patches after the `buildN` tag
+    - **Example**: `git cherry-pick base-browser-102.7.0esr-12.0-1-build1..upstream/base-browser-102.7.0esr-12.0-1`
+- [ ] `tor-browser` rebase
+  - [ ] Note the current git hash of `HEAD` for `tor-browser` rebase+autosquash step: `git rev-parse HEAD`
+  - [ ] Cherry-pick the appropriate previous `tor-browser` branch's commit range up to the last `tor-browser` `buildN` tag
+    - **Example**: `git cherry-pick base-browser-102.7.0esr-12.0-1-build1..tor-browser-102.7.0esr-12.0-1-build1`
+    - **Example (if separate base-browser rebase was skipped)**: `git cherry-pick FIREFOX_102_7_0esr_BUILD1..tor-browser-102.7.0esr-12.0-1-build1`
+  - [ ] Rebase and autosquash these newly cherry-picked commits: `git rebase --autosquash --interactive $(PREV_HEAD)`
+     - **Example**: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_RELEASE`
+  - [ ] Cherry-pick remainder of patches after the last `tor-browser` `buildN` tag
+    - **Example**: `git cherry-pick tor-browser-102.7.0esr-12.0-1-build1..upstream/tor-browser-102.7.0esr-12.0-1`
+  - [ ] Rebase and autosquash again, this time replacing all `fixup` and `squash` commands with `pick`. The goal here is to have all of the `fixup` and `squash` commits beside the commit which they modify, but kept un-squashed for easy debugging/bisecting.
+    - **Example**: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_RELEASE`
+- [ ] Compare patch sets to ensure nothing *weird* happened during conflict resolution:
+  - [ ] diff of diffs:
+    -  Do the diff between `current_patchset.diff` and `rebased_patchset.diff` with your preferred difftool and look at differences on lines that starts with + or -
+    - `git diff $(ESR_TAG_PREV)..$(BROWSER_BRANCH_PREV) > current_patchset.diff`
+    - `git diff $(ESR_TAG)..$(BROWSER_BRANCH) > rebased_patchset.diff`
+    - diff `current_patchset.diff` and `rebased_patchset.diff`
+      - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456` (unless the previous `base-browser` branch includes changes not included in the previous `tor-browser` branch)
+  - [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) $(ESR_TAG)..HEAD`
+    - **Example**: `git range-dif FIREFOX_102_7_0esr_BUILD1..upstream/tor-browser-102.7.0esr-12.0-1 FIREFOX_102_8_0esr_BUILD1..HEAD`
+- [ ] Open MR for the `tor-browser` rebase
+- [ ] Merge
+- Update and push `base-browser` branch
+  - [ ] Reset the new `base-browser` branch to the appropriate commit in this new `tor-browser` branch
+  - [ ] Push these commits to `upstream`
+
+### **Sign and Tag**
+
+- [ ] Sign/Tag `HEAD` of the merged `tor-browser` branch:
+  - **Tag**: `tor-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1`
+  - **Message**: `Tagging build1 for $(ESR_VERSION)esr-based stable`
+  - [ ] Push tag to `upstream`
+- [ ] Sign/Tag HEAD of the merged `base-browser` branch:
+  - **Tag**: `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1`
+  - **Message**: `Tagging build1 for $(ESR_VERSION)esr-based stable`
+  - [ ] Push tag to `upstream`
--- a/.gitlab/issue_templates/bug.md
+++ b/.gitlab/issue_templates/bug.md
+<!--
+* Use this issue template for reporting a new bug.
+-->
+
+### Summary
+**Summarize the bug encountered concisely.**
+
+
+### Steps to reproduce:
+**How one can reproduce the issue - this is very important.**
+
+1. Step 1
+2. Step 2
+3. ...
+
+### What is the current bug behavior?
+**What actually happens.**
+
+
+### What is the expected behavior?
+**What you want to see instead**
+
+
+
+### Environment
+**Which operating system are you using? For example: Debian GNU/Linux 10.1, Windows 10, Ubuntu Xenial, FreeBSD 12.2, etc.**
+**Which installation method did you use? Distribution package (apt, pkg, homebrew), from source tarball, from Git, etc.**
+
+### Relevant logs and/or screenshots
+
+
+/label ~bug
--- a/.gitlab/merge_request_templates/default.md
+++ b/.gitlab/merge_request_templates/default.md
+## Merge Info
+
+<!-- Bookkeeping information for release management -->
+
+### Related Issues
+- tor-browser#xxxxx
+- mullvad-browser#xxxxx
+- tor-browser-build#xxxxx
+
+### Backporting
+
+#### Timeline
+- [ ] **Immediate**: patchset needed as soon as possible
+- [ ] **Next Minor Stable Release**: patchset that needs to be verified in nightly before backport
+- [ ] **Eventually**: patchset that needs to be verified in alpha before backport
+- [ ] **No Backport (preferred)**: patchset for the next major stable
+
+#### (Optional) Justification
+- [ ] **Emergency security update**: patchset fixes CVEs, 0-days, etc
+- [ ] **Censorship event**: patchset enables censorship circumvention
+- [ ] **Critical bug-fix**: patchset fixes a bug in core-functionality
+- [ ] **Consistency**: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
+- [ ] **Sponsor required**: patchset required for sponsor
+- [ ] **Other**: please explain
+
+### Merging
+- [ ] Merge to `tor-browser` - `!fixups` to `tor-browser`-specific commits, new features, security backports
+- [ ] Merge to `base-browser` - `!fixups` to `base-browser`-specific commits, new features to be shared with `mullvad-browser`, and security backports
+  - **NOTE**: if your changeset includes patches to both `base-browser` and `tor-browser` please clearly label in the change description which commits should be cherry-picked to `base-browser` after merging
+
+### Issue Tracking
+- [ ] Link resolved issues with appropriate [Release Prep issue](https://gitlab.torproject.org/groups/tpo/applications/-/issues/?sort=updated_desc&state=opened&label_name%5B%5D=Release%20Prep&first_page_size=20) for changelog generation
+
+### Review
+
+#### Request Reviewer
+
+- [ ] Request review from an applications developer depending on modified system:
+  - **NOTE**: if the MR modifies multiple areas, please `/cc` all the relevant reviewers (since gitlab only allows 1 reviewer)
+  - **accessibility** : henry
+  - **android** : clairehurst, dan
+  - **build system** : boklm
+  - **extensions** : ma1
+  - **firefox internals (XUL/JS/XPCOM)** : ma1
+  - **fonts** : pierov
+  - **frontend (implementation)** : henry
+  - **frontend (review)** : donuts, richard
+  - **localization** : henry, pierov
+  - **macos** : clairehurst, dan
+  - **nightly builds** : boklm
+  - **rebases/release-prep** : dan, ma1, pierov, richard
+  - **security** : ma1
+  - **signing** : boklm, richard
+  - **updater** : pierov
+  - **misc/other** : pierov, richard
+
+#### Change Description
+
+<!-- Whatever context the reviewer needs to effectively review the patchset; if the patch includes UX updates be sure to include screenshots/video of how any new behaviour -->
+
+#### How Tested
+
+<!-- Description of steps taken to verify the change -->
\ No newline at end of file
--- a/accessible/android/SessionAccessibility.cpp
+++ b/accessible/android/SessionAccessibility.cpp
@@ -269,12 +269,9 @@ RefPtr<SessionAccessibility> SessionAccessibility::GetInstanceFor(
      return GetInstanceFor(doc->GetPresShell());
    }
  } else {
-    DocAccessibleParent* remoteDoc = aAccessible->AsRemote()->Document();
-    if (remoteDoc->mSessionAccessibility) {
-      return remoteDoc->mSessionAccessibility;
-    }
    dom::CanonicalBrowsingContext* cbc =
-        static_cast<dom::BrowserParent*>(remoteDoc->Manager())
+        static_cast<dom::BrowserParent*>(
+            aAccessible->AsRemote()->Document()->Manager())
            ->GetBrowsingContext()
            ->Top();
    dom::BrowserParent* bp = cbc->GetBrowserParent();
@@ -285,10 +282,7 @@ RefPtr<SessionAccessibility> SessionAccessibility::GetInstanceFor(
    if (auto element = bp->GetOwnerElement()) {
      if (auto doc = element->OwnerDoc()) {
        if (nsPresContext* presContext = doc->GetPresContext()) {
-          RefPtr<SessionAccessibility> sessionAcc =
-              GetInstanceFor(presContext->PresShell());
-          remoteDoc->mSessionAccessibility = sessionAcc;
-          return sessionAcc;
+          return GetInstanceFor(presContext->PresShell());
        }
      } else {
        MOZ_ASSERT_UNREACHABLE(
@@ -684,14 +678,7 @@ void SessionAccessibility::PopulateNodeInfo(
 }

 Accessible* SessionAccessibility::GetAccessibleByID(int32_t aID) const {
-  Accessible* accessible = mIDToAccessibleMap.Get(aID);
-  if (accessible && accessible->IsLocal() &&
-      accessible->AsLocal()->IsDefunct()) {
-    MOZ_ASSERT_UNREACHABLE("Registered accessible is defunct!");
-    return nullptr;
-  }
-
-  return accessible;
+  return mIDToAccessibleMap.Get(aID);
 }

 #ifdef DEBUG
@@ -705,6 +692,58 @@ static bool IsDetachedDoc(Accessible* aAccessible) {
 }
 #endif

+SessionAccessibility::IDMappingEntry::IDMappingEntry(Accessible* aAccessible)
+    : mInternalID(0) {
+  *this = aAccessible;
+}
+
+SessionAccessibility::IDMappingEntry&
+SessionAccessibility::IDMappingEntry::operator=(Accessible* aAccessible) {
+  mInternalID = aAccessible->ID();
+  MOZ_ASSERT(!(mInternalID & IS_REMOTE), "First bit is used in accessible ID!");
+  if (aAccessible->IsRemote()) {
+    mInternalID |= IS_REMOTE;
+  }
+
+  Accessible* docAcc = nsAccUtils::DocumentFor(aAccessible);
+  MOZ_ASSERT(docAcc);
+  if (docAcc) {
+    MOZ_ASSERT(docAcc->IsRemote() == aAccessible->IsRemote());
+    if (docAcc->IsRemote()) {
+      mDoc = docAcc->AsRemote()->AsDoc();
+    } else {
+      mDoc = docAcc->AsLocal();
+    }
+  }
+
+  return *this;
+}
+
+SessionAccessibility::IDMappingEntry::operator Accessible*() const {
+  if (mInternalID == 0) {
+    return static_cast<LocalAccessible*>(mDoc.get());
+  }
+
+  if (mInternalID == IS_REMOTE) {
+    return static_cast<DocAccessibleParent*>(mDoc.get());
+  }
+
+  if (mInternalID & IS_REMOTE) {
+    return static_cast<DocAccessibleParent*>(mDoc.get())
+        ->GetAccessible(mInternalID & ~IS_REMOTE);
+  }
+
+  Accessible* accessible =
+      static_cast<LocalAccessible*>(mDoc.get())
+          ->AsDoc()
+          ->GetAccessibleByUniqueID(reinterpret_cast<void*>(mInternalID));
+  // If the accessible is retrievable from the DocAccessible, it can't be
+  // defunct.
+  MOZ_ASSERT(!accessible->AsLocal()->IsDefunct());
+
+  return accessible;
+}
+
 void SessionAccessibility::RegisterAccessible(Accessible* aAccessible) {
  if (IPCAccessibilityActive()) {
    // Don't register accessible in content process.
@@ -766,7 +805,6 @@ void SessionAccessibility::UnregisterAccessible(Accessible* aAccessible) {
  }

  RefPtr<SessionAccessibility> sessionAcc = GetInstanceFor(aAccessible);
-  MOZ_ASSERT(sessionAcc, "Need SessionAccessibility to unregister Accessible!");
  if (sessionAcc) {
    Accessible* registeredAcc =
        sessionAcc->mIDToAccessibleMap.Get(virtualViewID);

--- a/accessible/android/SessionAccessibility.h
+++ b/accessible/android/SessionAccessibility.h
@@ -110,10 +110,34 @@ class SessionAccessibility final
  jni::NativeWeakPtr<widget::GeckoViewSupport> mWindow;  // Parent only
  java::SessionAccessibility::NativeProvider::GlobalRef mSessionAccessibility;

+  class IDMappingEntry {
+   public:
+    explicit IDMappingEntry(Accessible* aAccessible);
+
+    IDMappingEntry& operator=(Accessible* aAccessible);
+
+    operator Accessible*() const;
+
+   private:
+    // A strong reference to a DocAccessible or DocAccessibleParent. They don't
+    // share any useful base class except nsISupports, so we use that.
+    // When we retrieve the document from this reference we cast it to
+    // LocalAccessible in the DocAccessible case because DocAccessible has
+    // multiple inheritance paths for nsISupports.
+    RefPtr<nsISupports> mDoc;
+    // The ID of the accessible as used in the internal doc mapping.
+    // We rely on this ID being pointer derived and therefore divisible by two
+    // so we can use the first bit to mark if it is remote or not.
+    uint64_t mInternalID;
+
+    static const uintptr_t IS_REMOTE = 0x1;
+  };
+
  /*
   * This provides a mapping from 32 bit id to accessible objects.
   */
-  nsTHashMap<nsUint32HashKey, Accessible*> mIDToAccessibleMap;
+  nsBaseHashtable<nsUint32HashKey, IDMappingEntry, Accessible*>
+      mIDToAccessibleMap;
 };

 }  // namespace a11y

--- a/accessible/ipc/DocAccessibleParent.cpp
+++ b/accessible/ipc/DocAccessibleParent.cpp
@@ -29,7 +29,6 @@
 #endif

 #if defined(ANDROID)
-#  include "mozilla/a11y/SessionAccessibility.h"
 #  define ACQUIRE_ANDROID_LOCK \
    MonitorAutoLock mal(nsAccessibilityService::GetAndroidMonitor());
 #else

--- a/accessible/ipc/DocAccessibleParent.h
+++ b/accessible/ipc/DocAccessibleParent.h
@@ -29,10 +29,6 @@ class xpcAccessibleGeneric;
 class DocAccessiblePlatformExtParent;
 #endif

-#ifdef ANDROID
-class SessionAccessibility;
-#endif
-
 /*
 * These objects live in the main process and comunicate with and represent
 * an accessible document in a content process.
@@ -348,10 +344,6 @@ class DocAccessibleParent : public RemoteAccessible,

  size_t SizeOfExcludingThis(MallocSizeOf aMallocSizeOf) override;

-#ifdef ANDROID
-  RefPtr<SessionAccessibility> mSessionAccessibility;
-#endif
-
 private:
  ~DocAccessibleParent();


--- a/accessible/ipc/moz.build
+++ b/accessible/ipc/moz.build
@@ -24,11 +24,6 @@ else:
        LOCAL_INCLUDES += [
            "/accessible/mac",
        ]
-    elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "android":
-        LOCAL_INCLUDES += [
-            "/accessible/android",
-            "/widget/android",
-        ]
    else:
        LOCAL_INCLUDES += [
            "/accessible/other",

--- a/browser/actors/AboutTBUpdateChild.jsm
+++ b/browser/actors/AboutTBUpdateChild.jsm
+// Copyright (c) 2020, The Tor Project, Inc.
+// See LICENSE for licensing information.
+//
+// vim: set sw=2 sts=2 ts=8 et syntax=javascript:
+
+var EXPORTED_SYMBOLS = ["AboutTBUpdateChild"];
+
+const { RemotePageChild } = ChromeUtils.import(
+  "resource://gre/actors/RemotePageChild.jsm"
+);
+
+class AboutTBUpdateChild extends RemotePageChild {}
--- a/browser/actors/AboutTBUpdateParent.jsm
+++ b/browser/actors/AboutTBUpdateParent.jsm
+// Copyright (c) 2020, The Tor Project, Inc.
+// See LICENSE for licensing information.
+//
+// vim: set sw=2 sts=2 ts=8 et syntax=javascript:
+
+"use strict";
+
+var EXPORTED_SYMBOLS = ["AboutTBUpdateParent"];
+
+const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
+const { AppConstants } = ChromeUtils.import(
+  "resource://gre/modules/AppConstants.jsm"
+);
+
+const kRequestUpdateMessageName = "FetchUpdateData";
+
+/**
+ * This code provides services to the about:tbupdate page. Whenever
+ * about:tbupdate needs to do something chrome-privileged, it sends a
+ * message that's handled here. It is modeled after Mozilla's about:home
+ * implementation.
+ */
+class AboutTBUpdateParent extends JSWindowActorParent {
+  async receiveMessage(aMessage) {
+    if (aMessage.name == kRequestUpdateMessageName) {
+      return this.getReleaseNoteInfo();
+    }
+    return undefined;
+  }
+
+  get moreInfoURL() {
+    try {
+      return Services.prefs.getCharPref("torbrowser.post_update.url");
+    } catch (e) {}
+
+    // Use the default URL as a fallback.
+    return Services.urlFormatter.formatURLPref("startup.homepage_override_url");
+  }
+
+  // Read the text from the beginning of the changelog file that is located
+  // at TorBrowser/Docs/ChangeLog.txt (or,
+  // TorBrowser.app/Contents/Resources/TorBrowser/Docs/ on macOS, to support
+  // Gatekeeper signing) and return an object that contains the following
+  // properties:
+  //   version        e.g., Tor Browser 8.5
+  //   releaseDate    e.g., March 31 2019
+  //   releaseNotes   details of changes (lines 2 - end of ChangeLog.txt)
+  // We attempt to parse the first line of ChangeLog.txt to extract the
+  // version and releaseDate. If parsing fails, we return the entire first
+  // line in version and omit releaseDate.
+  async getReleaseNoteInfo() {
+    let info = { moreInfoURL: this.moreInfoURL };
+
+    try {
+      // "XREExeF".parent is the directory that contains firefox, i.e.,
+      // Browser/ or, TorBrowser.app/Contents/MacOS/ on macOS.
+      let f = Services.dirsvc.get("XREExeF", Ci.nsIFile).parent;
+      if (AppConstants.platform === "macosx") {
+        f = f.parent;
+        f.append("Resources");
+      }
+      f.append("TorBrowser");
+      f.append("Docs");
+      f.append("ChangeLog.txt");
+
+      // NOTE: We load in the entire file, but only use the first few lines
+      // before the first blank line.
+      const logLines = (await IOUtils.readUTF8(f.path))
+        .replace(/\n\r?\n.*/ms, "")
+        .split(/\n\r?/);
+
+      // Read the first line to get the version and date.
+      // Assume everything after the last "-" is the date.
+      const firstLine = logLines.shift();
+      const match = firstLine?.match(/(.*)-+(.*)/);
+      if (match) {
+        info.version = match[1].trim();
+        info.releaseDate = match[2].trim();
+      } else {
+        // No date.
+        info.version = firstLine?.trim();
+      }
+
+      // We want to read the rest of the release notes as a tree. Each entry
+      // will contain the text for that line.
+      // We choose a negative index for the top node of this tree to ensure no
+      // line will appear less indented.
+      const topEntry = { indent: -1, children: undefined };
+      let prevEntry = topEntry;
+
+      for (let line of logLines) {
+        const indent = line.match(/^ */)[0];
+        line = line.trim();
+        if (line.startsWith("*")) {
+          // Treat as a bullet point.
+          let entry = {
+            text: line.replace(/^\*\s/, ""),
+            indent: indent.length,
+          };
+          let parentEntry;
+          if (entry.indent > prevEntry.indent) {
+            // A sub-list of the previous item.
+            prevEntry.children = [];
+            parentEntry = prevEntry;
+          } else {
+            // Same list or end of sub-list.
+            // Search for the first parent whose indent comes before ours.
+            parentEntry = prevEntry.parent;
+            while (entry.indent <= parentEntry.indent) {
+              parentEntry = parentEntry.parent;
+            }
+          }
+          entry.parent = parentEntry;
+          parentEntry.children.push(entry);
+          prevEntry = entry;
+        } else if (prevEntry === topEntry) {
+          // Unexpected, missing bullet point on first line.
+          // Place as its own bullet point instead, and set as prevEntry for the
+          // next loop.
+          prevEntry = { text: line, indent: indent.length, parent: topEntry };
+          topEntry.children = [prevEntry];
+        } else {
+          // Append to the previous bullet point.
+          prevEntry.text += ` ${line}`;
+        }
+      }
+
+      info.releaseNotes = topEntry.children;
+    } catch (e) {
+      console.error(e);
+    }
+
+    return info;
+  }
+}
--- a/browser/actors/CryptoSafetyChild.jsm
+++ b/browser/actors/CryptoSafetyChild.jsm
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* Copyright (c) 2020, The Tor Project, Inc.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+var EXPORTED_SYMBOLS = ["CryptoSafetyChild"];
+
+const { Bech32Decode } = ChromeUtils.import(
+  "resource://gre/modules/Bech32Decode.jsm"
+);
+
+const { XPCOMUtils } = ChromeUtils.import(
+  "resource://gre/modules/XPCOMUtils.jsm"
+);
+
+const lazy = {};
+
+XPCOMUtils.defineLazyPreferenceGetter(
+  lazy,
+  "isCryptoSafetyEnabled",
+  "security.cryptoSafety",
+  true // Defaults to true.
+);
+
+function looksLikeCryptoAddress(s) {
+  // P2PKH and P2SH addresses
+  // https://stackoverflow.com/a/24205650
+  const bitcoinAddr = /^[13][a-km-zA-HJ-NP-Z1-9]{25,39}$/;
+  if (bitcoinAddr.test(s)) {
+    return true;
+  }
+
+  // Bech32 addresses
+  if (Bech32Decode(s) !== null) {
+    return true;
+  }
+
+  // regular addresses
+  const etherAddr = /^0x[a-fA-F0-9]{40}$/;
+  if (etherAddr.test(s)) {
+    return true;
+  }
+
+  // t-addresses
+  // https://www.reddit.com/r/zec/comments/8mxj6x/simple_regex_to_validate_a_zcash_tz_address/dzr62p5/
+  const zcashAddr = /^t1[a-zA-Z0-9]{33}$/;
+  if (zcashAddr.test(s)) {
+    return true;
+  }
+
+  // Standard, Integrated, and 256-bit Integrated addresses
+  // https://monero.stackexchange.com/a/10627
+  const moneroAddr =
+    /^4(?:[0-9AB]|[1-9A-HJ-NP-Za-km-z]{12}(?:[1-9A-HJ-NP-Za-km-z]{30})?)[1-9A-HJ-NP-Za-km-z]{93}$/;
+  if (moneroAddr.test(s)) {
+    return true;
+  }
+
+  return false;
+}
+
+class CryptoSafetyChild extends JSWindowActorChild {
+  handleEvent(event) {
+    if (
+      !lazy.isCryptoSafetyEnabled ||
+      // Ignore non-HTTP addresses.
+      // We do this before reading the host property since this is not available
+      // for about: pages.
+      !this.document.documentURIObject.schemeIs("http") ||
+      // Ignore onion addresses.
+      this.document.documentURIObject.host.endsWith(".onion") ||
+      (event.type !== "copy" && event.type !== "cut")
+    ) {
+      return;
+    }
+
+    this.contentWindow.navigator.clipboard.readText().then(clipText => {
+      const selection = clipText.replace(/\s+/g, "");
+      if (!looksLikeCryptoAddress(selection)) {
+        return;
+      }
+      this.sendAsyncMessage("CryptoSafety:CopiedText", {
+        selection,
+        host: this.document.documentURIObject.host,
+      });
+    });
+  }
+}
--- a/browser/actors/CryptoSafetyParent.jsm
+++ b/browser/actors/CryptoSafetyParent.jsm
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* Copyright (c) 2020, The Tor Project, Inc.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+var EXPORTED_SYMBOLS = ["CryptoSafetyParent"];
+
+const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
+const { XPCOMUtils } = ChromeUtils.import(
+  "resource://gre/modules/XPCOMUtils.jsm"
+);
+
+const lazy = {};
+
+ChromeUtils.defineModuleGetter(
+  lazy,
+  "TorDomainIsolator",
+  "resource://gre/modules/TorDomainIsolator.jsm"
+);
+
+XPCOMUtils.defineLazyGetter(lazy, "cryptoSafetyBundle", () => {
+  return Services.strings.createBundle(
+    "chrome://browser/locale/cryptoSafetyPrompt.properties"
+  );
+});
+
+// en-US fallback in case a locale is missing a string.
+XPCOMUtils.defineLazyGetter(lazy, "fallbackCryptoSafetyBundle", () => {
+  return Services.strings.createBundle(
+    "resource:///chrome/en-US/locale/browser/cryptoSafetyPrompt.properties"
+  );
+});
+
+XPCOMUtils.defineLazyPreferenceGetter(
+  lazy,
+  "isCryptoSafetyEnabled",
+  "security.cryptoSafety",
+  true // Defaults to true.
+);
+
+/**
+ * Get a formatted string from the locale's bundle, or the en-US bundle if the
+ * string is missing.
+ *
+ * @param {string} name - The string's name.
+ * @param {string[]} [args] - Positional arguments to pass to the format string,
+ *   or leave empty if none are needed.
+ *
+ * @returns {string} - The formatted string.
+ */
+function getString(name, args = []) {
+  try {
+    return lazy.cryptoSafetyBundle.formatStringFromName(name, args);
+  } catch {
+    return lazy.fallbackCryptoSafetyBundle.formatStringFromName(name, args);
+  }
+}
+
+class CryptoSafetyParent extends JSWindowActorParent {
+  receiveMessage(aMessage) {
+    if (
+      !lazy.isCryptoSafetyEnabled ||
+      aMessage.name !== "CryptoSafety:CopiedText"
+    ) {
+      return;
+    }
+
+    let address = aMessage.data.selection;
+    if (address.length > 32) {
+      address = `${address.substring(0, 32)}…`;
+    }
+
+    const buttonPressed = Services.prompt.confirmEx(
+      this.browsingContext.topChromeWindow,
+      getString("cryptoSafetyPrompt.cryptoTitle"),
+      getString("cryptoSafetyPrompt.cryptoBody", [address, aMessage.data.host]),
+      Services.prompt.BUTTON_TITLE_IS_STRING * Services.prompt.BUTTON_POS_0 +
+        Services.prompt.BUTTON_TITLE_IS_STRING * Services.prompt.BUTTON_POS_1,
+      getString("cryptoSafetyPrompt.primaryAction"),
+      getString("cryptoSafetyPrompt.secondaryAction"),
+      null,
+      null,
+      {}
+    );
+
+    if (buttonPressed === 0) {
+      const { browsingContext } = this.manager;
+      const browser = browsingContext.embedderElement;
+      if (browser) {
+        lazy.TorDomainIsolator.newCircuitForBrowser(
+          browser.ownerGlobal.gBrowser
+        );
+      }
+    }
+  }
+}
--- a/browser/actors/RFPHelperChild.sys.mjs
+++ b/browser/actors/RFPHelperChild.sys.mjs
-/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs";
-
-const kPrefLetterboxing = "privacy.resistFingerprinting.letterboxing";
-
-const lazy = {};
-
-XPCOMUtils.defineLazyPreferenceGetter(
-  lazy,
-  "isLetterboxingEnabled",
-  kPrefLetterboxing,
-  false
-);
-
-export class RFPHelperChild extends JSWindowActorChild {
-  handleEvent(event) {
-    if (lazy.isLetterboxingEnabled && event.type == "resize") {
-      this.sendAsyncMessage("Letterboxing:ContentSizeUpdated");
-    }
-  }
-}
--- a/browser/actors/RFPHelperParent.sys.mjs
+++ b/browser/actors/RFPHelperParent.sys.mjs
-1; /* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs";
-
-const lazy = {};
-ChromeUtils.defineESModuleGetters(lazy, {
-  RFPHelper: "resource://gre/modules/RFPHelper.sys.mjs",
-});
-
-const kPrefLetterboxing = "privacy.resistFingerprinting.letterboxing";
-
-XPCOMUtils.defineLazyPreferenceGetter(
-  lazy,
-  "isLetterboxingEnabled",
-  kPrefLetterboxing,
-  false
-);
-
-export class RFPHelperParent extends JSWindowActorParent {
-  receiveMessage(aMessage) {
-    if (
-      lazy.isLetterboxingEnabled &&
-      aMessage.name == "Letterboxing:ContentSizeUpdated"
-    ) {
-      let browser = this.browsingContext.top.embedderElement;
-      let window = browser.ownerGlobal;
-      lazy.RFPHelper.contentSizeUpdated(window);
-    }
-  }
-}
--- a/browser/actors/moz.build
+++ b/browser/actors/moz.build
@@ -56,6 +56,8 @@ FINAL_TARGET_FILES.actors += [
    "ContentSearchParent.sys.mjs",
    "ContextMenuChild.sys.mjs",
    "ContextMenuParent.sys.mjs",
+    "CryptoSafetyChild.jsm",
+    "CryptoSafetyParent.jsm",
    "DecoderDoctorChild.sys.mjs",
    "DecoderDoctorParent.sys.mjs",
    "DOMFullscreenChild.sys.mjs",
@@ -77,8 +79,6 @@ FINAL_TARGET_FILES.actors += [
    "PromptParent.sys.mjs",
    "RefreshBlockerChild.sys.mjs",
    "RefreshBlockerParent.sys.mjs",
-    "RFPHelperChild.sys.mjs",
-    "RFPHelperParent.sys.mjs",
    "ScreenshotsComponentChild.sys.mjs",
    "SearchSERPTelemetryChild.sys.mjs",
    "SearchSERPTelemetryParent.sys.mjs",
@@ -90,3 +90,9 @@ FINAL_TARGET_FILES.actors += [
 BROWSER_CHROME_MANIFESTS += [
    "test/browser/browser.ini",
 ]
+
+if CONFIG["BASE_BROWSER_UPDATE"]:
+    FINAL_TARGET_FILES.actors += [
+        "AboutTBUpdateChild.jsm",
+        "AboutTBUpdateParent.jsm",
+    ]
--- a/browser/app/Makefile.in
+++ b/browser/app/Makefile.in
@@ -97,10 +97,12 @@ tools repackage:: $(DIST)/bin/$(MOZ_APP_NAME) $(objdir)/macbuild/Contents/MacOS-
 	rsync -aL $(DIST)/bin/$(MOZ_APP_NAME) '$(dist_dest)/Contents/MacOS'
 	cp -RL $(topsrcdir)/$(MOZ_BRANDING_DIRECTORY)/firefox.icns '$(dist_dest)/Contents/Resources/firefox.icns'
 	cp -RL $(topsrcdir)/$(MOZ_BRANDING_DIRECTORY)/document.icns '$(dist_dest)/Contents/Resources/document.icns'
+ifndef BASE_BROWSER_UPDATE
 	$(MKDIR) -p '$(dist_dest)/Contents/Library/LaunchServices'
 ifdef MOZ_UPDATER
 	mv -f '$(dist_dest)/Contents/MacOS/updater.app/Contents/MacOS/org.mozilla.updater' '$(dist_dest)/Contents/Library/LaunchServices'
 	ln -s ../../../../Library/LaunchServices/org.mozilla.updater '$(dist_dest)/Contents/MacOS/updater.app/Contents/MacOS/org.mozilla.updater'
 endif
-	printf APPLMOZB > '$(dist_dest)/Contents/PkgInfo'
+endif
+	printf APPLTORB > '$(dist_dest)/Contents/PkgInfo'
 endif
No results found