Skip to content

Bug 42030: Rebased 13.0 alpha onto Firefox 115.2.0esr

Merge Info

Related Issues



  • Immediate: patchset needed as soon as possible
  • Next Minor Stable Release: patchset that needs to be verified in nightly before backport
  • Eventually: patchset that needs to be verified in alpha before backport
  • No Backport (preferred): patchset for the next major stable

(Optional) Justification

  • Emergency security update: patchset fixes CVEs, 0-days, etc
  • Censorship event: patchset enables censorship circumvention
  • Critical bug-fix: patchset fixes a bug in core-functionality
  • Consistency: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
  • Sponsor required: patchset required for sponsor
  • Other: please explain


  • Merge to tor-browser - !fixups to tor-browser-specific commits, new features, security backports
  • Merge to base-browser - !fixups to base-browser-specific commits, new features to be shared with mullvad-browser, and security backports
    • NOTE: if your changeset includes patches to both base-browser and tor-browser please clearly label in the change description which commits should be cherry-picked to base-browser after merging

Issue Tracking


Request Reviewer

  • Request review from an applications developer depending on modified system:
    • NOTE: if the MR modifies multiple areas, please /cc all the relevant reviewers (since gitlab only allows 1 reviewer)
    • accessibility : henry
    • android : dan
    • build system : boklm
    • extensions : ma1
    • firefox internals (XUL/JS/XPCOM) : ma1
    • fonts : pierov
    • frontend (implementation) : henry
    • frontend (review) : donuts, richard
    • localization : henry, pierov
    • nightly builds : boklm
    • rebases/release-prep : dan_b, ma1, pierov, richard
    • security : ma1
    • signing : boklm, richard
    • updater : pierov
    • misc/other : pierov, richard

Change Description

3 out of 4 commits that we backported in June were backported also by Mozilla. 2 of them were the same, one conflicted, so I dropped it. The 4th commit (the one not backported) was Android.

In this rebase, I added a fixup to Torbutton to arrive to the point in which we drop it.

I removed the old licensing file, since the code it referred to basically doesn't exist anymore. Let me know if this is not okay.

We still use the torbutton directory, but only for strings. So, I modified the strings commit to add these files. The next rebase will be the goodbye to the old 10760 commit.

The only exception was the stylesheet for the authentication popup. For some reason it was added to browser.xhtml in the Torbutton commit. I moved that line to the commit that actually adds that CSS file.

Then, I removed a duplicated file for update strings. Maybe that's too much for a rebase MR. I can drop it and then open a MR for it (it's a fixup in any case). But ideally, we wouldn't want to do this anymore, and instead start properly using Fluent also for Tor Browser.

Since the torbutton commit is going away, and the strings commit is now needed for the branding commit (for the about dialog), I moved the Torbutton + TorStrings block earlier in the patchset.

Apart from this, the diff of diff isn't 100% clean because of a couple of newlines in TorStartupService. I think the shape I'm proposing here is the best one, but I am okay with removing them for a cleaner diff of diff, if needed.

Merge request reports