When Firefox hit version 100 (2022-03-08), some websites broke when parsing the three-digit version number. We could use Firefox’s site interventions to send a version 99 UA string to those sites, but we can’t override the UA for enterprise intranet sites we don't know about. So the "network.http.useragent.forceVersion" pref was added (in bug 1753805) to allow enterprise admins to force a version 99 UA string if needed.
Now that the Firefox 100 release is 14 months behind us and the next ESR (version 115) is riding the trains, we can confidently remove the pref. Enterprise admins using ESR will have another year of using the pref in ESR 115. Then they'll need to fix their intranet sites to work with Firefox 100+.
Differential Revision: https://phabricator.services.mozilla.com/D180302
This patch removes the pref for fingerprinting randomization in favor of
the RFPTargets. We will check if any fingerprinting randomization target
is enabled to decide if we need to generate session and random key.
This patch also removes the testGranularityMask pref that is no longer
needed.
Differential Revision: https://phabricator.services.mozilla.com/D178680
Previously, this was hard coded to off for android, on for everything
else. With this change, it's controlled by a preference which
defaults to off for android, and on for everything else. This allows
users to disable subpixel AA on desktop for performance reasons.
Differential Revision: https://phabricator.services.mozilla.com/D180009
We've worked with the security and performance teams to re-evaluate the W^X policy
we have in place to mark JIT code memory pages as either writable or executable
(but not both).
Recommendation from the security team is to disable this mitigation in the content
process, because it's not worth the performance cost since there are known and reusable
techniques to bypass it. The V8 team has recently reached a similar conclusion.
We still leave write protection enabled in the parent process and other non-content
processes, because performance is less of a concern there and it's unclear if the techniques
to bypass this mitigation apply to these processes as well.
This patch adds a `javascript.options.content_process_write_protect_code` pref for this
and sets it to false. The JS shell has a new `--write-protect-code=off/on` flag. This
defaults to `on` for now to help catch W^X violations early on.
This is expected to improve performance on Speedometer 3 by about 3-4%. We've seen similar
numbers for other benchmarks including page load measurements.
Depends on D179468
Differential Revision: https://phabricator.services.mozilla.com/D179469
This avoids potential issues where multiple OnDataAvailable callbacks or
similar could theoretically be called concurrently on different
StreamTransportService threads when targeting the STS - these cases will
now target a TaskQueue on the STS instead, structurally ensuring serial
execution.
Differential Revision: https://phabricator.services.mozilla.com/D179984
We've worked with the security and performance teams to re-evaluate the W^X policy
we have in place to mark JIT code memory pages as either writable or executable
(but not both).
Recommendation from the security team is to disable this mitigation in the content
process, because it's not worth the performance cost since there are known and reusable
techniques to bypass it. The V8 team has recently reached a similar conclusion.
We still leave write protection enabled in the parent process and other non-content
processes, because performance is less of a concern there and it's unclear if the techniques
to bypass this mitigation apply to these processes as well.
This patch adds a `javascript.options.content_process_write_protect_code` pref for this
and sets it to false. The JS shell has a new `--write-protect-code=off/on` flag. This
defaults to `on` for now to help catch W^X violations early on.
This is expected to improve performance on Speedometer 3 by about 3-4%. We've seen similar
numbers for other benchmarks including page load measurements.
Differential Revision: https://phabricator.services.mozilla.com/D179469
For mozvpn, the data received in network change event is "up", not "changed", so we should call VerifyTraffic for every event for safe.
This patch also reduces http2.ping-timeout and http2.ping-threshold, since the original values are too long.
Differential Revision: https://phabricator.services.mozilla.com/D179681
Use a new executable for the GMP process named "<App Name> Media Plugin Helper" so that the content processes (using the plugin-container executable) and the GMP process can be signed with different entitlements allowing for the use of more secure entitlements.
In order for the new executable to load the Widevine plugin, a change is needed in the codesigning infrastructure repo to generate the .sig file for the new executable.
To get the security benefits of using a new executable for GMP, additional changes are needed in the codesigning infrastructure repo to enable signing plugin-container and the new executable with a reduced set of entitlements.
The executable is a copy of plugin-container renamed as "<App Name> Media Plugin Helper" so it appears with a user friendly name in Activity Monitor. For example, "Firefox Media Plugin Helper". (The GMP process runs with limited privileges preventing it from setting its own "nice" process name.)
Pref off the change until the .sig file change lands and media playback has been validated on production builds.
Differential Revision: https://phabricator.services.mozilla.com/D175796
Even though there's some implementation work left before it being in a
shippable state, the bits that do work (which is quite a few) should
work reliably and performantly.
Given this is (afaict) the first implementation of the new spec, I want
to let people test it easier, specially since there are some questions
about error recovery that nesting could change.
Differential Revision: https://phabricator.services.mozilla.com/D179271
This disables the pref for now so that the following patch doesn't change any
behavior. We'll re-enable the pref shortly.
Differential Revision: https://phabricator.services.mozilla.com/D179858
This is fine to be always non-zero, because the variable is only read if
network.early-hints.preconnect.preconnect is set to true
Differential Revision: https://phabricator.services.mozilla.com/D179684
Since the headless work (bug 1129492 and co) we realistically have no
way of rendering native scrollbars in any meaningful way. Remove dead
code that used to support using a different GTK theme on content.
Differential Revision: https://phabricator.services.mozilla.com/D179616
This API has been disabled on nightly and early beta for a long time.
We have kept the API available in release in order to avoid
triggering any bugs in webapps that assume the API is there, but the
cache backing has been removed a few years back.
Considering this has also been removed in Chrome, it's quite safe
to disable and completely remove it from Firefox.
Differential Revision: https://phabricator.services.mozilla.com/D179337