🟦 links:
FF134 release notes | for developers | security advisories
FF135 release notes | for developers | security advisories

🟪 issues:

• FF133-FF134 | FF134-FF135
• changelog v135

🟩 changelog summary

• new (all these are new in Firefox 136)
  • user_pref("privacy.clearHistory.browsingHistoryAndDownloads", true);
  • user_pref("privacy.clearHistory.formdata", true);
  • user_pref("privacy.clearOnShutdown_v2.browsingHistoryAndDownloads", true);
  • user_pref("privacy.clearOnShutdown_v2.downloads", true);
  • user_pref("privacy.clearOnShutdown_v2.formdata", true);
  • user_pref("privacy.clearSiteData.browsingHistoryAndDownloads", true);
  • user_pref("privacy.clearSiteData.formdata", true);
• removed
  • 4 legacy sanitizing prefs that have been inactive since jesus
• made inactive and moved to 6050 for prefsCleaner
  • 13 legacy sanitizing prefs

The legacy prefs are anything starting with privacy.clearOnShutdown. (notice the . at the end i.e without _v2) and privacy.cpd. You can reset these and remove them from your overrides to clear out the noise.

⭐ 136 is already out (don't ever wait on arkenfox to update your Firefox). The new FF136 prefs will migrate from the FF128 prefs which migrated from the legacy prefs. It pays to open each dialog to ensure the migration happens. Update any overrides to suit. Note: the migration happens after the user.js is applied, so close and restart Firefox to check if something isn't quite right.

🟦 links:

• FF129 release notes | for developers | security advisories
• FF130 release notes | for developers | security advisories
• FF131 release notes | for developers | security advisories
• FF132 release notes | for developers | security advisories
• FF133 release notes | for developers | security advisories

🟪 issues:

• FF128-FF129 | FF129-FF130 | FF130-FF131 | FF131-FF132 | FF132-FF133
• changelog v133

🟩 changelog summary

• new
  • user_pref("browser.urlbar.fakespot.featureGate", false); // [FF130+] [DEFAULT: false]
  • user_pref("widget.non-native-theme.use-theme-accent", false); // [DEFAULT: false WINDOWS]
  • // user_pref("network.cookie.cookieBehavior.optInPartitioning", true); // [ETP FF132+]
  • // user_pref("network.http.microsoft-entra-sso.enabled", false); // [DEFAULT: false]
  • // user_pref("privacy.bounceTrackingProtection.mode", 1); // [FF131+] [ETP FF133+]
• removed
  • // user_pref("dom.securecontext.allowlist_onions", true);
  • // user_pref("network.http.referer.hideOnionSource", true);
• deprecated
  • user_pref("webchannel.allowObject.urlWhitelist", "");

🟦 links:

• FF127 release notes | FF127 for developers | FF127 security advisories
• FF128 release notes | FF128 for developers | FF128 security advisories

🟪 issues:

• FF126-FF127 | FF127-FF128
• changelog v128
• for RFP changes see #1804

🟩 changelog summary

• new
  • user_pref("browser.contentanalysis.enabled", false);
  • user_pref("browser.contentanalysis.default_result", 0);
  • // user_pref("browser.urlbar.recentsearches.featureGate", false);
  • // user_pref("privacy.fingerprintingProtection.granularOverrides", "");
• made inactive
  • // user_pref("privacy.resistFingerprinting", true);
  • // user_pref("privacy.resistFingerprinting.letterboxing", true);
  • // user_pref("webgl.disabled", true);
• made active
  • user_pref("browser.urlbar.quicksuggest.enabled", false);
  • user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false);
  • user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
  • user_pref("network.dns.disablePrefetchFromHTTPS", true);
• removed (in section 6050's for prefsCleaner)
  • // user_pref("geo.provider.network.url", "");
  • // user_pref("geo.provider.network.logging.enabled", "");
  • // user_pref("geo.provider.use_gpsd", "");
• deprecated
  • user_pref("browser.contentanalysis.default_allow", false);
  • user_pref("widget.non-native-theme.enabled", true);

The .1 refers to arkenfox, and has nothing to do with Firefox's versioning. Point release to fix some syntax

all changes: 126.0...126.1

🟦 links:

• FF126 release notes | FF126 for developers | FF126 security advisories
• FF125.0.1 release notes | FF125 for developers | FF125 security advisories
• FF124 release notes | FF124 for developers | FF124 security advisories | FF124.0.1 security advisories
• FF123 release notes | FF123 for developers | FF123 security advisories

🟪 issues:

• FF125.0.1-FF126 | FF124-FF125.0.1 | FF123-FF124 | FF122-FF123
• changelog v126

🟩 changelog summary

Except for 12 new sanitiizng prefs ^[1] which will not be used until FF128, there is only one new active pref that applies (spoof_english) which if you use that, should already be in your overrides. The rest are inactive, at default, or deprecated.

• new
  • user_pref("browser.contentanalysis.default_allow", false); // [FF124+] [DEFAULT: false]
  • user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] [DEFAULT: false]
  • user_pref("privacy.spoof_english", 1); // [FF71+]
  • // user_pref("browser.link.force_default_user_context_id_for_external_opens", true);
  • // user_pref("browser.urlbar.quicksuggest.enabled", false); // [FF92+] [DEFAULT: false]
  • // user_pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false); // [FF127+]
  • // user_pref("privacy.globalprivacycontrol.enabled", true);
  • ⭐ 12 new sanitizing prefs for FF128+: clearHistory, clearSiteData, clearOnShutdown_v2 ^[1]
• made inactive
  • // user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false);
  • // user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
• deprecated
  • user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // deprecated FF126
  • user_pref("browser.ping-centre.telemetry", false); // deprecated FF123

[1] ⭐ It is advised that you check and add overrides if necessary for sanitizing before FF128

🟦 links:

• FF122 release notes | FF122 for developers | FF122 security advisories
• FF121 release notes | FF121 for developers | FF121 security advisories
• FF120 release notes | FF120 for developers | FF120 security advisories

🟪 issues:

• diffs FF121-FF122 | diffs FF120-FF121 | diffs FF119-FF120
• changelog ... v120, v121, v122

🟩 changelog summary

Still no pref changes, but it's been a while :) A reminder to never wait on arkenfox to update Firefox.

This release is mostly about adding information about FPP since this is now live (for non-RFP users) - also see #1804 - so the sooner this info is there, the better

🟦 links: FF119 release notes | FF119 for developers | FF119 security advisories

🟪 issues: diffs FF118-FF119 | changelog v119

🟩 changelog summary

• new
  • user_pref("browser.search.separatePrivateDefault", true); // [FF70+]
  • user_pref("browser.search.separatePrivateDefault.ui.enabled", true); // [FF71+]
• made inactive
  • // user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15]
• removed
  • user_pref("intl.accept_languages", "en-US, en");
• deprecated
  • // user_pref("javascript.use_us_english_locale", true);
  • // user_pref("network.dns.skipTRR-when-parental-control-enabled", false);

🟦 links: FF118 release notes | FF118 for developers | FF118 security advisories

🟪 issues: diffs FF117-FF118 | changelog v118

🟩 changelog summary

• new
  • user_pref("browser.download.start_downloads_in_tmp_dir", true);
  • user_pref("browser.shopping.experience2023.enabled", false);
  • user_pref("browser.urlbar.addons.featureGate", false);
  • user_pref("browser.urlbar.mdn.featureGate", false);
  • user_pref("browser.urlbar.pocket.featureGate", false);
  • user_pref("browser.urlbar.trending.featureGate", false);
  • user_pref("browser.urlbar.weather.featureGate", false);
• new but inactive
  • // user_pref("browser.urlbar.clipboard.featureGate", false);
  • // user_pref("network.trr.bootstrapAddr", "10.0.0.1");
  • // user_pref("privacy.fingerprintingProtection", true);
• removed (in section 6050s for prefsCleaner)
  • // user_pref("accessibility.force_disabled", "");
  • // user_pref("browser.fixup.alternate.enabled", "");
  • // user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", "");
  • // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", "");
  • // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", "");
  • // user_pref("privacy.partition.serviceWorkers", "");
• deprecated
  • // user_pref("layout.css.font-visibility.private", 1);
  • // user_pref("layout.css.font-visibility.standard", 1);
  • // user_pref("layout.css.font-visibility.trackingprotection", 1);
  • // user_pref("permissions.delegation.enabled", false);

🟦 links:

• FF116 release notes | FF116 for developers | FF116 security advisories
• FF117 release notes | FF117 for developers | FF117 security advisories

🟪 issues: diffs FF115-FF116 | diffs FF116-FF117 | changelog v117

🟩 changelog from 117

• new
  • user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
  • // user_pref("network.trr.uri", "https://example.dns");
  • // user_pref("network.trr.custom_uri", "https://example.dns");
• changed inactive value
  • // user_pref("network.trr.mode", 3);
• deprecated
  • // user_pref("layout.css.font-visibility.resistFingerprinting", 1);
  • user_pref("security.family_safety.mode", 0);
  • // user_pref("dom.webnotifications.serviceworker.enabled", false);

The .1 refers to arkenfox, and has nothing to do with Firefox's versioning. Point release to better align ESR115 users' defaults with AF and the wiki moving forward - mainly the relaxing of some defaults

THIS is the release for all those who will use ESR115

🟪 issues: relaxed prefs issue | changelog v115.1

🟩 changelog from 115

• made inactive - moved to optional hardening or optional opsec
  • // user_pref("keyword.enabled", false);
  • // user_pref("media.eme.enabled", false);
  • // user_pref("network.dns.disableIPv6", true);
  • // user_pref("network.http.referer.XOriginPolicy", 2);
• removed (now inactive in section 6050's for prefsCleaner)
  • // user_pref("network.protocol-handler.external.ms-windows-store", "");
• removed (inactive for ages)
  • user_pref("media.gmp-widevinecdm.enabled", false);