October 2025 - tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-140.4.0esr-15.0-1-build5
by ma1 (＠ma1) 28 Oct '25

28 Oct '25

ma1 pushed new tag tor-browser-140.4.0esr-15.0-1-build5 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.4.0esr-15.0-1] fixup! [android] Modify add-on support
by ma1 (＠ma1) 28 Oct '25

28 Oct '25

ma1 pushed to branch tor-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: ab8cd7fd by hackademix at 2025-10-28T10:09:52+01:00 fixup! [android] Modify add-on support TB 44293: Force immediate NoScript update checks after bootstraps - - - - - 1 changed file: - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/components/TorBrowserFeatures.kt Changes: ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/components/TorBrowserFeatures.kt ===================================== @@ -146,11 +146,10 @@ object TorBrowserFeatures { override fun onBootstrapped() { // Enable automatic updates. This must be done on every startup (tor-browser#42353) context.components.addonUpdater.registerForFutureUpdates(NOSCRIPT_ID) - // Force a one-time immediate update check for older installations - if (settings.noscriptUpdated < 2) { - context.components.addonUpdater.update(NOSCRIPT_ID) - settings.noscriptUpdated = 2 - } + // Force an immediate update check for older installations + // and as belt-and-suspenders if scheduled updates fail (tor-browser#44293) + context.components.addonUpdater.update(NOSCRIPT_ID) + settings.noscriptUpdated = 2 } }) } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ab8cd7f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ab8cd7f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.4.0esr-15.0-1] fixup! fixup! [android] Disable features and functionality
by Dan Ballard (＠dan) 28 Oct '25

28 Oct '25

Dan Ballard pushed to branch tor-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 3d1010a2 by Dan Ballard at 2025-10-27T16:05:30-07:00 fixup! fixup! [android] Disable features and functionality Bug 43918: disable composable toolbar for esr 140 - - - - - 1 changed file: - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/utils/Settings.kt Changes: ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/utils/Settings.kt ===================================== @@ -1943,7 +1943,10 @@ class Settings(private val appContext: Context) : PreferencesHolder { var shouldUseComposableToolbar by lazyFeatureFlagPreference( key = appContext.getPreferenceKey(R.string.pref_key_enable_composable_toolbar), - default = { FxNimbus.features.composableToolbar.value().enabled }, + // tb-43918 + // Setting to off for esr140 since we've done no work for it, but it appears moz has enabled + // by default in 144 so we'll likely be switching this to true and porting to it for esr-next + default = { false }, featureFlag = true, ) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/3d1010a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/3d1010a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.29.0esr-13.5-1] fixup! Firefox preference overrides.
by Pier Angelo Vendrame (＠pierov) 27 Oct '25

27 Oct '25

Pier Angelo Vendrame pushed to branch tor-browser-115.29.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: c8385f67 by Pier Angelo Vendrame at 2025-10-27T18:02:47+01:00 fixup! Firefox preference overrides. BB 44270: Match Firefox's TLS fingerprint. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -121,10 +121,6 @@ pref("network.http.referer.hideOnionSource", true); // [4] https://www.ssllabs.com/ssl-pulse/ pref("security.ssl.require_safe_negotiation", true); -// mullvad-browser#361: Disable TLS cyphersuites using SHA1 for signing (ECDSA) -// see https://bugzilla.mozilla.org/show_bug.cgi?id=1600437 -pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); -pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // lock those disabled by https://bugzilla.mozilla.org/show_bug.cgi?id=1036765 pref("security.ssl3.dhe_rsa_aes_128_sha", false, locked); pref("security.ssl3.dhe_rsa_aes_256_sha", false, locked); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c8385f6… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c8385f6… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-140.4.0esr-15.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 27 Oct '25

27 Oct '25

morgan pushed to branch mullvad-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 5aeceb7b by Pier Angelo Vendrame at 2025-10-27T16:29:49+00:00 fixup! Firefox preference overrides. BB 44270: Match Firefox's TLS fingerprint. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -155,10 +155,6 @@ pref("network.http.referer.hideOnionSource", true); // [4] https://www.ssllabs.com/ssl-pulse/ pref("security.ssl.require_safe_negotiation", true); -// mullvad-browser#361: Disable TLS cyphersuites using SHA1 for signing (ECDSA) -// see https://bugzilla.mozilla.org/show_bug.cgi?id=1600437 -pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); -pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // lock those disabled by https://bugzilla.mozilla.org/show_bug.cgi?id=1036765 pref("security.ssl3.dhe_rsa_aes_128_sha", false, locked); pref("security.ssl3.dhe_rsa_aes_256_sha", false, locked); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/5ae… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/5ae… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-140.4.0esr-15.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 27 Oct '25

27 Oct '25

morgan pushed to branch base-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 93a069d9 by Pier Angelo Vendrame at 2025-10-27T16:29:01+00:00 fixup! Firefox preference overrides. BB 44270: Match Firefox's TLS fingerprint. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -155,10 +155,6 @@ pref("network.http.referer.hideOnionSource", true); // [4] https://www.ssllabs.com/ssl-pulse/ pref("security.ssl.require_safe_negotiation", true); -// mullvad-browser#361: Disable TLS cyphersuites using SHA1 for signing (ECDSA) -// see https://bugzilla.mozilla.org/show_bug.cgi?id=1600437 -pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); -pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // lock those disabled by https://bugzilla.mozilla.org/show_bug.cgi?id=1036765 pref("security.ssl3.dhe_rsa_aes_128_sha", false, locked); pref("security.ssl3.dhe_rsa_aes_256_sha", false, locked); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/93a069d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/93a069d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.4.0esr-15.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 27 Oct '25

27 Oct '25

morgan pushed to branch tor-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 0134ec72 by Pier Angelo Vendrame at 2025-10-27T17:12:42+01:00 fixup! Firefox preference overrides. BB 44270: Match Firefox's TLS fingerprint. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -155,10 +155,6 @@ pref("network.http.referer.hideOnionSource", true); // [4] https://www.ssllabs.com/ssl-pulse/ pref("security.ssl.require_safe_negotiation", true); -// mullvad-browser#361: Disable TLS cyphersuites using SHA1 for signing (ECDSA) -// see https://bugzilla.mozilla.org/show_bug.cgi?id=1600437 -pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); -pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // lock those disabled by https://bugzilla.mozilla.org/show_bug.cgi?id=1036765 pref("security.ssl3.dhe_rsa_aes_128_sha", false, locked); pref("security.ssl3.dhe_rsa_aes_256_sha", false, locked); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/0134ec7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/0134ec7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-140.4.0esr-15.0-1] 6 commits: Bug 1419501 - Part 1: Add `dom.security.framebusting_intervention.enabled` pref, r=maltejur
by ma1 (＠ma1) 27 Oct '25

27 Oct '25

ma1 pushed to branch mullvad-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 4c23bcda by Maurice Dauer at 2025-10-27T10:59:38+01:00 Bug 1419501 - Part 1: Add `dom.security.framebusting_intervention.enabled` pref, r=maltejur Differential Revision: https://phabricator.services.mozilla.com/D254677 - - - - - 7ce0fc57 by Maurice Dauer at 2025-10-27T10:59:39+01:00 Bug 1419501 - Part 2: Rename existing user-facing popup related strings, r=fluent-reviewers,bolsson,Gijs Differential Revision: https://phabricator.services.mozilla.com/D254678 - - - - - 761bfc4c by Maurice Dauer at 2025-10-27T10:59:41+01:00 Bug 1419501 - Part 3: Introduce `RedirectBlockedEvent`, r=maltejur,webidl,frontend-codestyle-reviewers,smaug Differential Revision: https://phabricator.services.mozilla.com/D254679 - - - - - 4c11c990 by Maurice Dauer at 2025-10-27T10:59:43+01:00 Bug 1419501 - Part 4: Implement framebusting intervention, r=fluent-reviewers,desktop-theme-reviewers,tabbrowser-reviewers,bolsson,edgar,mstriemer,sfoster,sthompson,emz Differential Revision: https://phabricator.services.mozilla.com/D254680 - - - - - cf17000f by Maurice Dauer at 2025-10-27T10:59:44+01:00 Bug 1419501 - Part 5: Framebusting intervention browser tests, r=maltejur,frontend-codestyle-reviewers Differential Revision: https://phabricator.services.mozilla.com/D259046 - - - - - 1386ba38 by Malte Jürgens at 2025-10-27T10:59:46+01:00 Bug 1419501 - Expand web-platform tests for preventing iframes from navigating their top window r=mdauer Differential Revision: https://phabricator.services.mozilla.com/D251179 - - - - - 73 changed files: - browser/base/content/browser-init.js - browser/base/content/browser-sitePermissionPanel.js - browser/base/content/browser.js - browser/base/content/browser.js.globals - browser/base/content/main-popupset.inc.xhtml - browser/base/content/navigator-toolbox.inc.xhtml - + browser/base/content/test/framebusting/browser.toml - + browser/base/content/test/framebusting/browser_framebusting_identity.js - + browser/base/content/test/framebusting/browser_framebusting_notification.js - + browser/base/content/test/framebusting/framebusting_intervention_frame.html - + browser/base/content/test/framebusting/framebusting_intervention_parent.html - + browser/base/content/test/framebusting/head.js - browser/base/moz.build - browser/components/enterprisepolicies/content/aboutPolicies.js - browser/components/preferences/dialogs/permissions.js - browser/components/preferences/privacy.inc.xhtml - browser/components/tabbrowser/content/tabbrowser.js - browser/locales/en-US/browser/browser.ftl - browser/locales/en-US/browser/policies/policies-descriptions.ftl - browser/locales/en-US/browser/preferences/permissions.ftl - browser/locales/en-US/browser/preferences/preferences.ftl - browser/locales/en-US/browser/sitePermissions.ftl - browser/locales/en-US/chrome/browser/sitePermissions.properties - + browser/modules/PopupAndRedirectBlockerObserver.sys.mjs - − browser/modules/PopupBlockerObserver.sys.mjs - browser/modules/SitePermissions.sys.mjs - browser/modules/moz.build - browser/modules/test/browser/browser_SitePermissions.js - browser/themes/shared/controlcenter/panel.css - docshell/base/BrowsingContext.cpp - docshell/base/BrowsingContext.h - docshell/base/nsDocShell.cpp - dom/base/Document.h - dom/base/nsGlobalWindowOuter.cpp - dom/base/nsGlobalWindowOuter.h - dom/base/nsPIDOMWindow.h - + dom/chrome-webidl/RedirectBlockedEvent.webidl - dom/chrome-webidl/moz.build - eslint-test-paths.config.mjs - modules/libpref/init/StaticPrefList.yaml - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture_after_failure.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_nested_same_site.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_same_site.tentative.html.ini - − testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation-manual.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_with_user_gesture.html - testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture_after_failure.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_nested_same_site.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_same_site.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-child-with-user-gesture-after-failure.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-child-with-user-gesture.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-child.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-grandparent.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-same-site.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-sandbox.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-user-gesture-after-failure.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-user-gesture-with-sandbox.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-user-gesture.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent.sub.html - − testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-without-user-gesture-failed.html - − testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation.html - testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/navigation-changed-iframe.html - + toolkit/actors/PopupAndRedirectBlockingChild.sys.mjs - + toolkit/actors/PopupAndRedirectBlockingParent.sys.mjs - − toolkit/actors/PopupBlockingChild.sys.mjs - − toolkit/actors/PopupBlockingParent.sys.mjs - toolkit/actors/moz.build - toolkit/content/widgets/browser-custom-element.mjs - toolkit/modules/ActorManagerParent.sys.mjs The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/10… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/10… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-140.4.0esr-15.0-1] 6 commits: Bug 1419501 - Part 1: Add `dom.security.framebusting_intervention.enabled` pref, r=maltejur
by ma1 (＠ma1) 27 Oct '25

27 Oct '25

ma1 pushed to branch base-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 83c8580e by Maurice Dauer at 2025-10-27T10:52:44+01:00 Bug 1419501 - Part 1: Add `dom.security.framebusting_intervention.enabled` pref, r=maltejur Differential Revision: https://phabricator.services.mozilla.com/D254677 - - - - - 3cf0d42a by Maurice Dauer at 2025-10-27T10:52:46+01:00 Bug 1419501 - Part 2: Rename existing user-facing popup related strings, r=fluent-reviewers,bolsson,Gijs Differential Revision: https://phabricator.services.mozilla.com/D254678 - - - - - aaff7995 by Maurice Dauer at 2025-10-27T10:52:47+01:00 Bug 1419501 - Part 3: Introduce `RedirectBlockedEvent`, r=maltejur,webidl,frontend-codestyle-reviewers,smaug Differential Revision: https://phabricator.services.mozilla.com/D254679 - - - - - 8e86d38d by Maurice Dauer at 2025-10-27T10:52:53+01:00 Bug 1419501 - Part 4: Implement framebusting intervention, r=fluent-reviewers,desktop-theme-reviewers,tabbrowser-reviewers,bolsson,edgar,mstriemer,sfoster,sthompson,emz Differential Revision: https://phabricator.services.mozilla.com/D254680 - - - - - 401f84cd by Maurice Dauer at 2025-10-27T10:52:58+01:00 Bug 1419501 - Part 5: Framebusting intervention browser tests, r=maltejur,frontend-codestyle-reviewers Differential Revision: https://phabricator.services.mozilla.com/D259046 - - - - - 1c2b0bcb by Malte Jürgens at 2025-10-27T10:53:02+01:00 Bug 1419501 - Expand web-platform tests for preventing iframes from navigating their top window r=mdauer Differential Revision: https://phabricator.services.mozilla.com/D251179 - - - - - 73 changed files: - browser/base/content/browser-init.js - browser/base/content/browser-sitePermissionPanel.js - browser/base/content/browser.js - browser/base/content/browser.js.globals - browser/base/content/main-popupset.inc.xhtml - browser/base/content/navigator-toolbox.inc.xhtml - + browser/base/content/test/framebusting/browser.toml - + browser/base/content/test/framebusting/browser_framebusting_identity.js - + browser/base/content/test/framebusting/browser_framebusting_notification.js - + browser/base/content/test/framebusting/framebusting_intervention_frame.html - + browser/base/content/test/framebusting/framebusting_intervention_parent.html - + browser/base/content/test/framebusting/head.js - browser/base/moz.build - browser/components/enterprisepolicies/content/aboutPolicies.js - browser/components/preferences/dialogs/permissions.js - browser/components/preferences/privacy.inc.xhtml - browser/components/tabbrowser/content/tabbrowser.js - browser/locales/en-US/browser/browser.ftl - browser/locales/en-US/browser/policies/policies-descriptions.ftl - browser/locales/en-US/browser/preferences/permissions.ftl - browser/locales/en-US/browser/preferences/preferences.ftl - browser/locales/en-US/browser/sitePermissions.ftl - browser/locales/en-US/chrome/browser/sitePermissions.properties - + browser/modules/PopupAndRedirectBlockerObserver.sys.mjs - − browser/modules/PopupBlockerObserver.sys.mjs - browser/modules/SitePermissions.sys.mjs - browser/modules/moz.build - browser/modules/test/browser/browser_SitePermissions.js - browser/themes/shared/controlcenter/panel.css - docshell/base/BrowsingContext.cpp - docshell/base/BrowsingContext.h - docshell/base/nsDocShell.cpp - dom/base/Document.h - dom/base/nsGlobalWindowOuter.cpp - dom/base/nsGlobalWindowOuter.h - dom/base/nsPIDOMWindow.h - + dom/chrome-webidl/RedirectBlockedEvent.webidl - dom/chrome-webidl/moz.build - eslint-test-paths.config.mjs - modules/libpref/init/StaticPrefList.yaml - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture_after_failure.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_nested_same_site.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_same_site.tentative.html.ini - − testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation-manual.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_with_user_gesture.html - testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture_after_failure.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_nested_same_site.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_same_site.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-child-with-user-gesture-after-failure.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-child-with-user-gesture.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-child.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-grandparent.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-same-site.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-sandbox.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-user-gesture-after-failure.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-user-gesture-with-sandbox.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-user-gesture.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent.sub.html - − testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-without-user-gesture-failed.html - − testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation.html - testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/navigation-changed-iframe.html - + toolkit/actors/PopupAndRedirectBlockingChild.sys.mjs - + toolkit/actors/PopupAndRedirectBlockingParent.sys.mjs - − toolkit/actors/PopupBlockingChild.sys.mjs - − toolkit/actors/PopupBlockingParent.sys.mjs - toolkit/actors/moz.build - toolkit/content/widgets/browser-custom-element.mjs - toolkit/modules/ActorManagerParent.sys.mjs The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/64a7d7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/64a7d7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.4.0esr-15.0-1] 6 commits: Bug 1419501 - Part 1: Add `dom.security.framebusting_intervention.enabled` pref, r=maltejur
by ma1 (＠ma1) 27 Oct '25

27 Oct '25

ma1 pushed to branch tor-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 83662ea5 by Maurice Dauer at 2025-10-26T23:32:00+01:00 Bug 1419501 - Part 1: Add `dom.security.framebusting_intervention.enabled` pref, r=maltejur Differential Revision: https://phabricator.services.mozilla.com/D254677 - - - - - 2f6bde7a by Maurice Dauer at 2025-10-26T23:33:06+01:00 Bug 1419501 - Part 2: Rename existing user-facing popup related strings, r=fluent-reviewers,bolsson,Gijs Differential Revision: https://phabricator.services.mozilla.com/D254678 - - - - - 053a859a by Maurice Dauer at 2025-10-27T09:26:13+01:00 Bug 1419501 - Part 3: Introduce `RedirectBlockedEvent`, r=maltejur,webidl,frontend-codestyle-reviewers,smaug Differential Revision: https://phabricator.services.mozilla.com/D254679 - - - - - 9880cffa by Maurice Dauer at 2025-10-27T09:26:28+01:00 Bug 1419501 - Part 4: Implement framebusting intervention, r=fluent-reviewers,desktop-theme-reviewers,tabbrowser-reviewers,bolsson,edgar,mstriemer,sfoster,sthompson,emz Differential Revision: https://phabricator.services.mozilla.com/D254680 - - - - - 5790ec50 by Maurice Dauer at 2025-10-27T09:26:30+01:00 Bug 1419501 - Part 5: Framebusting intervention browser tests, r=maltejur,frontend-codestyle-reviewers Differential Revision: https://phabricator.services.mozilla.com/D259046 - - - - - 02ba45e3 by Malte Jürgens at 2025-10-27T09:26:31+01:00 Bug 1419501 - Expand web-platform tests for preventing iframes from navigating their top window r=mdauer Differential Revision: https://phabricator.services.mozilla.com/D251179 - - - - - 73 changed files: - browser/base/content/browser-init.js - browser/base/content/browser-sitePermissionPanel.js - browser/base/content/browser.js - browser/base/content/browser.js.globals - browser/base/content/main-popupset.inc.xhtml - browser/base/content/navigator-toolbox.inc.xhtml - + browser/base/content/test/framebusting/browser.toml - + browser/base/content/test/framebusting/browser_framebusting_identity.js - + browser/base/content/test/framebusting/browser_framebusting_notification.js - + browser/base/content/test/framebusting/framebusting_intervention_frame.html - + browser/base/content/test/framebusting/framebusting_intervention_parent.html - + browser/base/content/test/framebusting/head.js - browser/base/moz.build - browser/components/enterprisepolicies/content/aboutPolicies.js - browser/components/preferences/dialogs/permissions.js - browser/components/preferences/privacy.inc.xhtml - browser/components/tabbrowser/content/tabbrowser.js - browser/locales/en-US/browser/browser.ftl - browser/locales/en-US/browser/policies/policies-descriptions.ftl - browser/locales/en-US/browser/preferences/permissions.ftl - browser/locales/en-US/browser/preferences/preferences.ftl - browser/locales/en-US/browser/sitePermissions.ftl - browser/locales/en-US/chrome/browser/sitePermissions.properties - + browser/modules/PopupAndRedirectBlockerObserver.sys.mjs - − browser/modules/PopupBlockerObserver.sys.mjs - browser/modules/SitePermissions.sys.mjs - browser/modules/moz.build - browser/modules/test/browser/browser_SitePermissions.js - browser/themes/shared/controlcenter/panel.css - docshell/base/BrowsingContext.cpp - docshell/base/BrowsingContext.h - docshell/base/nsDocShell.cpp - dom/base/Document.h - dom/base/nsGlobalWindowOuter.cpp - dom/base/nsGlobalWindowOuter.h - dom/base/nsPIDOMWindow.h - + dom/chrome-webidl/RedirectBlockedEvent.webidl - dom/chrome-webidl/moz.build - eslint-test-paths.config.mjs - modules/libpref/init/StaticPrefList.yaml - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture_after_failure.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_nested_same_site.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_same_site.tentative.html.ini - − testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation-manual.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_with_user_gesture.html - testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture_after_failure.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_nested_same_site.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_same_site.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-child-with-user-gesture-after-failure.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-child-with-user-gesture.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-child.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-grandparent.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-same-site.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-sandbox.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-user-gesture-after-failure.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-user-gesture-with-sandbox.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-user-gesture.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent.sub.html - − testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-without-user-gesture-failed.html - − testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation.html - testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/navigation-changed-iframe.html - + toolkit/actors/PopupAndRedirectBlockingChild.sys.mjs - + toolkit/actors/PopupAndRedirectBlockingParent.sys.mjs - − toolkit/actors/PopupBlockingChild.sys.mjs - − toolkit/actors/PopupBlockingParent.sys.mjs - toolkit/actors/moz.build - toolkit/content/widgets/browser-custom-element.mjs - toolkit/modules/ActorManagerParent.sys.mjs The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/3195d9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/3195d9… You're receiving this email because of your account on gitlab.torproject.org.

1 0