Pier Angelo Vendrame pushed to branch mullvad-browser-149.0a1-16.0-2 at The Tor Project / Applications / Mullvad Browser Commits: f8c9c503 by Pier Angelo Vendrame at 2026-03-24T18:49:28+01:00 BB 44772: Disable efficient randomization for canvases. Always use the regular randomization algorithm, instead. - - - - - 899e00ed by Pier Angelo Vendrame at 2026-03-24T18:49:35+01:00 fixup! BB 43525: Skip Remote Settings for search engine customization. BB 44757: Fix search engine tests for Firefox 149. - - - - - d09b8270 by Pier Angelo Vendrame at 2026-03-24T18:49:43+01:00 fixup! BB 40925: Implemented the Security Level component BB 44757: Fix search engine tests for Firefox 149. - - - - - 43a1de0d by Pier Angelo Vendrame at 2026-03-24T18:49:49+01:00 fixup! Firefox preference overrides. BB 44763: Disable WebGPU until audited. - - - - - 4 changed files: - browser/app/profile/001-base-profile.js - dom/canvas/CanvasUtils.cpp - toolkit/components/search/tests/xpcshell/test_base_browser.js - toolkit/components/search/tests/xpcshell/test_security_level.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -492,6 +492,8 @@ pref("privacy.resistFingerprinting.skipEarlyBlankFirstPaint", true); pref("webgl.disable-fail-if-major-performance-caveat", true); // tor-browser#16404: disable until we investigate it further (#22333) pref("webgl.enable-webgl2", false); +// tor-browser#44763: disable WebGPU until audited. +pref("dom.webgpu.enabled", false); pref("browser.link.open_newwindow.restriction", 0); // Bug 9881: Open popups in new tabs (to avoid fullscreen popups) // tor-browser#42767: Disable offscreen canvas until verified it is not fingerprintable pref("gfx.offscreencanvas.enabled", false); ===================================== dom/canvas/CanvasUtils.cpp ===================================== @@ -382,14 +382,9 @@ ImageExtraction ImageExtractionResult(dom::HTMLCanvasElement* aCanvasElement, return ImageExtraction::Placeholder; } - if (ownerDoc->ShouldResistFingerprinting( - RFPTarget::EfficientCanvasRandomization) && - GetCanvasExtractDataPermission(aPrincipal) != - nsIPermissionManager::ALLOW_ACTION) { - return ImageExtraction::EfficientRandomize; - } - - if ((ownerDoc->ShouldResistFingerprinting(RFPTarget::CanvasRandomization) || + if ((ownerDoc->ShouldResistFingerprinting( + RFPTarget::EfficientCanvasRandomization) || + ownerDoc->ShouldResistFingerprinting(RFPTarget::CanvasRandomization) || ownerDoc->ShouldResistFingerprinting(RFPTarget::WebGLRandomization)) && GetCanvasExtractDataPermission(aPrincipal) != nsIPermissionManager::ALLOW_ACTION) { ===================================== toolkit/components/search/tests/xpcshell/test_base_browser.js ===================================== @@ -10,6 +10,10 @@ "use strict"; +const { SearchService } = ChromeUtils.importESModule( + "moz-src:///toolkit/components/search/SearchService.sys.mjs" +); + const expectedURLs = { ddg: "https://duckduckgo.com/?q=test", "ddg-html": "https://html.duckduckgo.com/html/?q=test", @@ -21,24 +25,23 @@ const expectedURLs = { const defaultEngine = "ddg"; add_setup(async function setup() { - await Services.search.init(); + await SearchService.init(); }); add_task(async function test_listEngines() { - const { engines } = - await Services.search.wrappedJSObject._fetchEngineSelectorEngines(); + const { engines } = await SearchService._fetchEngineSelectorEngines(); const foundIdentifiers = engines.map(e => e.identifier); Assert.deepEqual(foundIdentifiers, Object.keys(expectedURLs)); }); add_task(async function test_default() { Assert.equal( - (await Services.search.getDefault()).id, + (await SearchService.getDefault()).id, defaultEngine, `${defaultEngine} is our default search engine in normal mode.` ); Assert.equal( - (await Services.search.getDefaultPrivate()).id, + (await SearchService.getDefaultPrivate()).id, defaultEngine, `${defaultEngine} is our default search engine in PBM.` ); @@ -46,7 +49,7 @@ add_task(async function test_default() { add_task(function test_checkSearchURLs() { for (const [id, url] of Object.entries(expectedURLs)) { - const engine = Services.search.getEngineById(id); + const engine = SearchService.getEngineById(id); const foundUrl = engine.getSubmission("test").uri.spec; Assert.equal(foundUrl, url, `The URL of ${engine.name} is not altered.`); } @@ -54,7 +57,7 @@ add_task(function test_checkSearchURLs() { add_task(async function test_iconsDoesNotFail() { for (const id of Object.keys(expectedURLs)) { - const engine = Services.search.getEngineById(id); + const engine = SearchService.getEngineById(id); // No need to assert anything, as in case of error this method should throw. await engine.getIconURL(); } ===================================== toolkit/components/search/tests/xpcshell/test_security_level.js ===================================== @@ -8,14 +8,18 @@ "use strict"; +const { SearchService } = ChromeUtils.importESModule( + "moz-src:///toolkit/components/search/SearchService.sys.mjs" +); + const expectedURLs = { ddg: "https://html.duckduckgo.com/html?q=test", }; add_task(async function test_securityLevel() { - await Services.search.init(); + await SearchService.init(); for (const [id, url] of Object.entries(expectedURLs)) { - const engine = Services.search.getEngineById(id); + const engine = SearchService.getEngineById(id); const foundUrl = engine.getSubmission("test").uri.spec; Assert.equal(foundUrl, url, `${engine.name} is in HTML mode.`); } View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/1d8... -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/1d8... You're receiving this email because of your account on gitlab.torproject.org. Manage all notifications: https://gitlab.torproject.org/-/profile/notifications | Help: https://gitlab.torproject.org/help