Pier Angelo Vendrame pushed to branch mullvad-browser-128.7.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser

Commits: c0e63369 by Pier Angelo Vendrame at 2025-01-28T16:41:32+01:00 fixup! Firefox preference overrides.

BB 41065: Hardcode the limit of storage quota.

Currently, we return min(10GB, 0.2 * available space in the fs). This is bad for systems that have less than 50GB free, especially live systems, such as Tails. Set a pref to replace the available space with a hardcoded limit (5GiB).

- - - - - 59e74f2f by Pier Angelo Vendrame at 2025-01-28T16:41:34+01:00 Bug 43386: Use Firefox in the UA in RFP-exempt request.

XHR requests initiated by extensions are exempt from RFP. Therefore, they report the actual app name, instead of Firefox, and the actual Firefox minor version.

This happens whenever the app name has been customized and does not match a hardcoded "Firefox".

- - - - - 59a91478 by Pier Angelo Vendrame at 2025-01-28T16:41:35+01:00 fixup! Firefox preference overrides.

BB 43236: Disable vsync on Wayland.

Vsync leaks the monitor refresh rate, therefore it is already disabled on other platforms, including Linux/X11 and Windows.

- - - - -

2 changed files:

- browser/app/profile/001-base-profile.js - netwerk/protocol/http/nsHttpHandler.cpp

Changes:

===================================== browser/app/profile/001-base-profile.js ===================================== @@ -87,6 +87,15 @@ pref("browser.sessionstore.privacy_level", 2); // Use the in-memory media cache and increase its maximum size (#29120) pref("browser.privatebrowsing.forceMediaMemoryCache", true); pref("media.memory_cache_max_size", 65536); +// tor-browser#41065: lie about the available quota. +// This value is in KiB, and will be divided by 5. Currently: 50GiB, to be +// coherent with Firefox's usual value. However, this might be too much for live +// systems. +// This will be the limit also after granting the persistent storage permission, +// but we are not interested in it, since we support only PBM. +// We can come back to it, and hardcode the two spaced differently, if we ever +// think we need it. +pref("dom.quotaManager.temporaryStorage.fixedLimit", 52428800); // Disable restore in case of crash (tor-browser#41503) // This should not be needed in PBM, but we added it anyway like other options. pref("browser.sessionstore.resume_from_crash", false); @@ -466,6 +475,8 @@ pref("pdfjs.disabled", false, locked); #endif // Bug 40057: Ensure system colors are not used for CSS4 colors pref("browser.display.use_system_colors", false); +// tor-browser#43236: Disable vsync on Wayland to prevent refresh rate leaks. +pref("widget.wayland.vsync.enabled", false);

// tor-browser#41943: defense-in-depth, but do not lock anymore (enabled in Firefox 119, http://bugzil.la/1851162) pref("javascript.options.spectre.disable_for_isolated_content", false);

===================================== netwerk/protocol/http/nsHttpHandler.cpp ===================================== @@ -867,7 +867,7 @@ void nsHttpHandler::BuildUserAgent() { mUserAgent += '/'; mUserAgent += mProductSub;

- bool isFirefox = mAppName.EqualsLiteral("Firefox"); + bool isFirefox = true; if (isFirefox || mCompatFirefoxEnabled) { // "Firefox/x.y" (compatibility) app token mUserAgent += ' ';

View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/7fe...