[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor-browser] 23/74: Firefox preference overrides.



This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch tor-browser-102.4.0esr-12.0-2
in repository tor-browser.

commit ce202b6ada11d6326cdfda686d388f3ca30f679d
Author: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
AuthorDate: Tue Sep 10 18:20:43 2013 -0700

    Firefox preference overrides.
    
    This hack directly includes our preference changes in omni.ja.
    
    Bug 18292: Staged updates fail on Windows
    
    Temporarily disable staged updates on Windows.
    
    Bug 18297: Use separate Noto JP,KR,SC,TC fonts
    
    Bug 23404: Add Noto Sans Buginese to the macOS whitelist
    
    Bug 23745: Set dom.indexedDB.enabled = true
    
    Bug 13575: Disable randomised Firefox HTTP cache decay user tests.
    (Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>)
    
    Bug 17252: Enable session identifiers with FPI
    
    Session tickets and session identifiers were isolated
    by OriginAttributes, so we can re-enable them by
    allowing the default value (true) of
    "security.ssl.disable_session_identifiers".
    
    The pref "security.enable_tls_session_tickets" is obsolete
    (removed in https://bugzilla.mozilla.org/917049)
    
    Bug 14952: Enable http/2 and AltSvc
    
    In Firefox, SPDY/HTTP2 now uses Origin Attributes for
    isolation of connections, push streams, origin frames, etc.
    That means we get first-party isolation provided
    "privacy.firstparty.isolate" is true. So in this patch, we
    stop overriding "network.http.spdy.enabled" and
    "network.http.spdy.enabled.http2".
    
    Alternate Services also use Origin Attributes for isolation.
    So we stop overriding
    "network.http.altsvc.enabled" and "network.http.altsvc.oe"
    as well.
    
    (All 4 of the abovementioned "network.http.*" prefs adopt
    Firefox 60ESR's default value of true.)
    
    However, we want to disable HTTP/2 push for now, so we
    set "network.http.spdy.allow-push" to false.
    
    "network.http.spdy.enabled.http2draft" was removed in Bug 1132357.
    "network.http.sped.enabled.v2" was removed in Bug 912550.
    "network.http.sped.enabled.v3" was removed in Bug 1097944.
    "network.http.sped.enabled.v3-1" was removed in Bug 1248197.
    
    Bug 26114: addons.mozilla.org is not special
    * Don't expose navigator.mozAddonManager on any site
    * Don't block NoScript from modifying addons.mozilla.org or other sites
    
    Enable ReaderView mode again (#27281).
    
    Bug 29916: Make sure enterprise policies are disabled
    
    Bug 2874: Block Components.interfaces from content
    
    Bug 26146: Spoof HTTP User-Agent header for desktop platforms
    
    In Tor Browser 8.0, the OS was revealed in both the HTTP User-Agent
    header and to JavaScript code via navigator.userAgent. To avoid
    leaking the OS inside each HTTP request (which many web servers
    log), always use the Windows 7 OS value in the desktop User-Agent
    header. We continue to allow access to the actual OS via JavaScript,
    since doing so improves compatibility with web applications such
    as GitHub and Google Docs.
    
    Bug 12885: Windows Jump Lists fail for Tor Browser
    
    Jumplist entries are stored in a binary file in:
      %APPDATA%\\Microsoft\Windows\Recent\CustomDestinations\
    and has a name in the form
      [a-f0-9]+.customDestinations-ms
    
    The hex at the front is unique per app, and is ultimately derived from
    something called the 'App User Model ID' (AUMID) via some unknown
    hashing method. The AUMID is provided as a key when programmatically
    creating, updating, and deleting a jumplist. The default behaviour in
    firefox is for the installer to define an AUMID for an app, and save it
    in the registry so that the jumplist data can be removed by the
    uninstaller.
    
    However, the Tor Browser does not set this (or any other) regkey during
    installation, so this codepath fails and the app's AUMID is left
    undefined. As a result the app's AUMID ends up being defined by
    windows, but unknowable by Tor Browser. This unknown AUMID is used to
    create and modify the jumplist, but the delete API requires that we
    provide the app's AUMID explicitly. Since we don't know what the AUMID
    is (since the expected regkey where it is normally stored does not
    exist) jumplist deletion will fail and we will leave behind a mostly
    empty customDestinations-ms file. The name of the file is derived from
    the binary path, so an enterprising person could reverse engineer how
    that hex name is calculated, and generate the name for Tor Browser's
    default Desktop installation path to determine whether a person had
    used Tor Browser in the past.
    
    The 'taskbar.grouping.useprofile' option that is enabled by this patch
    works around this AUMID problem by having firefox.exe create it's own
    AUMID based on the profile path (rather than looking for a regkey). This
    way, if a user goes in and enables and disables jumplist entries, the
    backing store is properly deleted.
    
    Unfortunately, all windows users currently have this file lurking in
    the above mentioned directory and this patch will not remove it since it
    was created with an unknown AUMID. However, another patch could be
    written which goes to that directory and deletes any item containing the
    'Tor Browser' string.  See bug 28996.
    
    Bug 30845: Make sure default themes and other internal extensions are enabled
    
    Bug 28896: Enable extensions in private browsing by default
    
    Bug 31065: Explicitly allow proxying localhost
    
    Bug 31598: Enable letterboxing
    
    Disable Presentation API everywhere
    
    Bug 21549 - Use Firefox's WASM default pref. It is disabled at safer
    security levels.
    
    Bug 32321: Disable Mozilla's MitM pings
    
    Bug 19890: Disable installation of system addons
    
    By setting the URL to "" we make sure that already installed system
    addons get deleted as well.
    
    Bug 22548: Firefox downgrades VP9 videos to VP8.
    
    On systems where H.264 is not available or no HWA, VP9 is preferred. But in Tor
    Browser 7.0 all youtube videos are degraded to VP8.
    
    This behaviour can be turned off by setting media.benchmark.vp9.threshold to 0.
    All clients will get better experience and lower traffic, beause TBB doesn't
    use "Use hardware acceleration when available".
    
    Bug 25741 - TBA: Add mobile-override of 000-tor-browser prefs
    
    Bug 16441: Suppress "Reset Tor Browser" prompt.
    
    Bug 29120: Use the in-memory media cache and increase its maximum size.
    
    Bug 33697: use old search config based on list.json
    
    Bug 33855: Ensure that site-specific browser mode is disabled.
    
    Bug 30682: Disable Intermediate CA Preloading.
    
    Bug 40061: Omit the Windows default browser agent from the build
    
    Bug 40322: Consider disabling network.connectivity-service.enabled
    
    Bug 40408: Disallow SVG Context Paint in all web content
    
    Bug 40308: Disable network partitioning until we evaluate dFPI
    
    Bug 40322: Consider disabling network.connectivity-service.enabled
    
    Bug 40383: Disable dom.enable_event_timing
    
    Bug 40423: Disable http/3
    
    Bug 40177: Update prefs for Fx91esr
    
    Bug 40700: Disable addons and features recommendations
    
    Bug 40682: Disable network.proxy.allow_bypass
    
    Bug 40736: Disable third-party cookies in PBM
    
    Bug 19850: Enabled HTTPS-Only by default
    
    Bug 40912: Hide the screenshot menu
    
    Bug 41292: Disable moreFromMozilla in preferences page
    
    Bug 40057: Ensure the CSS4 system colors are not a fingerprinting vector
    
    Bug 24686: Set network.http.tailing.enabled to true
---
 .eslintignore                           |   3 +
 browser/app/profile/001-base-profile.js | 691 ++++++++++++++++++++++++++++++++
 browser/app/profile/firefox.js          |   6 +-
 browser/installer/package-manifest.in   |   1 +
 browser/moz.build                       |   1 +
 mobile/android/app/geckoview-prefs.js   |   2 +
 mobile/android/app/mobile.js            |   4 +
 mobile/android/app/moz.build            |   1 +
 taskcluster/ci/source-test/mozlint.yml  |   1 +
 9 files changed, 707 insertions(+), 3 deletions(-)

diff --git a/.eslintignore b/.eslintignore
index 0cc0e1b0f0a7..7bb3f16a4a91 100644
--- a/.eslintignore
+++ b/.eslintignore
@@ -147,6 +147,9 @@ js/src/Y.js
 # Fuzzing code for testing only, targeting the JS shell
 js/src/fuzz-tests/
 
+# uses `#include`
+mobile/android/app/000-tor-browser-android.js
+
 # Uses `#filter substitution`
 mobile/android/app/mobile.js
 mobile/android/app/geckoview-prefs.js
diff --git a/browser/app/profile/001-base-profile.js b/browser/app/profile/001-base-profile.js
new file mode 100644
index 000000000000..39147e8aa4b7
--- /dev/null
+++ b/browser/app/profile/001-base-profile.js
@@ -0,0 +1,691 @@
+// Preferences to harden Firefox's security and privacy
+// Do not edit this file.
+
+// Use the OS locale by default
+pref("intl.locale.requested", "");
+
+// Disable initial homepage notifications
+pref("browser.search.update", false);
+pref("browser.rights.3.shown", true);
+pref("startup.homepage_welcome_url", "");
+pref("startup.homepage_welcome_url.additional", "");
+
+// Disable Firefox Welcome Dialog
+pref("browser.aboutwelcome.enabled", false);
+
+// Set a generic, default URL that will be opened in a tab after an update.
+// Typically, this will not be used; instead, the <update> element within
+// each update manifest should contain attributes similar to:
+//   actions="showURL"
+//   openURL="https://blog.torproject.org/tor-browser-55a2-released";
+pref("startup.homepage_override_url", "https://blog.torproject.org/category/applications";);
+
+// Try to nag a bit more about updates: Pop up a restart dialog an hour after the initial dialog
+pref("app.update.promptWaitTime", 3600);
+
+#ifndef XP_MACOSX
+// Disable staged updates on platforms other than macOS.
+// Staged updates do not work on Windows due to #18292.
+// Also, on Windows and Linux any changes that are made to the browser profile
+// or Tor data after an update is staged will be lost.
+pref("app.update.staging.enabled", false);
+#endif
+
+// Disable "Slow startup" warnings and associated disk history
+// (bug #13346)
+pref("browser.slowStartup.notificationDisabled", true);
+pref("browser.slowStartup.maxSamples", 0);
+pref("browser.slowStartup.samples", 0);
+
+// Disable the "Refresh" prompt that is displayed for stale profiles.
+pref("browser.disableResetPrompt", true);
+
+// Disk activity: Disable Browsing History Storage
+pref("browser.privatebrowsing.autostart", true);
+pref("browser.cache.disk.enable", false);
+pref("permissions.memory_only", true);
+pref("network.cookie.lifetimePolicy", 2);
+pref("security.nocertdb", true);
+
+// Enabled LSNG
+pref("dom.storage.next_gen", true);
+
+// Disk activity: TBB Directory Isolation
+pref("browser.download.useDownloadDir", false);
+pref("browser.download.manager.addToRecentDocs", false);
+
+// Misc privacy: Disk
+pref("signon.rememberSignons", false);
+pref("browser.formfill.enable", false);
+pref("signon.autofillForms", false);
+pref("browser.sessionstore.privacy_level", 2);
+// Use the in-memory media cache and increase its maximum size (#29120)
+pref("browser.privatebrowsing.forceMediaMemoryCache", true);
+pref("media.memory_cache_max_size", 16384);
+
+// Enable HTTPS-Only mode
+pref("dom.security.https_only_mode", true);
+pref("dom.security.https_only_mode.upgrade_onion", false);
+
+// Require Safe Negotiation ( https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27719 )
+// Blocks connections to servers that don't support RFC 5746 [2] as they're potentially vulnerable to a
+// MiTM attack [3]. A server without RFC 5746 can be safe from the attack if it disables renegotiations
+// but the problem is that the browser can't know that. Setting this pref to true is the only way for the
+// browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server
+// [STATS] SSL Labs (July 2021) reports over 99% of top sites have secure renegotiation [4]
+// [1] https://wiki.mozilla.org/Security:Renegotiation
+// [2] https://datatracker.ietf.org/doc/html/rfc5746
+// [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
+// [4] https://www.ssllabs.com/ssl-pulse/
+pref("security.ssl.require_safe_negotiation", true);
+
+// Misc privacy: Remote
+pref("browser.send_pings", false);
+pref("geo.enabled", false);
+pref("geo.provider.network.url", "");
+pref("browser.search.suggest.enabled", false);
+pref("browser.safebrowsing.malware.enabled", false);
+pref("browser.safebrowsing.phishing.enabled", false);
+pref("browser.safebrowsing.downloads.enabled", false);
+pref("browser.safebrowsing.downloads.remote.enabled", false);
+pref("browser.safebrowsing.blockedURIs.enabled", false);
+pref("browser.safebrowsing.downloads.remote.url", "");
+pref("browser.safebrowsing.provider.google.updateURL", "");
+pref("browser.safebrowsing.provider.google.gethashURL", "");
+pref("browser.safebrowsing.provider.google4.updateURL", "");
+pref("browser.safebrowsing.provider.google4.gethashURL", "");
+pref("browser.safebrowsing.provider.mozilla.updateURL", "");
+pref("browser.safebrowsing.provider.mozilla.gethashURL", "");
+pref("extensions.ui.lastCategory", "addons://list/extension");
+pref("datareporting.healthreport.uploadEnabled", false);
+pref("datareporting.policy.dataSubmissionEnabled", false);
+// Make sure Unified Telemetry is really disabled, see: #18738.
+pref("toolkit.telemetry.unified", false);
+pref("toolkit.telemetry.enabled", false);
+pref("toolkit.telemetry.updatePing.enabled", false); // Make sure updater telemetry is disabled; see #25909.
+#ifdef XP_WIN
+// Defense-in-depth: ensure that the Windows default browser agent will
+// not ping Mozilla if it is somehow present (we omit it at build time).
+pref("default-browser-agent.enabled", false);
+#endif
+pref("identity.fxaccounts.enabled", false); // Disable sync by default
+pref("services.sync.engine.prefs", false); // Never sync prefs, addons, or tabs with other browsers
+pref("services.sync.engine.addons", false);
+pref("services.sync.engine.tabs", false);
+pref("extensions.getAddons.cache.enabled", false); // https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
+pref("browser.newtabpage.enabled", false);
+pref("browser.search.region", "US"); // The next two prefs disable GeoIP search lookups (#16254)
+pref("browser.search.geoip.url", "");
+pref("browser.fixup.alternate.enabled", false); // Bug #16783: Prevent .onion fixups
+// Make sure there is no Tracking Protection active in Tor Browser, see: #17898.
+pref("privacy.trackingprotection.enabled", false);
+pref("privacy.trackingprotection.pbmode.enabled", false);
+pref("privacy.trackingprotection.annotate_channels", false);
+pref("privacy.trackingprotection.cryptomining.enabled", false);
+pref("privacy.trackingprotection.fingerprinting.enabled", false);
+pref("privacy.trackingprotection.socialtracking.enabled", false);
+pref("privacy.socialtracking.block_cookies.enabled", false);
+pref("privacy.annotate_channels.strict_list.enabled", false);
+
+// Disable the Pocket extension (Bug #18886 and #31602)
+pref("extensions.pocket.enabled", false);
+
+// Disable activity stream/"Recommended by Pocket" in about:home (Bug #41029)
+pref("browser.newtabpage.activity-stream.discoverystream.enabled", false);
+pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
+
+// Disable moreFromMozilla pane in the preferences/settings (tor-browser#41292).
+pref("browser.preferences.moreFromMozilla", false);
+
+// Disable the screenshot menu when right-clicking (Bug #40912 and #40007)
+pref("extensions.screenshots.disabled", true);
+pref("extensions.webcompat-reporter.enabled", false);
+
+// Disable use of WiFi location information
+pref("browser.region.network.scan", false);
+pref("browser.region.network.url", "");
+// Bug 40083: Make sure Region.jsm fetching is disabled
+pref("browser.region.update.enabled", false);
+
+// Don't load Mozilla domains in a separate tab process
+pref("browser.tabs.remote.separatedMozillaDomains", "");
+
+// Avoid DNS lookups on search terms
+pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0);
+
+// Disable about:newtab and "first run" experiments
+pref("messaging-system.rsexperimentloader.enabled", false);
+pref("trailhead.firstrun.branches", "");
+
+// [SETTING] General>Browsing>Recommend extensions as you browse (Bug #40700)
+pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // disable CFR [FF67+]
+
+// [SETTING] General>Browsing>Recommend features as you browse (Bug #40700)
+pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // disable CFR [FF67+]
+
+// Clear the list of trusted recursive resolver services
+pref("network.trr.resolvers", "");
+
+// Disable the /etc/hosts parser
+pref("network.trr.exclude-etc-hosts", false);
+
+// Disable crlite
+pref("security.pki.crlite_mode", 0);
+
+// Disable website password breach alerts
+pref("signon.management.page.breach-alerts.enabled", false);
+pref("extensions.fxmonitor.enabled", false);
+
+// Remove mobile app tracking URLs
+pref("signon.management.page.mobileAndroidURL", "");
+pref("signon.management.page.mobileAppleURL", "");
+
+// Disable remote "password recipes"
+pref("signon.recipes.remoteRecipes.enabled", false);
+
+// Disable ServiceWorkers and push notifications by default
+pref("dom.serviceWorkers.enabled", false);
+pref("dom.push.enabled", false);
+
+// Fingerprinting
+pref("webgl.disable-fail-if-major-performance-caveat", true);
+pref("webgl.enable-webgl2", false);
+pref("gfx.downloadable_fonts.fallback_delay", -1);
+pref("browser.startup.homepage_override.buildID", "20100101");
+pref("browser.link.open_newwindow.restriction", 0); // Bug 9881: Open popups in new tabs (to avoid fullscreen popups)
+// Set video VP9 to 0 for everyone (bug 22548)
+pref("media.benchmark.vp9.threshold", 0);
+pref("dom.enable_resource_timing", false); // Bug 13024: To hell with this API
+pref("privacy.resistFingerprinting", true);
+pref("privacy.resistFingerprinting.block_mozAddonManager", true); // Bug 26114
+pref("dom.webaudio.enabled", false); // Bug 13017: Disable Web Audio API
+pref("dom.webmidi.enabled", false); //  Bug 41398: Disable Web MIDI API
+pref("dom.w3c_touch_events.enabled", 0); // Bug 10286: Always disable Touch API
+pref("dom.vr.enabled", false); // Bug 21607: Disable WebVR for now
+pref("security.webauth.webauthn", false); // Bug 26614: Disable Web Authentication API for now
+// Disable SAB, no matter if the sites are cross-origin isolated.
+pref("dom.postMessage.sharedArrayBuffer.withCOOP_COEP", false);
+// Disable intermediate preloading (Bug 30682)
+pref("security.remote_settings.intermediates.enabled", false);
+// Bug 2874: Block Components.interfaces from content
+pref("dom.use_components_shim", false);
+// Enable letterboxing
+pref("privacy.resistFingerprinting.letterboxing", true);
+// Disable network information API everywhere. It gets spoofed in bug 1372072
+// but, alas, the behavior is inconsistent across platforms, see:
+// https://trac.torproject.org/projects/tor/ticket/27268#comment:19. We should
+// not leak that difference if possible.
+pref("dom.netinfo.enabled", false);
+pref("network.http.referer.defaultPolicy", 2); // Bug 32948: Make referer behavior consistent regardless of private browing mode status
+pref("media.videocontrols.picture-in-picture.enabled", false); // Bug 40148: disable until audited in #40147
+pref("network.http.referer.hideOnionSource", true);
+// Bug 40463: Disable Windows SSO
+pref("network.http.windows-sso.enabled", false);
+// Bug 40383: Disable new PerformanceEventTiming
+pref("dom.enable_event_timing", false);
+// Disable API for measuring text width and height.
+pref("dom.textMetrics.actualBoundingBox.enabled", false);
+pref("dom.textMetrics.baselines.enabled", false);
+pref("dom.textMetrics.emHeight.enabled", false);
+pref("dom.textMetrics.fontBoundingBox.enabled", false);
+pref("pdfjs.enableScripting", false);
+pref("javascript.options.large_arraybuffers", false);
+// Bug 40057: Ensure system colors are not used for CSS4 colors
+pref("browser.display.use_system_colors", false);
+
+// Third party stuff
+pref("privacy.firstparty.isolate", true); // Always enforce first party isolation
+pref("privacy.partition.network_state", false); // Disable for now until audit
+pref("network.cookie.cookieBehavior", 1);
+pref("network.cookie.cookieBehavior.pbmode", 1);
+pref("network.predictor.enabled", false); // Temporarily disabled. See https://bugs.torproject.org/16633
+// Bug 40177: Make sure tracker cookie purging is disabled
+pref("privacy.purge_trackers.enabled", false);
+
+pref("network.dns.disablePrefetch", true);
+pref("network.protocol-handler.external-default", false);
+pref("network.protocol-handler.external.mailto", false);
+pref("network.protocol-handler.external.news", false);
+pref("network.protocol-handler.external.nntp", false);
+pref("network.protocol-handler.external.snews", false);
+pref("network.protocol-handler.warn-external.mailto", true);
+pref("network.protocol-handler.warn-external.news", true);
+pref("network.protocol-handler.warn-external.nntp", true);
+pref("network.protocol-handler.warn-external.snews", true);
+pref("network.proxy.allow_bypass", false, locked); // #40682
+// Lock to 'true', which is already the firefox default, to prevent users
+// from making themselves fingerprintable by disabling. This pref
+// alters content load order in a page. See tor-browser#24686
+pref("network.http.tailing.enabled", true, locked);
+
+// Make sure the varoius http2 settings, buffer sizes, timings, etc are locked to firefox defaults to minimize network performance fingerprinting. See https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27128
+pref("network.http.http2.enabled", true, locked);
+pref("network.http.http2.enabled.deps", true, locked);
+pref("network.http.http2.enforce-tls-profile", true, locked);
+pref("network.http.http2.chunk-size", 16000, locked);
+pref("network.http.http2.timeout", 170, locked);
+pref("network.http.http2.coalesce-hostnames", true, locked);
+pref("network.http.http2.persistent-settings", false, locked);
+pref("network.http.http2.ping-threshold", 58, locked);
+pref("network.http.http2.ping-timeout", 8, locked);
+pref("network.http.http2.send-buffer-size", 131072, locked);
+pref("network.http.http2.allow-push", true, locked);
+pref("network.http.http2.push-allowance", 131072, locked);
+pref("network.http.http2.pull-allowance", 12582912, locked);
+pref("network.http.http2.default-concurrent", 100, locked);
+pref("network.http.http2.default-hpack-buffer", 65536, locked);
+pref("network.http.http2.websockets", false, locked);
+pref("network.http.http2.enable-hpack-dump", false, locked);
+
+// Make sure we don't have any GIO supported protocols (defense in depth
+// measure)
+pref("network.gio.supported-protocols", "");
+pref("media.peerconnection.enabled", false); // Disable WebRTC interfaces
+// Disables media devices but only if `media.peerconnection.enabled` is set to
+// `false` as well. (see bug 16328 for this defense-in-depth measure)
+pref("media.navigator.enabled", false);
+// GMPs (Gecko Media Plugins, https://wiki.mozilla.org/GeckoMediaPlugins)
+// We make sure they don't show up on the Add-on panel and confuse users.
+// And the external update/donwload server must not get pinged. We apply a
+// clever solution for https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769716.
+pref("media.gmp-provider.enabled", false);
+pref("media.gmp-manager.url.override", "data:text/plain,");
+// Since ESR52 it is not enough anymore to block pinging the GMP update/download
+// server. There is a local fallback that must be blocked now as well. See:
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1267495.
+pref("media.gmp-manager.updateEnabled", false);
+// Mozilla is relying on preferences to make sure no DRM blob is downloaded and
+// run. Even though those prefs should be set correctly by specifying
+// --disable-eme (which we do), we disable all of them here as well for defense
+// in depth (see bug 16285 for more details).
+pref("browser.eme.ui.enabled", false);
+pref("media.gmp-widevinecdm.visible", false);
+pref("media.gmp-widevinecdm.enabled", false);
+pref("media.eme.enabled", false);
+pref("media.mediadrm-widevinecdm.visible", false);
+// WebIDE can bypass proxy settings for remote debugging. It also downloads
+// some additional addons that we have not reviewed. Turn all that off.
+pref("devtools.webide.autoinstallADBExtension", false);
+pref("devtools.webide.enabled", false);
+// The in-browser debugger for debugging chrome code is not coping with our
+// restrictive DNS look-up policy. We use "127.0.0.1" instead of "localhost" as
+// a workaround. See bug 16523 for more details.
+pref("devtools.debugger.chrome-debugging-host", "127.0.0.1");
+// Disable using UNC paths (bug 26424 and Mozilla's bug 1413868)
+pref("network.file.disable_unc_paths", true);
+// Enhance our treatment of file:// to avoid proxy bypasses (see Mozilla's bug
+// 1412081)
+pref("network.file.path_blacklist", "/net");
+
+// Security slider
+pref("svg.disabled", false);
+pref("mathml.disabled", false);
+
+// Bug 40408
+pref("svg.context-properties.content.allowed-domains", "");
+
+// Network and performance
+pref("security.ssl.enable_false_start", true);
+pref("network.http.connection-retry-timeout", 0);
+pref("network.manage-offline-status", false);
+// No need to leak things to Mozilla, see bug 21790 and tor-browser#40322
+pref("network.captive-portal-service.enabled", false);
+pref("network.connectivity-service.enabled", false);
+// As a "defense in depth" measure, configure an empty push server URL (the
+// DOM Push features are disabled by default via other prefs).
+pref("dom.push.serverURL", "");
+
+// Extension support
+pref("extensions.autoDisableScopes", 0);
+pref("extensions.bootstrappedAddons", "{}");
+pref("extensions.checkCompatibility.4.*", false);
+pref("extensions.databaseSchema", 3);
+pref("extensions.enabledScopes", 5); // AddonManager.SCOPE_PROFILE=1 | AddonManager.SCOPE_APPLICATION=4
+pref("extensions.pendingOperations", false);
+// We don't know what extensions Mozilla is advertising to our users and we
+// don't want to have some random Google Analytics script running either on the
+// about:addons page, see bug 22073, 22900 and 31601.
+pref("extensions.getAddons.showPane", false);
+pref("extensions.htmlaboutaddons.recommendations.enabled", false);
+// Bug 26114: Allow NoScript to access addons.mozilla.org etc.
+pref("extensions.webextensions.restrictedDomains", "");
+// Don't give Mozilla-recommended third-party extensions special privileges.
+pref("extensions.postDownloadThirdPartyPrompt", false);
+// We are already providing the languages we support in multi-lingual packages.
+// Therefore, do not allow download of additional language packs. They are not a
+// privacy/security threat, we are disabling them for UX reasons. See bug 41377.
+pref("intl.multilingual.downloadEnabled", false);
+
+// Toolbar layout
+pref("browser.uiCustomization.state", "{\"placements\":{\"widget-overflow-fixed-list\":[],\"PersonalToolbar\":[\"personal-bookmarks\"],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"urlbar-container\",\"downloads-button\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"toolbar-menubar\":[\"menubar-items\"],\"PanelUI-contents\":[\"home-button\",\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"save-page-button\",\"print-bu [...]
+
+// Enforce certificate pinning, see: https://bugs.torproject.org/16206
+pref("security.cert_pinning.enforcement_level", 2);
+
+// Don't load OS client certs.
+pref("security.osclientcerts.autoload", false);
+
+// Don't allow MitM via Microsoft Family Safety, see bug 21686
+pref("security.family_safety.mode", 0);
+
+// Don't allow MitM via enterprise roots, see bug 30681
+pref("security.enterprise_roots.enabled", false);
+
+// Don't ping Mozilla for MitM detection, see bug 32321
+pref("security.certerrors.mitm.priming.enabled", false);
+
+// Don't automatically enable enterprise roots, see bug 40166
+pref("security.certerrors.mitm.auto_enable_enterprise_roots", false);
+
+// Don't allow any domain overrides access to offscreen rendering, see tor-browser#41135
+pref("gfx.offscreencanvas.domain-enabled", false);
+pref("gfx.offscreencanvas.domain-allowlist", "");
+
+// Disable share menus on Mac and Windows tor-browser#41117
+pref("browser.share_menu.allow", false, locked);
+
+// Disable special URL bar behaviors
+pref("browser.urlbar.suggest.topsites", false);
+pref("browser.urlbar.update1.interventions", false);
+pref("browser.urlbar.update1.searchTips", false);
+
+// Skip checking omni.ja and other files for corruption since the result
+// is only reported via telemetry (which is disabled).
+pref("corroborator.enabled", false);
+
+// prefs to disable jump-list entries in the taskbar on Windows (see bug #12885)
+#ifdef XP_WIN
+// this pref changes the app's set AUMID to be dependent on the profile path, rather than
+// attempting to read it from the registry; this is necessary so that the file generated
+// by the jumplist system can be properly deleted if it is disabled
+pref("taskbar.grouping.useprofile", true);
+pref("browser.taskbar.lists.enabled", false);
+pref("browser.taskbar.lists.frequent.enabled", false);
+pref("browser.taskbar.lists.tasks.enabled", false);
+pref("browser.taskbar.lists.recent.enabled", false);
+#endif
+
+// If we are bundling fonts, whitelist those bundled fonts, and restrict system fonts to a selection.
+
+#ifdef MOZ_BUNDLED_FONTS
+
+// Bug 40342: Always use bundled fonts
+pref("gfx.bundled-fonts.activate", 1);
+
+#ifdef XP_MACOSX
+pref("font.system.whitelist", "AppleGothic, Apple Color Emoji, Arial, Courier, Geneva, Georgia, Heiti TC, Helvetica, Helvetica Neue, .Helvetica Neue DeskInterface, Hiragino Kaku Gothic ProN, Kailasa, Lucida Grande, Menlo, Monaco, STHeiti, Tahoma, Thonburi, Times, Times New Roman, Verdana, STIX Math, Noto Sans Adlam, Noto Sans Armenian, Noto Sans Balinese, Noto Sans Bamum, Noto Sans Bassa Vah, Noto Sans Batak, Noto Sans Bengali, Noto Sans Buginese, Noto Sans Buhid, Noto Sans Canadian Abor [...]
+
+// Armenian
+pref("font.name-list.serif.x-armn", "Noto Serif Armenian, Times, Times New Roman");
+pref("font.name-list.sans-serif.x-armn", "Noto Sans Armenian, Helvetica, Arial");
+pref("font.name-list.monospace.x-armn", "Noto Sans Armenian, Menlo, Courier New");
+// Bengali
+pref("font.name-list.serif.x-beng", "Noto Serif Bengali, Times, Times New Roman");
+pref("font.name-list.sans-serif.x-beng", "Noto Sans Bengali, Helvetica, Arial");
+pref("font.name-list.monospace.x-beng", "Noto Sans Bengali, Menlo, Courier New");
+// Canadian Aboriginal
+pref("font.name-list.serif.x-cans", "Noto Serif Canadian Aboriginal, Times, Times New Roman");
+pref("font.name-list.sans-serif.x-cans", "Noto Sans Canadian Aboriginal, Helvetica, Arial");
+pref("font.name-list.monospace.x-cans", "Noto Sans Canadian Aboriginal, Menlo, Courier New");
+// Devanagari
+pref("font.name-list.serif.x-devanagari", "Noto Serif Devanagari, Times, Times New Roman");
+pref("font.name-list.sans-serif.x-devanagari", "Noto Sans Devanagari, Helvetica, Arial");
+pref("font.name-list.monospace.x-devanagari", "Noto Sans Devanagari, Menlo, Courier New");
+// Ethiopic
+pref("font.name-list.serif.x-ethi", "Noto Serif Ethiopic, Times, Times New Roman");
+pref("font.name-list.sans-serif.x-ethi", "Noto Sans Ethiopic, Helvetica, Arial");
+pref("font.name-list.monospace.x-ethi", "Noto Sans Ethiopic, Menlo, Courier New");
+// Georgian
+pref("font.name-list.serif.x-geor", "Noto Serif Georgian, Times, Times New Roman");
+pref("font.name-list.sans-serif.x-geor", "Noto Sans Georgian, Helvetica, Arial");
+pref("font.name-list.monospace.x-geor", "Noto Sans Georgian, Menlo, Courier New");
+// Gujarati
+pref("font.name-list.serif.x-gujr", "Noto Serif Gujarati, Times, Times New Roman");
+pref("font.name-list.sans-serif.x-gujr", "Noto Sans Gujarati, Helvetica, Arial");
+pref("font.name-list.monospace.x-gujr", "Noto Sans Gujarati, Menlo, Courier New");
+// Gurmukhi
+pref("font.name-list.serif.x-guru", "Noto Serif Gurmukhi, Times, Times New Roman");
+pref("font.name-list.sans-serif.x-guru", "Noto Sans Gurmukhi, Helvetica, Arial");
+pref("font.name-list.monospace.x-guru", "Noto Sans Gurmukhi, Menlo, Courier New");
+// Hebrew
+pref("font.name-list.serif.he", "Noto Serif Hebrew, Times, Times New Roman");
+pref("font.name-list.sans-serif.he", "Noto Sans Hebrew, Helvetica, Arial");
+pref("font.name-list.monospace.he", "Noto Sans Hebrew, Menlo, Courier New");
+// Kannada
+pref("font.name-list.serif.x-knda", "Noto Serif Kannada, Times, Times New Roman");
+pref("font.name-list.sans-serif.x-knda", "Noto Sans Kannada, Helvetica, Arial");
+pref("font.name-list.monospace.x-knda", "Noto Sans Kannada, Menlo, Courier New");
+// Khmer
+pref("font.name-list.serif.x-khmr", "Noto Serif Khmer, Times, Times New Roman");
+pref("font.name-list.sans-serif.x-khmr", "Noto Sans Khmer, Helvetica, Arial");
+pref("font.name-list.monospace.x-khmr", "Noto Sans Khmer, Menlo, Courier New");
+// Malayalam
+pref("font.name-list.serif.x-mlym", "Noto Serif Malayalam, Times, Times New Roman");
+pref("font.name-list.sans-serif.x-mlym", "Noto Sans Malayalam, Helvetica, Arial");
+pref("font.name-list.monospace.x-mlym", "Noto Sans Malayalam, Menlo, Courier New");
+// Oriya
+pref("font.name-list.serif.x-orya", "Noto Sans Oriya, Times, Times New Roman");
+pref("font.name-list.sans-serif.x-orya", "Noto Sans Oriya, Helvetica, Arial");
+pref("font.name-list.monospace.x-orya", "Noto Sans Oriya, Menlo, Courier New");
+// Sinhala
+pref("font.name-list.serif.x-sinh", "Noto Serif Sinhala, Times, Times New Roman");
+pref("font.name-list.sans-serif.x-sinh", "Noto Sans Sinhala, Helvetica, Arial");
+pref("font.name-list.monospace.x-sinh", "Noto Sans Sinhala, Menlo, Courier New");
+// Tamil
+pref("font.name-list.serif.x-tamil", "Noto Serif Tamil, Times, Times New Roman");
+pref("font.name-list.sans-serif.x-tamil", "Noto Sans Tamil, Helvetica, Arial");
+pref("font.name-list.monospace.x-tamil", "Noto Sans Tamil, Menlo, Courier New");
+// Telugu
+pref("font.name-list.serif.x-telu", "Noto Serif Telugu, Times, Times New Roman");
+pref("font.name-list.sans-serif.x-telu", "Noto Sans Telugu, Helvetica, Arial");
+pref("font.name-list.monospace.x-telu", "Noto Sans Telugu, Menlo, Courier New");
+// Tibetan
+pref("font.name-list.serif.x-tibt", "Noto Serif Tibetan, Times, Times New Roman");
+pref("font.name-list.sans-serif.x-tibt", "Noto Serif Tibetan, Helvetica, Arial");
+pref("font.name-list.monospace.x-tibt", "Noto Serif Tibetan, Menlo, Courier New");
+// Others (Balinese, Grantha, Khojki, Lao, Myanmar)
+pref("font.name-list.serif.x-unicode", "Times, Times New Roman, Noto Serif Balinese, Noto Serif Grantha, Noto Serif Khojki, Noto Serif Lao, Noto Serif Myanmar");
+pref("font.name-list.sans-serif.x-unicode", "Helvetica, Arial, Noto Sans Balinese, Noto Sans Grantha, Noto Sans Khojki, Noto Sans Lao, Noto Sans Myanmar");
+pref("font.name-list.monospace.x-unicode", "Menlo, Courier New, Noto Sans Balinese, Noto Sans Grantha, Noto Sans Khojki, Noto Sans Lao, Noto Sans Myanmar");
+// The rest are not customized, because they are covered only by one font
+#endif
+
+#ifdef XP_WIN
+pref("font.system.whitelist", "Arial, Cambria Math, Consolas, Courier New, Georgia, Lucida Console, MS Gothic, MS ゴシック, MS PGothic, MS Pゴシック, MV Boli, Malgun Gothic, Microsoft Himalaya, Microsoft JhengHei, Microsoft YaHei, 微软雅黑, Segoe UI, SimSun, 宋体, Sylfaen, Tahoma, Times New Roman, Verdana, Twemoji Mozilla, Noto Sans Adlam, Noto Sans Balinese, Noto Sans Bamum, Noto Sans Bassa Vah, Noto Sans Batak, Noto Sans Bengali, Noto Sans Buginese, Noto Sans Buhid, Noto Sans Canadian Aboriginal, No [...]
+
+// Arabic
+pref("font.name-list.serif.ar", "Times New Roman, Noto Naskh Arabic");
+pref("font.name-list.sans-serif.ar", "Segoe UI, Tahoma, Arial, Noto Naskh Arabic");
+pref("font.name-list.monospace.ar", "Consolas, Noto Naskh Arabic");
+// Bengali
+pref("font.name-list.serif.x-beng", "Noto Serif Bengali, Times New Roman");
+pref("font.name-list.sans-serif.x-beng", "Noto Sans Bengali, Arial");
+pref("font.name-list.monospace.x-beng", "Noto Sans Bengali, Consolas");
+// Canadian Aboriginal
+pref("font.name-list.serif.x-cans", "Noto Serif Canadian Aboriginal, Times New Roman");
+pref("font.name-list.sans-serif.x-cans", "Noto Sans Canadian Aboriginal, Arial");
+pref("font.name-list.monospace.x-cans", "Noto Sans Canadian Aboriginal, Consolas");
+// Cyrillic (we use Noto only for fallback, system fonts have a good coverage)
+pref("font.name-list.serif.x-cyrillic", "Times New Roman, Noto Serif");
+pref("font.name-list.sans-serif.x-cyrillic", "Arial, Noto Sans");
+// Devanagari
+pref("font.name-list.serif.x-devanagari", "Noto Serif Devanagari, Times New Roman");
+pref("font.name-list.sans-serif.x-devanagari", "Noto Sans Devanagari, Arial");
+pref("font.name-list.monospace.x-devanagari", "Noto Sans Devanagari, Consolas");
+// Ethiopic
+pref("font.name-list.serif.x-ethi", "Noto Serif Ethiopic, Times New Roman");
+pref("font.name-list.sans-serif.x-ethi", "Noto Sans Ethiopic, Arial");
+pref("font.name-list.monospace.x-ethi", "Noto Sans Ethiopic, Consolas");
+// Georgian
+pref("font.name-list.serif.x-geor", "Noto Serif Georgian, Times New Roman");
+pref("font.name-list.sans-serif.x-geor", "Noto Sans Georgian, Arial");
+pref("font.name-list.monospace.x-geor", "Noto Sans Georgian, Consolas");
+// Gujarati
+pref("font.name-list.serif.x-gujr", "Noto Serif Gujarati, Times New Roman");
+pref("font.name-list.sans-serif.x-gujr", "Noto Sans Gujarati, Arial");
+pref("font.name-list.monospace.x-gujr", "Noto Sans Gujarati, Consolas");
+// Gurmukhi
+pref("font.name-list.serif.x-guru", "Noto Serif Gurmukhi, Times New Roman");
+pref("font.name-list.sans-serif.x-guru", "Noto Sans Gurmukhi, Arial");
+pref("font.name-list.monospace.x-guru", "Noto Sans Gurmukhi, Consolas");
+// Kannada
+pref("font.name-list.serif.x-knda", "Noto Serif Kannada, Times New Roman");
+pref("font.name-list.sans-serif.x-knda", "Noto Sans Kannada, Arial");
+pref("font.name-list.monospace.x-knda", "Noto Sans Kannada, Consolas");
+// Khmer
+pref("font.name-list.serif.x-khmr", "Noto Serif Khmer, Times New Roman");
+pref("font.name-list.sans-serif.x-khmr", "Noto Sans Khmer, Arial");
+pref("font.name-list.monospace.x-khmr", "Noto Sans Khmer, Consolas");
+// Malayalam
+pref("font.name-list.serif.x-mlym", "Noto Serif Malayalam, Times New Roman");
+pref("font.name-list.sans-serif.x-mlym", "Noto Sans Malayalam, Arial");
+pref("font.name-list.monospace.x-mlym", "Noto Sans Malayalam, Consolas");
+// Oriya
+pref("font.name-list.serif.x-orya", "Noto Sans Oriya, Times New Roman");
+pref("font.name-list.sans-serif.x-orya", "Noto Sans Oriya, Arial");
+pref("font.name-list.monospace.x-orya", "Noto Sans Oriya, Consolas");
+// Sinhala
+pref("font.name-list.serif.x-sinh", "Noto Serif Sinhala, Times New Roman");
+pref("font.name-list.sans-serif.x-sinh", "Noto Sans Sinhala, Arial");
+pref("font.name-list.monospace.x-sinh", "Noto Sans Sinhala, Consolas");
+// Tamil
+pref("font.name-list.serif.x-tamil", "Noto Serif Tamil, Times New Roman");
+pref("font.name-list.sans-serif.x-tamil", "Noto Sans Tamil, Arial");
+pref("font.name-list.monospace.x-tamil", "Noto Sans Tamil, Consolas");
+// Telugu
+pref("font.name-list.serif.x-telu", "Noto Serif Telugu, Times New Roman");
+pref("font.name-list.sans-serif.x-telu", "Noto Sans Telugu, Arial");
+pref("font.name-list.monospace.x-telu", "Noto Sans Telugu, Consolas");
+// Tibetan
+pref("font.name-list.serif.x-tibt", "Microsoft Himalaya, Noto Serif Tibetan, Times New Roman");
+pref("font.name-list.sans-serif.x-tibt", "Microsoft Himalaya, Noto Serif Tibetan, Arial");
+pref("font.name-list.monospace.x-tibt", "Microsoft Himalaya, Noto Serif Tibetan, Consolas");
+// Others (Balinese, Grantha, Khojki, Lao, Myanmar)
+pref("font.name-list.serif.x-unicode", "Times New Roman, Noto Serif Balinese, Noto Serif Grantha, Noto Serif Khojki, Noto Serif Lao, Noto Serif Myanmar");
+pref("font.name-list.sans-serif.x-unicode", "Arial, Noto Sans Balinese, Noto Sans Grantha, Noto Sans Khojki, Noto Sans Lao, Noto Sans Myanmar");
+pref("font.name-list.monospace.x-unicode", "Consolas, Noto Sans Balinese, Noto Sans Grantha, Noto Sans Khojki, Noto Sans Lao, Noto Sans Myanmar");
+// The rest are not customized, because they are covered only by one font
+#endif
+
+#ifdef XP_LINUX
+pref("layout.css.font-visibility.resistFingerprinting", 3); // work around bug 41163
+
+// Arabic
+pref("font.name-list.serif.ar", "Noto Naskh Arabic, Tinos");
+pref("font.name-list.sans-serif.ar", "Noto Naskh Arabic, Arimo");
+pref("font.name-list.monospace.ar", "Noto Naskh Arabic, Cousine");
+// Armenian
+pref("font.name-list.serif.x-armn", "Noto Serif Armenian, Tinos");
+pref("font.name-list.sans-serif.x-armn", "Noto Sans Armenian, Arimo");
+pref("font.name-list.sans-serif.x-armn", "Noto Sans Armenian, Cousine");
+// Bengali
+pref("font.name-list.serif.x-beng", "Noto Serif Bengali, Tinos");
+pref("font.name-list.sans-serif.x-beng", "Noto Sans Bengali, Arimo");
+pref("font.name-list.monospace.x-beng", "Noto Sans Bengali, Cousine");
+// Canadian Aboriginal
+pref("font.name-list.serif.x-cans", "Noto Serif Canadian Aboriginal, Tinos");
+pref("font.name-list.sans-serif.x-cans", "Noto Sans Canadian Aboriginal, Arimo");
+pref("font.name-list.monospace.x-cans", "Noto Sans Canadian Aboriginal, Cousine");
+// ChineseCN
+pref("font.name-list.serif.zh-CN", "Noto Sans SC Regular, Tinos");
+pref("font.name-list.sans-serif.zh-CN", "Noto Sans SC Regular, Arimo");
+pref("font.name-list.monospace.zh-CN", "Noto Sans SC Regular, Cousine");
+// ChineseHK
+pref("font.name-list.serif.zh-HK", "Noto Sans TC Regular, Tinos");
+pref("font.name-list.sans-serif.zh-HK", "Noto Sans TC Regular, Arimo");
+pref("font.name-list.monospace.zh-HK", "Noto Sans TC Regular, Cousine");
+// ChineseTW
+pref("font.name-list.serif.zh-TW", "Noto Sans TC Regular, Tinos");
+pref("font.name-list.sans-serif.zh-TW", "Noto Sans TC Regular, Arimo");
+pref("font.name-list.monospace.zh-TW", "Noto Sans TC Regular, Cousine");
+// Cyrillic
+pref("font.name-list.serif.x-cyrillic", "Tinos");
+pref("font.name-list.sans-serif.x-cyrillic", "Arimo");
+pref("font.name-list.monospace.x-cyrillic", "Cousine");
+// Devanagari
+pref("font.name-list.serif.x-devanagari", "Noto Serif Devanagari, Tinos");
+pref("font.name-list.sans-serif.x-devanagari", "Noto Sans Devanagari, Arimo");
+pref("font.name-list.monospace.x-devanagari", "Noto Sans Devanagari, Cousine");
+// Ethiopic
+pref("font.name-list.serif.x-ethi", "Noto Serif Ethiopic, Tinos");
+pref("font.name-list.sans-serif.x-ethi", "Noto Sans Ethiopic, Arimo");
+pref("font.name-list.monospace.x-ethi", "Noto Sans Ethiopic, Cousine");
+// Georgian
+pref("font.name-list.serif.x-geor", "Noto Serif Georgian, Tinos");
+pref("font.name-list.sans-serif.x-geor", "Noto Sans Georgian, Arimo");
+pref("font.name-list.monospace.x-geor", "Noto Sans Georgian, Cousine");
+// Greek
+pref("font.name-list.serif.el", "Tinos");
+pref("font.name-list.sans-serif.el", "Arimo");
+pref("font.name-list.monospace.el", "Cousine");
+// Gujarati
+pref("font.name-list.serif.x-gujr", "Noto Serif Gujarati, Tinos");
+pref("font.name-list.sans-serif.x-gujr", "Noto Sans Gujarati, Arimo");
+pref("font.name-list.monospace.x-gujr", "Noto Sans Gujarati, Cousine");
+// Gurmukhi
+pref("font.name-list.serif.x-guru", "Noto Serif Gurmukhi, Tinos");
+pref("font.name-list.sans-serif.x-guru", "Noto Sans Gurmukhi, Arimo");
+pref("font.name-list.monospace.x-guru", "Noto Sans Gurmukhi, Cousine");
+// Hebrew
+pref("font.name-list.serif.he", "Noto Serif Hebrew, Tinos");
+pref("font.name-list.sans-serif.he", "Noto Sans Hebrew, Arimo");
+pref("font.name-list.monospace.he", "Noto Sans Hebrew, Cousine");
+// Japanese
+pref("font.name-list.serif.ja", "Noto Sans JP Regular, Tinos");
+pref("font.name-list.sans-serif.ja", "Noto Sans JP Regular, Arimo");
+pref("font.name-list.monospace.ja", "Noto Sans JP Regular, Cousine");
+// Kannada
+pref("font.name-list.serif.x-knda", "Noto Serif Kannada, Tinos");
+pref("font.name-list.sans-serif.x-knda", "Noto Sans Kannada, Arimo");
+pref("font.name-list.monospace.x-knda", "Noto Sans Kannada, Cousine");
+// Khmer
+pref("font.name-list.serif.x-khmr", "Noto Serif Khmer, Tinos");
+pref("font.name-list.sans-serif.x-khmr", "Noto Sans Khmer, Arimo");
+pref("font.name-list.monospace.x-khmr", "Noto Sans Khmer, Cousine");
+// Korean
+pref("font.name-list.serif.ko", "Noto Sans KR Regular");
+pref("font.name-list.sans-serif.ko", "Noto Sans KR Regular");
+pref("font.name-list.monospace.ko", "Noto Sans KR Regular");
+// Malayalam
+pref("font.name-list.serif.x-mlym", "Noto Serif Malayalam, Tinos");
+pref("font.name-list.sans-serif.x-mlym", "Noto Sans Malayalam, Arimo");
+pref("font.name-list.monospace.x-mlym", "Noto Sans Malayalam, Cousine");
+// Mathematics
+pref("font.name-list.serif.x-math", "STIX Math Regular, Tinos");
+pref("font.name-list.sans-serif.x-math", "STIX Math Regular, Arimo");
+pref("font.name-list.monospace.x-math", "STIX Math Regular, Cousine");
+// Oriya
+pref("font.name-list.serif.x-orya", "Noto Sans Oriya, Tinos");
+pref("font.name-list.sans-serif.x-orya", "Noto Sans Oriya, Arimo");
+pref("font.name-list.monospace.x-orya", "Noto Sans Oriya, Cousine");
+// Sinhala
+pref("font.name-list.serif.x-sinh", "Noto Serif Sinhala, Tinos");
+pref("font.name-list.sans-serif.x-sinh", "Noto Sans Sinhala, Arimo");
+pref("font.name-list.monospace.x-sinh", "Noto Sans Sinhala, Cousine");
+// Tamil
+pref("font.name-list.serif.x-tamil", "Noto Serif Tamil, Tinos");
+pref("font.name-list.sans-serif.x-tamil", "Noto Sans Tamil, Arimo");
+pref("font.name-list.monospace.x-tamil", "Noto Sans Tamil, Cousine");
+// Telugu
+pref("font.name-list.serif.x-telu", "Noto Serif Telugu, Tinos");
+pref("font.name-list.sans-serif.x-telu", "Noto Sans Telugu, Arimo");
+pref("font.name-list.monospace.x-telu", "Noto Sans Telugu, Cousine");
+// Thai
+pref("font.name-list.serif.th", "Noto Serif Thai, Tinos");
+pref("font.name-list.sans-serif.th", "Noto Sans Thai, Arimo");
+pref("font.name-list.monospace.th", "Noto Sans Thai, Cousine");
+// Tibetan
+pref("font.name-list.serif.x-tibt", "Noto Serif Tibetan, Tinos");
+pref("font.name-list.sans-serif.x-tibt", "Noto Serif Tibetan, Arimo");
+pref("font.name-list.monospace.x-tibt", "Noto Serif Tibetan, Cousine");
+// Western
+pref("font.name-list.serif.x-western", "Tinos");
+pref("font.name-list.sans-serif.x-western", "Arimo");
+pref("font.name-list.monospace.x-western", "Cousine");
+// Others (Balinese, Grantha, Khojki, Lao, Myanmar)
+pref("font.name-list.serif.x-unicode", "Tinos, Noto Serif Balinese, Noto Serif Grantha, Noto Serif Khojki, Noto Serif Lao, Noto Serif Myanmar");
+pref("font.name-list.sans-serif.x-unicode", "Arimo, Noto Sans Balinese, Noto Sans Grantha, Noto Sans Khojki, Noto Sans Lao, Noto Sans Myanmar");
+pref("font.name-list.monospace.x-unicode", "Cousine, Noto Sans Balinese, Noto Sans Grantha, Noto Sans Khojki, Noto Sans Lao, Noto Sans Myanmar");
+// The rest are not customized, because they are covered only by one font
+#endif
+#endif
diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js
index 84c76fd5eeff..16060fa72eb0 100644
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -50,9 +50,9 @@ pref("extensions.recommendations.themeRecommendationUrl", "https://color.firefox
 
 pref("extensions.update.autoUpdateDefault", true);
 
-// Check AUS for system add-on updates.
-pref("extensions.systemAddon.update.url", "https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml";);
-pref("extensions.systemAddon.update.enabled", true);
+// No AUS check for system add-on updates for Tor Browser users.
+pref("extensions.systemAddon.update.url", "");
+pref("extensions.systemAddon.update.enabled", false);
 
 // Disable add-ons that are not installed by the user in all scopes by default.
 // See the SCOPE constants in AddonManager.jsm for values to use here.
diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in
index c604afd2cbf8..bdc712aaa8e7 100644
--- a/browser/installer/package-manifest.in
+++ b/browser/installer/package-manifest.in
@@ -275,6 +275,7 @@
 @RESPATH@/browser/defaults/settings/blocklists
 @RESPATH@/browser/defaults/settings/main
 @RESPATH@/browser/defaults/settings/security-state
+@RESPATH@/browser/@PREF_DIR@/001-base-profile.js
 
 ; Warning: changing the path to channel-prefs.js can cause bugs (Bug 756325)
 ; Technically this is an app pref file, but we are keeping it in the original
diff --git a/browser/moz.build b/browser/moz.build
index 7b5566ac5de7..0df0a824f9ad 100644
--- a/browser/moz.build
+++ b/browser/moz.build
@@ -56,6 +56,7 @@ if CONFIG["MOZ_UPDATE_AGENT"]:
 # These files are specified in this moz.build to pick up DIST_SUBDIR as set in
 # this directory, which is un-set in browser/app.
 JS_PREFERENCE_PP_FILES += [
+    "app/profile/001-base-profile.js",
     "app/profile/firefox.js",
 ]
 FINAL_TARGET_FILES.defaults += ["app/permissions"]
diff --git a/mobile/android/app/geckoview-prefs.js b/mobile/android/app/geckoview-prefs.js
index 35092e25a647..6b1fc4e55cc9 100644
--- a/mobile/android/app/geckoview-prefs.js
+++ b/mobile/android/app/geckoview-prefs.js
@@ -93,3 +93,5 @@ pref("extensions.formautofill.addresses.capture.enabled", true);
 // Debug prefs.
 pref("browser.formfill.debug", false);
 pref("extensions.formautofill.loglevel", "Warn");
+
+#include 000-tor-browser-android.js
diff --git a/mobile/android/app/mobile.js b/mobile/android/app/mobile.js
index 9f5e09929199..d19ef30c4442 100644
--- a/mobile/android/app/mobile.js
+++ b/mobile/android/app/mobile.js
@@ -355,7 +355,11 @@ pref("app.update.timerMinimumDelay", 30); // seconds
 // used by update service to decide whether or not to
 // automatically download an update
 pref("app.update.autodownload", "wifi");
+#ifdef TOR_BROWSER_VERSION
+pref("app.update.url.android", "");
+#else
 pref("app.update.url.android", "https://aus5.mozilla.org/update/4/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%MOZ_VERSION%/update.xml";);
+#endif
 
 #ifdef MOZ_UPDATER
   /* prefs used specifically for updating the app */
diff --git a/mobile/android/app/moz.build b/mobile/android/app/moz.build
index 21fa8617c5ff..4686e3df08b8 100644
--- a/mobile/android/app/moz.build
+++ b/mobile/android/app/moz.build
@@ -17,6 +17,7 @@ if CONFIG["MOZ_PKG_SPECIAL"]:
     DEFINES["MOZ_PKG_SPECIAL"] = CONFIG["MOZ_PKG_SPECIAL"]
 
 JS_PREFERENCE_PP_FILES += [
+    "000-tor-browser-android.js",
     "mobile.js",
 ]
 
diff --git a/taskcluster/ci/source-test/mozlint.yml b/taskcluster/ci/source-test/mozlint.yml
index 246359bc4ba1..d354c81e71d3 100644
--- a/taskcluster/ci/source-test/mozlint.yml
+++ b/taskcluster/ci/source-test/mozlint.yml
@@ -151,6 +151,7 @@ lintpref:
         files-changed:
             - 'modules/libpref/init/all.js'
             - 'modules/libpref/init/StaticPrefList.yaml'
+            - 'browser/app/profile/001-base-profile.js'
             - 'browser/app/profile/firefox.js'
             - 'mobile/android/app/mobile.js'
             - 'devtools/client/preferences/debugger.js'

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits