FF112 is [scheduled](https://wiki.mozilla.org/Release_Management/Calendar) for r…elease Apr. 11th
[FF112 release notes](https://www.mozilla.org/firefox/112.0/releasenotes/)
[FF112 for developers](https://developer.mozilla.org/docs/Mozilla/Firefox/Releases/112)
[FF112 security advisories](https://www.mozilla.org/security/advisories/mfsa2023-13/)
---
61 diffs ( 31 new, 15 gone, 15 different )
### new in v112.0:
- FYI: **_these are not RFP, they are FPP which is different_** (see below) and these are WiP
- pref("privacy.resistFingerprinting.randomization.daily_reset.enabled", false);
- pref("privacy.resistFingerprinting.randomization.daily_reset.private.enabled", false);
- pref("privacy.resistFingerprinting.randomization.enabled", false); - e.g. to be removed in [1829643](https://bugzilla.mozilla.org/show_bug.cgi?id=1829643)
---
**_FYI: FPP:_** Mozilla are going to very slowly roll out a thing called FPP (FingerPrint Protection) into PB windows. This is a WiP. It will be ready when they announce it.
Phase 1 includes fonts at vis level 2 (i.e only allow os system fonts), subtle canvas randomizing (excluding IsPoinInPath and isPointInStroke), and _I think_ window positions = 0. Last but not least, removing _math entropy_ in audio for all FF users - note this does not remove all entropy, and RFP has additional protections which should then make all RFP users the same per platform (because Hrtz etc affect results but RFP sets those).
There will be a combination of 4 prefs: 2 x RFP, 2 x FPP, for all and pb modes. And not all combinations will be engineered. And RFP should always take precedence over FPP. ~~One thing I do know is that down the road we can use RFP in normal mode, and FPP in PB mode - which might be a great way to reduce breakage for some users frequent sites. I do know we cannot have the reverse (RFP in pb mode and FPP in normal mode)~~ edit: RFP always overrides FPP, so any split would be FPP in normal mode, and RFP in PB mode.
In the future, FPP can be a choice for those who don't like or can't use RFP but do want some randomizing. FPP is going to very compat, to the point where webcompat will be able to override individual protections on troublesome sites. So if FB breaks webcompat silently disables the problematic protection for FB when they add that site compat rule - so clearly this is a very different threat model, but may suit some people. Over time more protections will be added to FPP. I see this as replacing the need for Canvas Blocker
In order to enable/disable parts of FPP in testing, the two toms (ritter, schuster) and tim, and I'm sure there some more on the team, as a WiP, have engineered each protection as a `target`. So each target can globally be flipped on and off. This same targeting is somewhat related to the per site compat thing - but the pref itself is global. This same mechanism will also be able to be used for RFP (but super not recommended). In TB for example it would be locked off. Oh, and FPP will be tied to ETP.
So this answers all the people's questions about .. can I use RFP but turn off timezone and prefers-light. While I don't really recommend it, I need to think thru the ramifications a bit more. RFP is certainly more robust than an extension, and we're only confident of fooling naive scripts (don't get me wrong, advanced scripts have different levels of advanced, so full RFP most certainly does have an effect), so my gut feeling is that `this is fine` too.
That's all I'm going to say. All this is available in public bugzillas, and I know as much as that. I just spent a week in costa rica with the tor project (and tom ritter was there too, and we had a session on FPP as to what it is and how it relates to, or could enhance, RFP). Other than that (public info), it's all inhouse and tightly kept a secret (fair enough)
So that's about all I know (there is more: like exceptions and cascading iframes, i.e cross domain, but let's not go down the rabbit hole just yet), and it's fairly complicated and a WiP, so please don't ask questions. Let's just wait and see what happens when it lands and is announced by Firefox (because by then it should be robust and working as planned)
-thorin
---
### changed in v112.0:
FYI
- pref("browser.contentblocking.features.strict", "tp,tpPrivate,cookieBehavior5,cookieBehaviorPBM5,cm,fp,stp,emailTP,emailTPPrivate,lvl2,lvl2PBM,rp,rpTop,ocsp,qps,qpsPBM");
- prev: `tp,tpPrivate,cookieBehavior5,cookieBehaviorPBM5,cm,fp,stp,lvl2,lvl2PBM,rp,rpTop,ocsp,qps,qpsPBM`
- diff: `emailTP, emailTPPrivate` added
---
### ignore
<details><summary>click me for details</summary><p>
==NEW
```js
pref("browser.history_swipe_animation.disabled", false);
pref("browser.newtabpage.activity-stream.discoverystream.spoc-topsites-positions", "1");
pref("browser.promo.cookiebanners.enabled", false);
pref("browser.translations.useHTML", false);
pref("browser.urlbar.resultMenu.keyboardAccessible", true);
pref("dom.checkedUnsafePtr.dumpStacks.enabled", false);
pref("dom.element.popover.enabled", false);
pref("dom.memory.foreground_content_processes_have_larger_page_cache", true);
pref("dom.window_position_size_properties_replaceable.enabled", true);
pref("gfx.webgpu.ignore-blocklist", false);
pref("gfx.webrender.dcomp-video-check-slow-present", true);
pref("gfx.webrender.max-shared-surface-size", 2048);
pref("gfx.webrender.scissored-cache-clears.enabled", true);
pref("gfx.webrender.scissored-cache-clears.force-enabled", false);
pref("javascript.options.wasm_extended_const", true);
pref("layout.css.exp.enabled", false);
pref("layout.css.forced-color-adjust.enabled", false);
pref("layout.css.motion-path-offset-position.enabled", false);
pref("network.auth.supress_auth_prompt_for_XFO_failures", true);
pref("network.trr.ohttp.config_uri", "");
pref("network.trr.ohttp.relay_uri", "");
pref("network.trr.ohttp.uri", "");
pref("network.trr.use_ohttp", false);
pref("print.save_as_pdf.use_page_rule_size_as_paper_size.enabled", false);
pref("privacy.query_stripping.listService.logLevel", "Error");
pref("privacy.trackingprotection.emailtracking.pbmode.enabled", true);
pref("security.sandbox.utility-wmf-cdm.lpac.enabled", false);
pref("security.tls.ech.grease_http3", false);
```
==REMOVED, RENAMED or HIDDEN
```js
pref("browser.display.normal_lineheight_calc_control", 2);
pref("browser.display.show_loading_image_placeholder", false);
pref("browser.urlbar.weather.zeroPrefix", true);
pref("dom.fileHandle.enabled", false);
pref("editor.css.default_length_unit", "px");
pref("editor.hr_element.allow_to_delete_from_following_line", true);
pref("editor.initialize_element_before_connect", true);
pref("editor.positioning.offset", 0);
pref("editor.resizing.preserve_ratio", true);
pref("editor.use_div_for_default_newlines", true);
pref("gfx.webgpu.force-enabled", false);
pref("layout.css.moz-box-flexbox-emulation.enabled", false);
pref("security.sandbox.content.tempDirSuffix", "");
pref("security.sandbox.plugin.tempDirSuffix", "");
pref("widget.pause-compositor-when-minimized", true);
```
==CHANGED
```js
pref("browser.newtabpage.activity-stream.discoverystream.saveToPocketCard.enabled", true); // prev: false
pref("browser.newtabpage.activity-stream.discoverystream.sendToPocket.enabled", true); // prev: false
pref("dom.media.autoplay-policy-detection.enabled", true); // prev: false
pref("dom.mozTextStyle.enabled", false); // prev: true
pref("dom.quotaManager.backgroundTask.enabled", true); // prev: false
pref("dom.sitepermsaddon-provider.separatedBlocklistedDomains", "shopee.co.th,shopee.tw,shopee.co.id,shopee.com.my,shopee.vn,shopee.ph,shopee.sg,shopee.com.br,shopee.com,shopee.cn,shopee.io,shopee.pl,shopee.com.mx,shopee.com.co,shopee.cl,shopee.kr,shopee.es,shopee.in,alipay.com,miravia.es"); // prev: "shopee.co.th,alipay.com,miravia.es"
pref("dom.workers.pFetch.enabled", true); // prev: false
pref("gfx.max-alloc-size", 2147483647); // prev: 500000000
pref("gfx.webrender.dcomp-video-sw-overlay-win", true); // prev: false
pref("html5.inert.enabled", true); // prev: false
pref("layout.css.linear-easing-function.enabled", true); // prev: false
pref("layout.css.overflow-overlay.enabled", true); // prev: false
pref("layout.forms.reveal-password-context-menu.enabled", true); // prev: false
pref("security.webauth.u2f", false); // prev: true
```
</p></details>