2025.08.06.1

---

Changes

• Disabled WASM-Ion JIT instead of WASM-Baseline JIT by default. - (Details: 1)
• Decreased the lifetime of certain content processes. - (Details: 1, 2)
• Enabled the Integrity-Policy header by default. - (Details: 1)
• Required resources loaded by MV2 extensions to be specified under web_accessible_resources in the extension's manifest by default. - (Details: 1)
• Updated the list of quarantined/restricted domains. - (Details: 1)
• Other minor tweaks, fixes, and adjustments.

Android-only

• Blocked websites from prompting to access geolocation by default. - (Details: 1)
• Blocked websites from prompting to display notifications by default. - (Details: 1)
• Increased the number of processes to improve performance and security. - (Details: 1)
• Prevented over-allocation of webCOOP+COEP processes, due to upstream setting an incorrect value for dom.ipc.processCount.webCOOP+COEP. - (Details: 1)
• Updated the list of domains excluded from DNS over HTTPS by default. - (Details: 1, 2, 3, 4)

Desktop-only

• Enabled a toggle to easily configure exceptions for Firefox Translations, located at about:preferences#general, which can be found by navigating to Languages -> Firefox Translations -> Exceptions.... - (Details: 1)

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)

2025.07.30.1

---

• Temporarily disabled unconditionally blocking Local Network Access requests, due to breakage of LAN resources (though we still block access for trackers, and block access for websites in general with uBlock Origin).

  See details: https://codeberg.org/celenity/Phoenix/issues/162 + https://codeberg.org/celenity/Phoenix/issues/164 + https://codeberg.org/celenity/Phoenix/commit/07fe3b2a73439acc47624a90f526aebd0b670417

  network.lna.blocking -> false

• Fixed use of the OS geolocation provider on Android, GNU/Linux, and macOS.

  See details: https://codeberg.org/celenity/Phoenix/commit/427347e88323e96997e2e84c9e9cce9afd7b6e77

  geo.provider.use_mls -> false

• ANDROID: Fixed Firefox Translations.

  See details: https://codeberg.org/celenity/Phoenix/commit/0590ae3dff47342af52da8a72300975b2682e069

  extensions.webextensions.base-content-security-policy -> script-src 'self' 'wasm-unsafe-eval' 'unsafe-inline'; upgrade-insecure-requests;

• ANDROID: No longer set pdfjs.historyUpdateUrl to true by default, as it's currently broken/doesn't work properly.

  See details: https://codeberg.org/celenity/Phoenix/commit/d8c7f561dfd228217d227ff3ef4d95b4baa577fa

  pdfjs.historyUpdateUrl -> false

• Prevented exposing XPCOM Components.interfaces to websites.

  See details: https://codeberg.org/celenity/Phoenix/commit/b94aedaee24be82c49e75dc251f3d55ce2e3debe

  dom.use_components_shim -> false

• ANDROID: Enabled the Potentially Harmful Application list (when Safe Browsing is enabled).

  See details: https://codeberg.org/celenity/Phoenix/commit/6083b56252a2672fb410f1a6d0420341936f6df2

  urlclassifier.malwareTable -> goog-malware-proto,goog-unwanted-proto,moztest-harmful-simple,moztest-malware-simple,moztest-unwanted-simple,goog-harmful-proto

• Re-enabled the warning when entering fullscreen mode by default (though we still disable the obnoxious delay...).

  See details: https://codeberg.org/celenity/Phoenix/commit/fd0556187aaf90e2347c9230d8401b6e4a53b59e

  full-screen-api.warning.delay -> 500
full-screen-api.warning.timeout -> 3000

• ANDROID: Blocked media autoplay by default.

  See details: https://codeberg.org/celenity/Phoenix/commit/ec799519af8e4f387fd4e2f4b562547f821f6f77

  media.geckoview.autoplay.request.testing -> 2

• Added new preferences to disable/skip Mozilla's Terms of Use.

  See details: https://codeberg.org/celenity/Phoenix/commit/2110f9f7d1e2bbd1e46510aad3a1b190b229a1ef

  termsofuse.acceptedDate -> 32503679999000
termsofuse.acceptedVersion -> 999
termsofuse.bypassNotification -> true

• DESKTOP: Added DNS4EU to the list of built-in DNS over HTTPS resolvers.

  See details: https://codeberg.org/celenity/Phoenix/commit/e9fb2f053e10fd45753e986c516ebcd7cd3cf72b

• DESKTOP: Added Startpage (EU) to the list of default search engines.

  See details: https://codeberg.org/celenity/Phoenix/commit/9d91666328959e814672f1507affad2c70eed582

• DESKTOP: Allowed Remote Settings collections are no longer configured for LibreWolf users.

  See details: https://codeberg.org/celenity/Phoenix/commit/a202fa0b0db8b119237292f5e49d9080fa62d50b

  librewolf.services.settings.allowedCollections ->

• YOUTUBE SPECIALIZED CONFIG: Disabled dynamic rounding of content dimensions/letterboxing by default.

  See details: https://codeberg.org/celenity/Phoenix/commit/366ab84f4d408fbd04cca44d7c40b963cbf22467

  privacy.resistFingerprinting.letterboxing -> false

• Other minor tweaks, fixes, and adjustments.

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)

2025.07.11.1

⚠️ IMPORTANT NOTE FOR MACOS INTEL USERS:

To ensure Phoenix continues to work properly, you must run the migration script with the following command in your terminal:

/bin/zsh -c "$(curl --cert-status --doh-cert-status --no-insecure --no-proxy-insecure --no-sessionid --no-ssl --no-ssl-allow-beast --no-ssl-auto-client-cert --no-ssl-no-revoke --no-ssl-revoke-best-effort --proto -all,https --proto-default https --proto-redir -all,https --show-error -sSL https://gitlab.com/celenityy/Phoenix/-/raw/pages/installer_scripts/macos_migrate.sh)"

Note that this ONLY impacts Intel macOS users.

Apologies for any inconvenience, and thank you for your time, patience, and support.

---

• DESKTOP: Updated environment variables to disable ASan crash reporting and SSLKEYLOGGING. - APPLE SILICON USERS: Please expand this and see the attached note below!

  See details: https://codeberg.org/celenity/Phoenix/commit/e74226995f4defd0385ae4c92e4b1599c42b97f3

  NOTE: macOS (Apple Silicon) users must run the environment variable update script with the following command in your terminal to add the new environment updates:

  /bin/zsh -c "$(curl --cert-status --doh-cert-status --no-insecure --no-proxy-insecure --no-sessionid --no-ssl --no-ssl-allow-beast --no-ssl-auto-client-cert --no-ssl-no-revoke --no-ssl-revoke-best-effort --proto -all,https --proto-default https --proto-redir -all,https --show-error -sSL https://gitlab.com/celenityy/Phoenix/-/raw/pages/installer_scripts/macos_new_env.sh)"

  This is NOT necessary for macOS (Intel) users, as these are automatically added as part of the migration script.

• Customized the list of quarantined/restricted domains that untrustworthy extensions can't run on by default.

  See details: https://codeberg.org/celenity/Phoenix/commit/a6b5afdd213c1408404ba9f0a7844a9b52b5d5a2 + https://codeberg.org/celenity/Phoenix/commit/13d0d212d9ae231d0dac1c3431bc37f7a386f3d8 + https://codeberg.org/celenity/Phoenix/commit/9c71b6f4f49f6c2ef3c55365cf3a75ca3404186e + https://codeberg.org/celenity/Phoenix/commit/c1b410dc70d77e5a5906fb222be5731442177f8f + https://codeberg.org/celenity/Phoenix/commit/7c89a5ce91720d0a4cf87d208046007b0b374162

• Allowed certain reputable extensions to run on quarantined/restricted domains by default.

  See details: https://codeberg.org/celenity/Phoenix/commit/588316fb53bf051aa3084fb7a77f8f63057c4fcf + https://codeberg.org/celenity/Phoenix/commit/9c71b6f4f49f6c2ef3c55365cf3a75ca3404186e + https://codeberg.org/celenity/Phoenix/commit/a3f978f790668fc501c9427467874950b422185b

• Prevented certain extensions from running on quarantined/restricted domains by default.

  See details: https://codeberg.org/celenity/Phoenix/commit/4a1d230b00e91ad33b17c6fa1738e2d3e703b468 + https://codeberg.org/celenity/Phoenix/commit/9c71b6f4f49f6c2ef3c55365cf3a75ca3404186e

• Disabled ETP exceptions for minor issues by default - Currently on Nightly.

  See details: https://codeberg.org/celenity/Phoenix/commit/538cea548af3a19a23a2f2aa3e76e0fbe3a7f754

  privacy.trackingprotection.allow_list.convenience.enabled -> false

• DESKTOP: Updated built-in DoH resolvers.

  See details: https://codeberg.org/celenity/Phoenix/commit/ff290bb6a5bd6f9c490e83178762aff8847a4750

  doh-rollout.provider-list -> [{"uri":"https://dns.quad9.net/dns-query","UIName":"Quad9 🇨🇭","autoDefault":true},{"uri":"https://dns.adguard-dns.com/dns-query","UIName":"AdGuard 🇨🇾","autoDefault":false},{"uri":"https://unfiltered.adguard-dns.com/dns-query","UIName":"AdGuard (Unfiltered) 🇨🇾","autoDefault":false},{"uri":"https://mozilla.cloudflare-dns.com/dns-query","UIName":"Cloudflare 🇺🇸","autoDefault":false},{"uri":"https://security.cloudflare-dns.com/dns-query","UIName":"Cloudflare (Malware Protection) 🇺🇸","autoDefault":false},{"uri":"https://dns0.eu","UIName":"DNS0 🇫🇷","autoDefault":false},{"uri":"https://zero.dns0.eu","UIName":"DNS0 (ZERO) 🇫🇷","autoDefault":false},{"uri":"https://base.dns.mullvad.net/dns-query","UIName":"Mullvad (Base) 🇸🇪","autoDefault":false},{"uri":"https://dns.mullvad.net/dns-query","UIName":"Mullvad (Unfiltered) 🇸🇪","autoDefault":false},{"uri":"https://firefox.dns.nextdns.io/","UIName":"NextDNS 🇺🇸","autoDefault":false},{"uri":"https://wikimedia-dns.org/dns-query","UIName":"Wikimedia 🇺🇸","autoDefault":false}]

• DESKTOP: Added DuckDuckGo (No AI) as a default search engine.

  See details: https://codeberg.org/celenity/Phoenix/commit/1cec9e02962346b4fbf9ad8618b24d6f1576a728

• DESKTOP: Removed Mozilla's referral URL parameter from DuckDuckGo.

  See details: https://codeberg.org/celenity/Phoenix/commit/e620783cb2cc7ec301b4acc0458c4861af7f5bd8

• DESKTOP: Added Mozilla's new policies to disable "Stories" and "Sponsored Stories" on about:home.

  See details: https://codeberg.org/celenity/Phoenix/commit/d14b9b2c85275c2bb59275063fb40d462933741a

• DESKTOP: Added policies to skip Mozilla's onboarding, disable What's New pages, and to (attempt to) enable Firefox Labs.

  See details: https://codeberg.org/celenity/Phoenix/commit/db08d157a79927b2337966d21938f26053fe9059

• Prevented Firefox from adding random recently visited sites to shortcuts/pins on the browser homepage by default.

  See details: https://codeberg.org/celenity/Phoenix/commit/a453d2e3615df89fc20b196506d7e04c3c6be6e9

  places.frecency.bookmarkVisitBonus -> 0
places.frecency.linkVisitBonus -> 0
places.frecency.permRedirectVisitBonus -> 0
places.frecency.redirectSourceVisitBonus -> 0
places.frecency.tempRedirectVisitBonus -> 0
places.frecency.typedVisitBonus -> 0
places.frecency.unvisitedBookmarkBonus -> 0
places.frecency.unvisitedTypedBonus -> 0

• Spoofed WebGL's "Unmasked Renderer" in Debug Info to always return "Mozilla", even if FPP/RFP is disabled.

  See details: https://codeberg.org/celenity/Phoenix/commit/a8a9e20c59fdcb6b8ecb6d79bbd6acb9e96d1031

  webgl.sanitize-unmasked-renderer -> false

• If FPP/RFP is disabled, limited font visibility to base system fonts + fonts from optional language packs.

  See details: https://codeberg.org/celenity/Phoenix/commit/0e87018940c62c9d52eb2b80a1aabe2a914fe737

  layout.css.font-visibility -> 2

• Fixed an issue that broke local machine learning models.

  See details: https://codeberg.org/celenity/Phoenix/issues/151 + https://codeberg.org/celenity/Phoenix/commit/5d625d48e8e920f06b5d119e812214365409eefd

• Prevented Safe Mode from automatically starting by default.

  See details: https://codeberg.org/celenity/Phoenix/commit/ea1414a4bc0043b2ef5d255a6914e9fc5d1f39e1

  toolkit.startup.max_resumed_crashes -> -1

• Disabled the AMO Abuse Report API (navigator.mozAddonManager.reportAbuse).

  See details: https://codeberg.org/celenity/Phoenix/commit/23eb84674a103b9ef2349764c508f4358167db90

  extensions.addonAbuseReport.url ->

• DESKTOP: Disabled hiding URLs with certain parameters from Top Sites by default.

  See details: https://codeberg.org/celenity/Phoenix/commit/1aee423b507df46f12f6b0b3027e2f18a07313f9

  browser.newtabpage.activity-stream.hideTopSitesWithSearchParam ->

• DESKTOP: Prevented recommending users to install add-ons for search engines.

  See details: https://codeberg.org/celenity/Phoenix/commit/59b132ae7f555749e68299016dcf7ad51080b910

  browser.search.searchEnginesURL ->

• DESKTOP: Added a placeholder shortcut to about:home by default, to allow easily adding custom shortcuts/pins.

  See details: https://codeberg.org/celenity/Phoenix/commit/6f7c769878ee1cedaff7a0e43ba2585f05baa54a

  browser.newtabpage.pinned -> [{"url":"","label":"! Placeholder"}]

• Removed preferences that are no longer necessary, thanks to ESR 140.

  See details: https://codeberg.org/celenity/Phoenix/commit/cb5df025a8210ee96f767a87c22e0b70080d1c10

  security.csp.reporting.limit.count
security.csp.reporting.limit.timespan
security.csp.reporting.script-sample.max-length
security.csp.truncate_blocked_uri_for_frame_navigations

• Removed no longer necessary "-WebGLRenderInfo" FPP overrides.

  See details: https://bugzilla.mozilla.org/show_bug.cgi?id=1966860 + https://codeberg.org/celenity/Phoenix/commit/ebbd445f39efcc11d099a164a415e448c157244f

• Stopped setting cookie banner rules locally, due to it being too buggy/broken, and due to it being generally unnecessary anyways.

  See details: https://codeberg.org/celenity/Phoenix/commit/c8bb872e7159dabc4647648c462e87bab1e1e687

• Disabled timezone spoofing for `bahn.de` by default.

  See details: https://codeberg.org/celenity/Phoenix/issues/157 + https://codeberg.org/celenity/Phoenix/commit/f1ac69ae534a2c77776cec0f3ca9f1253f172b0f

...

2025.06.24.1

⚠️ IMPORTANT NOTE FOR DESKTOP USERS OF GECKO MEDIA PLUGINS (OpenH264, Widevine):

While we don't support the use of Gecko Media Plugins and the plug-in it provides (OpenH264, Widevine), for users who do use this functionality at their own discretion: To continue receiving updates to your installed plug-ins, you must set media.gmp-manager.updateEnabled to true in your about:config.

---

• Prevented PDF.js from attempting to load/convert unknown binary files.

  See details: https://codeberg.org/celenity/Phoenix/commit/76509aeb06da6ef33d928975d20758aa8ad13bb1

  pdfjs.handleOctetStream -> false

• Enforced using the internal font renderer when viewing PDFs with PDF.js.

  See details: https://codeberg.org/celenity/Phoenix/commit/0fc24596cb379cd6404e17e72f7bacd392552eeb

  pdfjs.disableFontFace -> true

• Forced PDFs to be downloaded/viewed locally, and enabled a prompt before opening PDF.js by default.

  See details: https://codeberg.org/celenity/Phoenix/commit/d786f2561b812f824eb29c29c44f04747a81e5df

  ANDROID: browser.download.force_save_internally_handled_attachments -> true
browser.download.open_pdf_attachments_inline -> false
pdfjs.disableRange -> true
pdfjs.disableStream -> true

• Enabled Private Network Access Restrictions.

  See details: https://codeberg.org/celenity/Phoenix/commit/481d2042382a6382cf2e3bb9a600a98e463c76c2 + https://codeberg.org/celenity/Phoenix/commit/0eaee7308dd0ff1154649a3022e198bd6e3d75a3

  network.lna.block_trackers -> true
network.lna.blocking -> true
network.lna.enabled -> true

• Strengthened Bounce Tracking Protection to protect against all bounce trackers, instead of just those who access cookies/storage.

  See details: https://codeberg.org/celenity/Phoenix/commit/643c214d5f36fb6d02692d14fa164804e81f1631

  privacy.bounceTrackingProtection.requireStatefulBounces -> false

• Enabled blocking of known fingerprinters classified as "anti-fraud".

  See details: https://codeberg.org/celenity/Phoenix/commit/561ef26af3bcb88f9d71d499ad79ae3de7c058a1

  privacy.trackingprotection.antifraud.annotate_channels -> true
privacy.trackingprotection.antifraud.skip.enabled -> false
privacy.trackingprotection.antifraud.skip.pbmode.enabled -> false

• DESKTOP: Added policy to block tracking cookies.

  See details: https://codeberg.org/celenity/Phoenix/commit/e9dbd0a59c513e1bf385365b85dde831dcd19c8f

  Cookies -> RejectTracker -> true

• Disabled the Web Share API.

  See details: https://codeberg.org/celenity/Phoenix/commit/042de50a5c69e9e71b1a3954f0745c814bcfa357

  dom.webshare.enabled -> false
dom.webshare.requireinteraction -> true

• Disabled the File System Access API.

  See details: https://codeberg.org/celenity/Phoenix/commit/583d8bb1e20600e8c7753c9bf9a856063b94995c

  dom.fs.enabled -> false

• Blocked invalid cookies - Currently on Nightly.

  See details: https://codeberg.org/celenity/Phoenix/commit/ee14d1a3c9c9e5f5bdc4abd6c6b7c4f72788f83a

  extensions.cookie.rejectWhenInvalid -> true

• Disabled requests to '0.0.0.0'.

  See details: https://codeberg.org/celenity/Phoenix/commit/5090159fc1f3882cac9fe68ded588def766d631c

  network.socket.ip_addr_any.disabled -> true

• Fixed a syntax error that prevented cookie banner rules from being applied properly.

  See details: https://codeberg.org/celenity/Phoenix/issues/147 + https://codeberg.org/celenity/Phoenix/commit/c600fd56160a36a83bf49f63ff0c014c177fe08a

• ANDROID: Fixed a syntax error that prevented our FPP overrides from being applied properly.

  See details: https://codeberg.org/celenity/Phoenix/pulls/146 - Thanks to @FaFre 💜

• Fixed support links.

  See details: https://codeberg.org/celenity/Phoenix/commit/4b8ae92aaf4dc4e83576054f9117c276c18092d1

• Enabled PDF.js Alt Text functionality, but disabled "Automatic" Alt Text by default.

  See details: https://codeberg.org/celenity/Phoenix/commit/8d2f4e0f7640aaa55b11aa2f1b06dd0befc52d73

  pdfjs.enableAltText -> true
pdfjs.enableAltTextForEnglish -> true
pdfjs.enableAltTextModelDownload -> false
pdfjs.enableGuessAltText -> true
pdfjs.enableNewAltTextWhenAddingImage -> true
pdfjs.enableUpdatedAddImage -> true

• Removed unnecessary Safe Browsing prefs to avoid extra complexity and confusion.

  See details: https://codeberg.org/celenity/Phoenix/commit/c1e05f405abf34cec6c008e24749a9a25a377346

  browser.safebrowsing.features.blockedURIs.update
browser.safebrowsing.features.consentmanager.annotate.update
browser.safebrowsing.features.cryptomining.annotate.update
browser.safebrowsing.features.cryptomining.update
browser.safebrowsing.features.downloads.update
browser.safebrowsing.features.emailtracking.update
browser.safebrowsing.features.fingerprinting.annotate.update
browser.safebrowsing.features.fingerprinting.update
browser.safebrowsing.features.malware.update
browser.safebrowsing.features.phishing.update
browser.safebrowsing.features.socialtracking.annotate.update
browser.safebrowsing.features.socialtracking.update
browser.safebrowsing.features.trackingAnnotation.update
browser.safebrowsing.features.trackingProtection.update
browser.safebrowsing.provider.mozilla.updateURL

• Switched to using the 'browser.safebrowsing.provider.google.lists' pref to disable the legacy (v2.2) Safe Browsing API, instead of 'browser.safebrowsing.provider.google.gethashURL' & 'browser.safebrowsing.provider.google.updateURL'.

  See details: https://codeberg.org/celenity/Phoenix/commit/a2b850709cd4da44da3d464d095e6376e35bfb7d + https://codeberg.org/celenity/Phoenix/commit/990c968e1e68b6d7e92c0c0c9127e63a03973fe2

  browser.safebrowsing.provider.google.gethashURL -> https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
browser.safebrowsing.provider.google.updateURL -> https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2&key=%GOOGLE_SAFEBROWSING_API_KEY%
browser.safebrowsing.provider.google.lists -> disabled
browser.safebrowsing.provider.google.lists.default -> goog-badbinurl-shavar,goog-downloadwhite-digest256,goog-phish-shavar,googpub-phish-shavar,goog-malware-shavar,goog-unwanted-shavar

• Created a separate Safe Browsing provider for the IronFox proxy endpoint, and made it easier for users to switch between using the proxied vs. unproxied standard Google endpoint.

  See details: https://codeberg.org/celenity/Phoenix/commit/990c968e1e68b6d7e92c0c0c9127e63a03973fe2

  browser.safebrowsing.provider.google4.advisoryName -> Google Safe Browsing (Unproxied)
browser.safebrowsing.provider.google4.gethashURL -> https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSING_API_KEY%&$httpMethod=POST
browser.safebrowsing.provider.google4.lists -> disabled
browser.safebrowsing.provider.google4.lists.default -> goog-badbinurl-proto,goog-downloadwhite-proto,goog-phish-proto,googpub-phish-proto,goog-malware-proto,goog-unwanted-proto,goog-harmful-proto
browser.safebrowsing.provider.google4.updateURL -> https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSING_API_KEY%&$httpMethod=POST
browser.safebrowsing.provider.ironfox.advisoryName -> Google Safe Browsing (Proxied by IronFox)
browser.safebrowsing.provider.ironfox.advisoryURL -> https://developers.google.com/safe-browsing/v4/advisory
browser.safebrowsing.provider.ironfox.dataSharing.enabled -> false
browser.safebrowsing.provider.ironfox.dataSharingURL ->
  browser.safebrowsing.provider.ironfox.gethashURL -> https://safebrowsing.ironfoxoss.org/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSING_API_KEY%&$httpMethod=POST
browser.safebrowsing.provider.ironfox.lists -> goog-badbinurl-proto,goog-downloadwhite-proto,goog-phish-proto,googpub-phish-proto,goog-malware-proto,goog-unwanted-proto,goog-harmful-proto
browser.safebrowsing.provider.ironfox.nextupdatetime -> 1
browser.safebrowsing.provider.ironfox.pver -> 4
browser.safebrowsing.provider.ironfox.reportMalwareMistakeURL -> https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla&url=
browser.safebrowsing.provider.ironfox.reportPhishMistakeURL -> https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla&url=
browser.safebrowsing.provider.ironfox.reportURL -> https://transparencyreport.google.com/safe-browsing/search?url=
browser.safebrowsing.provider.ironfox.updateURL -> `https://safebrowsing.ironfoxoss.org/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=...

2025.06.12.1

⚠️ THIS RELEASE IS ONLY FOR ANDROID USERS.

The latest version of Phoenix for other platforms (GNU/Linux, macOS, and Windows) is still 2025.06.10.1.

---

• Fixed an Android-specific issue that broke file uploads.

  See details: https://codeberg.org/celenity/Phoenix/issues/141 + https://codeberg.org/ironfox-oss/IronFox/issues/78 + https://gitlab.com/ironfox-oss/IronFox/-/issues/116 + https://codeberg.org/celenity/Phoenix/commit/fadb5d99433ba098dba3110d7725b9e3d68e98b4

  network.file.path_blacklist ->

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)

2025.06.10.1

---

• Fixed typing issues experienced by users in certain cases.

  See details: https://codeberg.org/celenity/Phoenix/commit/d7ecac4671232101e04df80b587793bedc9ea7b0

  focusmanager.testmode -> false

• Updated FPP overrides to unbreak cakepay.com.

  See details: https://codeberg.org/celenity/Phoenix/issues/143

  privacy.fingerprintingProtection.granularOverrides -> [{"firstPartyDomain":"cakepay.com","overrides":"-WebGLRenderInfo"}]

• Blocked cakepay.com from extracting (randomized) canvas data.

  See details: https://codeberg.org/celenity/Phoenix/commit/4bd2aae6b4af45c8fa7157d9b13c842cb886de4a

  non-Android: privacy.fingerprintingProtection.granularOverrides -> [{"firstPartyDomain":"cakepay.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"}]
  Android: privacy.fingerprintingProtection.granularOverrides -> [{"firstPartyDomain":"cakepay.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"}]

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)

2025.06.06.1

---

• WINDOWS: Fixed a crash that occurred for certain users upon entering uBlock Origin's Dashboard.

  See details: https://codeberg.org/celenity/Phoenix/commit/8d3e9daa96f5eda94a6305cc901de3645036c7ec + https://codeberg.org/celenity/Phoenix/issues/110

  security.sandbox.content.shadow-stack.enabled -> false

• Blocked ports currently known to be abused by Android apps for tracking/fingerprinting.

  See details: https://codeberg.org/celenity/Phoenix/commit/87f9e1ba6a5c570c8ca7c1664f07272ea04a9bd3

  network.security.ports.banned -> 29009, 29010, 30102, 30103, 12387, 12388, 12580, 12581, 12582, 12583, 12584, 12585, 12586, 12587, 12588, 12589, 12590, 12591

• Prevented notifying websites if users switch focus/active windows by default.

  focusmanager.testmode -> true

• Allowed users to add URLs to Enhanced Tracking Protection from the about:config.

  See details: https://codeberg.org/celenity/Phoenix/commit/606ad3cc3d733c179359d38b2be83f66dcbd0602

  urlclassifier.trackingAnnotationTable.testEntries ->

• Allowed users to exclude URLs from Enhanced Tracking Protection from the about:config.

  See details: https://codeberg.org/celenity/Phoenix/commit/606ad3cc3d733c179359d38b2be83f66dcbd0602

  urlclassifier.features.consentmanager.annotate.skipURLs ->
  urlclassifier.features.cryptomining.skipURLs ->
  urlclassifier.features.emailtracking.skipURLs ->
  urlclassifier.features.fingerprinting.skipURLs ->
  urlclassifier.features.socialtracking.skipURLs ->
  urlclassifier.trackingSkipURLs ->

• Disabled timezone spoofing for Google domains in first party contexts by default to prevent CAPTCHAs.

  See details: https://codeberg.org/celenity/Phoenix/commit/ecce20e5b8dab1dba50d87d02f13f7ea1d8e973e

  NOTE: You can re-enable timezone spoofing for Google domains in first party contexts by setting privacy.fingerprintingProtection.granularOverrides in your about:config to:

  [{"firstPartyDomain":"google.ad","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.ae","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.al","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.am","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.as","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.at","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.az","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.ba","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.be","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.bf","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.bg","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.bi","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.bj","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.bs","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.bt","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.by","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.ca","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.cat","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.cd","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.cf","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.cg","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.ch","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.ci","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.cl","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.cm","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.cn","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.ao","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.bw","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.ck","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.cr","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.id","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.il","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.in","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.jp","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.ke","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.kr","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.ls","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.ma","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.mz","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.nz","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.th","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.tz","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.ug","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.uk","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.uz","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.ve","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.vi","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.za","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.zm","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.co.zw","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.af","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.ag","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.ar","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.au","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.bd","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.bh","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.bn","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.bo","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.br","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.bz","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.co","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.cu","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.cy","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.do","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.ec","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.eg","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.et","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.fj","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.gh","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.gi","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.gt","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.hk","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.jm","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.kh","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.kw","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.lb","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.ly","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.mm","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.mt","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.mx","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.my","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.na","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.ng","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.ni","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.np","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.om","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.pa","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.pe","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.pg","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.ph","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.pk","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.pr","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.py","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.qa","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.sa","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.sb","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.sg","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.sl","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.sv","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.tj","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.tr","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.tw","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.ua","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.uy","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.vc","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.com.vn","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.cv","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.cz","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.de","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.dj","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.dk","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.dm","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.dz","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.ee","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.es","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.fi","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.fm","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"google.fr","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"go...

2025.06.02.2

⚠️ THIS RELEASE IS ONLY FOR WINDOWS USERS.

The latest version of Phoenix for other platforms (Android, GNU/Linux, and macOS) is still 2025.06.02.1.

---

• Fixed a Windows-specific issue that caused crashes on certain webpages.

  See details: https://codeberg.org/celenity/Phoenix/commit/8597ea3f13f1a3b0cbf228104177c018a6172553

  security.sandbox.content.level -> 8

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)

2025.06.02.1

⚠️ IMPORTANT NOTE FOR MACOS USERS:

This release changes Phoenix's approach on macOS to be far closer to our approach on other platforms, such as Linux - without compromising security. This comes at the cost of improved performance, allows for easier use of Extended/Phoenix's specialized configs, etc.

For Phoenix to continue working properly on your system in the future, you MUST migrate your installation. You can easily upgrade with the following script we created:

/bin/zsh -c "$(curl --cert-status --doh-cert-status --no-insecure --no-proxy-insecure --no-sessionid --no-ssl --no-ssl-allow-beast --no-ssl-auto-client-cert --no-ssl-no-revoke --no-ssl-revoke-best-effort --proto -all,https --proto-default https --proto-redir -all,https --show-error -sSL https://gitlab.com/celenityy/Phoenix/-/raw/pages/installer_scripts/macos_migrate.sh)"

We apologize for any inconvenience, and thank you for your time, patience, and support of the project.

---

• Removed our built-in search "extensions" in favor of Mozilla's "SearchEngines" Policy.

  See details: https://codeberg.org/celenity/Phoenix/issues/100

• Added a Phoenix-specific ("Phoenix filters") list to uBlock Origin, enabled by default. This list includes filters designed specifically to work with Phoenix and derivatives (such as IronFox) - Currently just used to unbreak Smartblock Embed Placeholders on Desktop.

  See details: https://codeberg.org/celenity/Phoenix/commit/ffba31c239aaec49eca59b25083d3c2c6ae8bdfd

• Fixed an issue that prevented **add-ons** from syncing properly with Firefox Sync.

  extensions.getAddons.get.url -> https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
services.sync.addons.trustedSourceHostnames -> addons.mozilla.org

• Enabled Origin-keyed agent clustering by default (Like Chromium).

  See details: https://codeberg.org/celenity/Phoenix/commit/d02e51b2044963cf1e92b3c2eb606e278dfd25e0

  dom.origin_agent_cluster.default -> true

• Prevented automatically granting MV3 extensions optional host permissions by default.

  extensions.originControls.grantByDefault -> false

• Prevented extensions from opening pop-ups to remote websites.

  See details: https://codeberg.org/celenity/Phoenix/commit/b4ed9435b3e540e0faf3c2d633cda4ef923bed59

  extensions.manifestV2.actionsPopupURLRestricted -> true

• Allowed enabling/disabling extensions per-container (if containers are enabled).

  See details: https://codeberg.org/celenity/Phoenix/commit/daed676a27274a8c7cf1dddbb2b3221ce629dfbb

  extensions.userContextIsolation.enabled -> true

• Disabled back/forward cache (bfcache) by default.

  See details: https://codeberg.org/celenity/Phoenix/commit/815451d28cbc378ed0f4bd1202288223ce18e561

  browser.sessionhistory.max_total_viewers -> 0
fission.bfcacheInParent -> false

• Disabled WebMIDI by default.

  See details: https://codeberg.org/celenity/Phoenix/commit/39b3c752a217f4322d755167db78314719aa1325

  dom.sitepermsaddon-provider.enabled -> false

• Explicitly disabled WebDriver BiDi experimental commands and events (notable for Nightly users).

  See details: https://codeberg.org/celenity/Phoenix/commit/dfe42b4f0c1aebbd8ad8fdc46f9ab405578a2d51

  remote.experimental.enabled -> false

• Hardened GPU sandboxing.

  See details: https://codeberg.org/celenity/Phoenix/commit/d7aeb08a0485e29b36bb0b175cc46ac1c99016a0

  security.sandbox.gpu.level -> 2

• WINDOWS: Strengthened content process sandboxing.

  See details: https://codeberg.org/celenity/Phoenix/commit/9c2d38f219fad79760883e16a74f454065d6e958

  security.sandbox.content.level -> 20

• Disabled add-on sideloading.

  See details: https://codeberg.org/celenity/Phoenix/commit/740e9004672049f3b78a6f055103ab0539af8305

  extensions.sideloadScopes -> 0

• Prevented add-ons from direct URL requests and "file://" from installing without permission.

  See details: https://codeberg.org/celenity/Phoenix/commit/d6c8f7afe343f60fe78bb37c21cfd661d6d95d5d

  xpinstall.whitelist.directRequest -> false
xpinstall.whitelist.fileRequest -> false

• Disabled the use of remote Cookie Banner Reduction rules, and instead set the rules locally.

  See details: https://codeberg.org/celenity/Phoenix/commit/802bd62094df3b0cc832f14fbeaa9f82ea1a99a4

• Enabled anti-spoof confirmation prompts.

  network.auth.confirmAuth.enabled -> true

• Disabled CSP reporting by default (Currently works on Nightly).

  See details: https://codeberg.org/celenity/Phoenix/commit/3787ec26bb5494788fad16b5908550a53f70c3e8

  security.csp.reporting.enabled -> false

• Prevented HTTPS-First (if used instead of HTTPS-Only Mode) from automatically exempting domains from HTTPS.

  See details: https://codeberg.org/celenity/Phoenix/commit/bd9fe3039845c86374bf94543383f66d852aa128

  dom.security.https_first_add_exception_on_failure -> false

  DESKTOP:

  dom.security.https_first_add_exception_on_failiure -> false

• Prevented exposing WebGL renderer info, regardless of if FPP/RFP (or the "WebGLRenderInfo" target) is active.

  See details: https://codeberg.org/celenity/Phoenix/commit/3c37613a7b318d56e168f2e36bdf3efa6d448470

  webgl.enable-renderer-query -> false
webgl.override-unmasked-renderer -> Mozilla
webgl.override-unmasked-vendor -> Mozilla

• Disabled file:///net by default.

  See details: https://bugzilla.mozilla.org/show_bug.cgi?id=1412081

  network.file.path_blacklist -> /net

• Set a fixed temporary storage limit to protect against fingerprinting.

  See details: https://codeberg.org/celenity/Phoenix/commit/a294751076e65e47faeb361b99a7e78907235bb2

  dom.quotaManager.temporaryStorage.fixedLimit -> 52428800

• Enabled VP9 regardless of performance benchmarks by default, to protect against fingerprinting.

  See details: https://codeberg.org/celenity/Phoenix/commit/89c70435cc21f92896425f75aa53fdd503490c34

  media.benchmark.vp9.threshold -> 0

• Disabled WebRTC history.

  See details: https://codeberg.org/celenity/Phoenix/commit/d8b105b75d81ebdfb45d6b8165855717620efc33

  media.aboutwebrtc.hist.enabled -> false

• Disabled pre-allocation of content processes, due to fingerprinting concerns.

  See details: https://codeberg.org/celenity/Phoenix/commit/506f9dfd621b577c2227ff1933b889771c43cffb

  dom.ipc.processPrelaunch.enabled -> false
dom.ipc.processPrelaunch.fission.number -> 0

• Set Firefox to always load bundled fonts (if available), regardless of device memory, to protect against fingerprinting.

  See details: https://codeberg.org/celenity/Phoenix/commit/7143f871e011417a3438a7edefe98cc7bd46d08b

  gfx.bundled-fonts.activate -> 1

• ANDROID: Set Firefox to always use the standard "Noto Color Emoji" font, instead of custom ones (such as Samsung's) if available, to protect against fingerprinting.

  See details: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43023

  font.name-list.emoji -> Noto Color Emoji

• DESKTOP: Disabled the ability to switch locales without restarting, due to fingerprinting concerns.

  See details: https://codeberg.org/celenity/Phoenix/commit/5c79df93ed815bc729276e3563a7cad87bcf1417

  intl.multilingual.liveReload -> false
intl.multilingual.liveReloadBidirectional -> false

• Updated the built-in query stripping list with new additions from Brave.

  See details: https://codeberg.org/celenity/Phoenix/commit/ed69003fb8f0a015d3707e953fa8cb29977723e2

  privacy.query_stripping.strip_list -> __hsfp __hssc __hstc __s _bhlid _branch_match_id _branch_referrer _gl _hsenc _kx _openstat at_recipient_id at_recipient_list bbeml bsft_clkid bsft_uid dclid et_rid fb_action_ids fb_comment_id fbclid gbraid gclid guce_referrer guce_referrer_sig hsCtaTracking igshid irclickid mc_eid mkt_tok ml_subscriber ml_subscriber_hash msclkid mtm_cid oft_c oft_ck oft_d oft_id oft_ids oft_k oft_lk oft_sk oly_anon_id oly_enc_id pk_cid rb_clickid s_cid sc_customer sc_eh sc_uid srsltid ss_email_id twclid unicorn_click_id vero_conv vero_id vgo_ee wbraid wickedid yclid ymclid ysclid

• Fixed an issue with redirects from "urldefense.com" caused by our query parameter stripping.

  See details: https://codeberg.org/celenity/Phoenix/commit/5364984abb5a333900fe4da228220cb34ff906b8

  privacy.query_stripping.allow_list -> `urldefense....

2025.05.11.1

---

• Prevented third parties from setting cookies unless the third party already has cookies as a first party (Like Safari).

  See details: https://codeberg.org/celenity/Phoenix/commit/72b9578d04c5c16df27b4e51849ddd44781ab0d8

  privacy.dynamic_firstparty.limitForeign -> true

• Limited maximum cookie lifetime to 6 months/180 days (Like Brave).

  See details: brave/brave-browser#3443 + fmarier/brave-core@4d222df

  network.cookie.maxageCap -> 15552000

• Enabled tracking protection against CMPs (Cookie/consent managers) by default, in all browsing windows.

  privacy.trackingprotection.consentmanager.annotate_channels -> true
privacy.trackingprotection.consentmanager.skip.enabled -> false
privacy.trackingprotection.consentmanager.skip.pbmode.enabled -> false

• Enabled an additional plug-in blocklist (mozplugin-block-digest256) from Mozilla (Like Nightly).

  urlclassifier.blockedTable -> moztest-block-simple,mozplugin-block-digest256

• Disabled network connectivity status monitoring.

  See details: https://bugzilla.mozilla.org/show_bug.cgi?id=620472

  network.manage-offline-status -> false
network.offline-mirrors-connectivity -> false

  DESKTOP (Red Hat/Fedora-specific):

  offline.autoDetect -> false
toolkit.networkmanager.disable -> true

• Instead of blocking all mixed display content unconditionally, we now only block mixed display content if it can't be upgraded to HTTPS.

  See details: mozilla/policy-templates#1141

  security.mixed_content.block_display_content -> false

• Disabled the automatic import of OS client authentication certificates by default.

  See details: https://codeberg.org/celenity/Phoenix/commit/62285ea38b6bdab2d06e0376848169c2a2e06a24

  security.osclientcerts.autoload -> false

• Disabled the Wi-Fi Tickler to prevent proxy bypasses.

  See details: https://codeberg.org/celenity/Phoenix/commit/458bb0cb0ff7a9cf5beaba476b888bfb7ec48eb0

  network.tickle-wifi.enabled -> false

• Set proxy extensions (if installed) to start as soon as possible, instead of waiting for the first browser window to open.

  extensions.webextensions.early_background_wakeup_on_request -> true

• Prevented HTTP/3 from being disabled if enterprise policies are configured.

  network.http.http3.disable_when_third_party_roots_found -> false

• ANDROID: Disabled TLS session identifiers.

  See details: https://codeberg.org/celenity/Phoenix/commit/38ec7461f1e437f502ba7f82d2d836b0386e03dd

  security.ssl.disable_session_identifiers -> true

• Limited/restricted CSP reporting as much as possible (We still block these requests by default with uBlock Origin).

  security.csp.reporting.limit.count -> 1
security.csp.reporting.limit.timespan -> 999999999
security.csp.reporting.script-sample.max-length -> 0
security.csp.truncate_blocked_uri_for_frame_navigations -> true

• DESKTOP: Set the browser to check for updates hourly (instead of the default of 6 hours in foreground and 7 hours in background).

  app.update.background.interval -> 3600
app.update.interval -> 3600

• DESKTOP: Set the browser to immediately prompt users when an update is ready, and ensured the binary is always old enough to check for updates.

  app.update.checkInstallTime.days -> 0
app.update.promptWaitTime -> 0

• Disabled the Battery API.

  See details: https://codeberg.org/celenity/Phoenix/commit/b4e578ed809ca5d63b20ff22bda78cb76f5d4d07

  dom.battery.enabled -> false

• Disabled the Clipboard API.

  See details: https://codeberg.org/celenity/Phoenix/commit/e16d6048a13b685c35d51371fd067a6e5fde5714

  dom.events.asyncClipboard.clipboardItem -> false
dom.events.asyncClipboard.readText -> false
dom.events.testing.asyncClipboard -> false

• Disabled online speech recognition.

  See details: https://codeberg.org/celenity/Phoenix/commit/aea7d4ba2d80f0bc0154ee0da3b07aca476aecae

  media.webspeech.service.endpoint -> data;

• Disabled scanning add-on scopes on launch.

  See details: https://codeberg.org/celenity/Phoenix/commit/4660fcd9ac90bde34dc230ca58f3fe3f76d9267e

  extensions.startupScanScopes -> 0

• Disabled Gecko Media Plugins (GMP).

  See details: https://codeberg.org/celenity/Phoenix/commit/cc6fb2c13054c1ff6cb2fe1469591b0272e84c78

  media.gmp-provider.enabled -> false

• ANDROID: Disabled HLS.

  See details: https://codeberg.org/celenity/Phoenix/commit/0abcbeac89d9eaa4b2d6c0b8a573f6815ebb72b6

  media.hls.enabled -> false

• DESKTOP: Enabled Arbitrary Code Guard (ACG) (for Windows users).

  See details: https://medium.com/@boutnaru/the-windows-security-journey-acg-arbitrary-code-guard-74b08a8bd1e5

  security.sandbox.gmp.acg.enabled -> true
security.sandbox.rdd.acg.enabled -> true
security.sandbox.utility-wmf.acg.enabled -> true

• DESKTOP: Enabled Code Integrity Guard (CIG) for pre-spawn (for Windows users).

  See details: mozilla/policy-templates#1141

  security.sandbox.cig.prespawn.enabled -> true

• DESKTOP: Enabled Shadow Stacks (for Windows users).

  See details: https://wikipedia.org/wiki/Shadow_stack

  security.sandbox.content.shadow-stack.enabled -> true
security.sandbox.gmp.shadow-stack.enabled -> true
security.sandbox.gpu.shadow-stack.enabled -> true
security.sandbox.rdd.shadow-stack.enabled -> true
security.sandbox.socket.shadow-stack.enabled -> true

• DESKTOP: Set the browser to always warn on unprivileged namespaces (for Linux users).

  security.sandbox.warn_unprivileged_namespaces -> true

• ANDROID: Disabled sending console output to logcat by default.

  See details: https://codeberg.org/celenity/Phoenix/commit/dcadf87f3daacdd554f2de358be77cd568c67646

  consoleservice.logcat -> false
geckoview.console.enabled -> false

• Disabled various new telemetry pings.

  browser.engagement.ctrlTab.has-used -> true
telemetry.glean.internal.finalInactive -> false
telemetry.glean.internal.maxPingsPerMinute -> 0

  DESKTOP:

  browser.engagement.downloads-button.has-used -> true
browser.engagement.fxa-toolbar-menu-button.has-used -> true
browser.engagement.home-button.has-used -> true
browser.engagement.library-button.has-used -> true
browser.engagement.search_counts.pbm -> false
browser.engagement.sidebar-button.has-used -> true
browser.engagement.total_uri_count.pbm -> false
browser.newtabpage.activity-stream.telemetry.privatePing.enabled -> false
browser.newtabpage.activity-stream.telemetry.surfaceId ->
  browser.newtabpage.ping.enabled -> false

• Disabled the automatic upload of profiler data (from 'about:logging') to Mozilla by default.

  toolkit.aboutLogging.uploadProfileToCloud -> false

• Removed Mozilla's new OHTTP telemetry endpoints.

  DESKTOP:

  browser.newtabpage.activity-stream.discoverystream.ohttp.configURL ->
  browser.newtabpage.activity-stream.discoverystream.ohttp.relayURL ->

  ANDROID:

  network.ohttp.configURL ->
  network.ohttp.relayURL ->

• Added placeholder IDs to certain (primarily telemetry-related) preferences, to reduce breakage and protect against potential fingerprinting.

  asanreporter.clientid -> unknown
datareporting.dau.cachedUsageProfileGroupID -> b0bacafe-b0ba-cafe-b0ba-cafeb0bacafe

  DESKTOP:

  browser.contentblocking.cfr-milestone.milestone-shown-time -> 999999999
browser.contextual-services.contextId -> {foo-123-foo}
browser.startup.homepage_override.buildID -> 20181001000000

• Cleaned up and removed more tracking parameters and unnecessary information (ex. locale) from various Mozilla links/URLs.

  app.support.baseURL -> https://support.mozilla.org/kb/
extensions.abuseReport.amoFormURL -> https://addons.mozilla.org/feedback/addon/%addonID%/
extensions.blocklist.addonItemURL -> https://addons.mozilla.org/blocked-addon/%addonID%/%addonVersion%/
extensions.getAddons.get.url -> https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%
  `extensions.update.background.url...