codeberg celenity/Phoenix 2025.05.11.1
on Codeberg

latest releases: 2025.09.07.1, 2025.08.06.1, 2025.07.30.1...
4 months ago
  • Prevented third parties from setting cookies unless the third party already has cookies as a first party (Like Safari).

    See details: https://codeberg.org/celenity/Phoenix/commit/72b9578d04c5c16df27b4e51849ddd44781ab0d8

    privacy.dynamic_firstparty.limitForeign -> true

  • Limited maximum cookie lifetime to 6 months/180 days (Like Brave).

    See details: https://github.com/brave/brave-browser/issues/3443 + https://github.com/fmarier/brave-core/commit/4d222df50a8dfaaabb31e9f2c5070c4db5ba8fd5

    network.cookie.maxageCap -> 15552000

  • Enabled tracking protection against CMPs (Cookie/consent managers) by default, in all browsing windows.

    privacy.trackingprotection.consentmanager.annotate_channels -> true
    privacy.trackingprotection.consentmanager.skip.enabled -> false
    privacy.trackingprotection.consentmanager.skip.pbmode.enabled -> false

  • Enabled an additional plug-in blocklist (mozplugin-block-digest256) from Mozilla (Like Nightly).

    urlclassifier.blockedTable -> moztest-block-simple,mozplugin-block-digest256

  • Disabled network connectivity status monitoring.

    See details: https://bugzilla.mozilla.org/show_bug.cgi?id=620472

    network.manage-offline-status -> false
    network.offline-mirrors-connectivity -> false

    DESKTOP (Red Hat/Fedora-specific):

    offline.autoDetect -> false
    toolkit.networkmanager.disable -> true

  • Instead of blocking all mixed display content unconditionally, we now only block mixed display content if it can't be upgraded to HTTPS.

    See details: https://github.com/mozilla/policy-templates/issues/1141

    security.mixed_content.block_display_content -> false

  • Disabled the automatic import of OS client authentication certificates by default.

    See details: https://codeberg.org/celenity/Phoenix/commit/62285ea38b6bdab2d06e0376848169c2a2e06a24

    security.osclientcerts.autoload -> false

  • Disabled the Wi-Fi Tickler to prevent proxy bypasses.

    See details: https://codeberg.org/celenity/Phoenix/commit/458bb0cb0ff7a9cf5beaba476b888bfb7ec48eb0

    network.tickle-wifi.enabled -> false

  • Set proxy extensions (if installed) to start as soon as possible, instead of waiting for the first browser window to open.

    extensions.webextensions.early_background_wakeup_on_request -> true

  • Prevented HTTP/3 from being disabled if enterprise policies are configured.

    network.http.http3.disable_when_third_party_roots_found -> false

  • ANDROID: Disabled TLS session identifiers.

    See details: https://codeberg.org/celenity/Phoenix/commit/38ec7461f1e437f502ba7f82d2d836b0386e03dd

    security.ssl.disable_session_identifiers -> true

  • Limited/restricted CSP reporting as much as possible (We still block these requests by default with uBlock Origin).

    security.csp.reporting.limit.count -> 1
    security.csp.reporting.limit.timespan -> 999999999
    security.csp.reporting.script-sample.max-length -> 0
    security.csp.truncate_blocked_uri_for_frame_navigations -> true

  • DESKTOP: Set the browser to check for updates hourly (instead of the default of 6 hours in foreground and 7 hours in background).

    app.update.background.interval -> 3600
    app.update.interval -> 3600

  • DESKTOP: Set the browser to immediately prompt users when an update is ready, and ensured the binary is always old enough to check for updates.

    app.update.checkInstallTime.days -> 0
    app.update.promptWaitTime -> 0

  • Disabled the Battery API.

    See details: https://codeberg.org/celenity/Phoenix/commit/b4e578ed809ca5d63b20ff22bda78cb76f5d4d07

    dom.battery.enabled -> false

  • Disabled the Clipboard API.

    See details: https://codeberg.org/celenity/Phoenix/commit/e16d6048a13b685c35d51371fd067a6e5fde5714

    dom.events.asyncClipboard.clipboardItem -> false
    dom.events.asyncClipboard.readText -> false
    dom.events.testing.asyncClipboard -> false

  • Disabled online speech recognition.

    See details: https://codeberg.org/celenity/Phoenix/commit/aea7d4ba2d80f0bc0154ee0da3b07aca476aecae

    media.webspeech.service.endpoint -> data;

  • Disabled scanning add-on scopes on launch.

    See details: https://codeberg.org/celenity/Phoenix/commit/4660fcd9ac90bde34dc230ca58f3fe3f76d9267e

    extensions.startupScanScopes -> 0

  • Disabled Gecko Media Plugins (GMP).

    See details: https://codeberg.org/celenity/Phoenix/commit/cc6fb2c13054c1ff6cb2fe1469591b0272e84c78

    media.gmp-provider.enabled -> false

  • ANDROID: Disabled HLS.

    See details: https://codeberg.org/celenity/Phoenix/commit/0abcbeac89d9eaa4b2d6c0b8a573f6815ebb72b6

    media.hls.enabled -> false

  • DESKTOP: Enabled Arbitrary Code Guard (ACG) (for Windows users).

    See details: https://medium.com/@boutnaru/the-windows-security-journey-acg-arbitrary-code-guard-74b08a8bd1e5

    security.sandbox.gmp.acg.enabled -> true
    security.sandbox.rdd.acg.enabled -> true
    security.sandbox.utility-wmf.acg.enabled -> true

  • DESKTOP: Enabled Code Integrity Guard (CIG) for pre-spawn (for Windows users).

    See details: https://github.com/mozilla/policy-templates/issues/1141

    security.sandbox.cig.prespawn.enabled -> true

  • DESKTOP: Enabled Shadow Stacks (for Windows users).

    See details: https://wikipedia.org/wiki/Shadow_stack

    security.sandbox.content.shadow-stack.enabled -> true
    security.sandbox.gmp.shadow-stack.enabled -> true
    security.sandbox.gpu.shadow-stack.enabled -> true
    security.sandbox.rdd.shadow-stack.enabled -> true
    security.sandbox.socket.shadow-stack.enabled -> true

  • DESKTOP: Set the browser to always warn on unprivileged namespaces (for Linux users).

    security.sandbox.warn_unprivileged_namespaces -> true

  • ANDROID: Disabled sending console output to logcat by default.

    See details: https://codeberg.org/celenity/Phoenix/commit/dcadf87f3daacdd554f2de358be77cd568c67646

    consoleservice.logcat -> false
    geckoview.console.enabled -> false

  • Disabled various new telemetry pings.

    browser.engagement.ctrlTab.has-used -> true
    telemetry.glean.internal.finalInactive -> false
    telemetry.glean.internal.maxPingsPerMinute -> 0

    DESKTOP:

    browser.engagement.downloads-button.has-used -> true
    browser.engagement.fxa-toolbar-menu-button.has-used -> true
    browser.engagement.home-button.has-used -> true
    browser.engagement.library-button.has-used -> true
    browser.engagement.search_counts.pbm -> false
    browser.engagement.sidebar-button.has-used -> true
    browser.engagement.total_uri_count.pbm -> false
    browser.newtabpage.activity-stream.telemetry.privatePing.enabled -> false
    browser.newtabpage.activity-stream.telemetry.surfaceId ->
    browser.newtabpage.ping.enabled -> false

  • Disabled the automatic upload of profiler data (from 'about:logging') to Mozilla by default.

    toolkit.aboutLogging.uploadProfileToCloud -> false

  • Removed Mozilla's new OHTTP telemetry endpoints.

    DESKTOP:

    browser.newtabpage.activity-stream.discoverystream.ohttp.configURL ->
    browser.newtabpage.activity-stream.discoverystream.ohttp.relayURL ->

    ANDROID:

    network.ohttp.configURL ->
    network.ohttp.relayURL ->

  • Added placeholder IDs to certain (primarily telemetry-related) preferences, to reduce breakage and protect against potential fingerprinting.

    asanreporter.clientid -> unknown
    datareporting.dau.cachedUsageProfileGroupID -> b0bacafe-b0ba-cafe-b0ba-cafeb0bacafe

    DESKTOP:

    browser.contentblocking.cfr-milestone.milestone-shown-time -> 999999999
    browser.contextual-services.contextId -> {foo-123-foo}
    browser.startup.homepage_override.buildID -> 20181001000000

  • Cleaned up and removed more tracking parameters and unnecessary information (ex. locale) from various Mozilla links/URLs.

    app.support.baseURL -> https://support.mozilla.org/kb/
    extensions.abuseReport.amoFormURL -> https://addons.mozilla.org/feedback/addon/%addonID%/
    extensions.blocklist.addonItemURL -> https://addons.mozilla.org/blocked-addon/%addonID%/%addonVersion%/
    extensions.getAddons.get.url -> https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%
    extensions.update.background.url -> https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&updateType=%UPDATE_TYPE%
    extensions.update.url -> https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&updateType=%UPDATE_TYPE%
    pdfjs.altTextLearnMoreUrl -> https://support.mozilla.org/kb/pdf-alt-text
    signon.firefoxRelay.learn_more_url -> https://support.mozilla.org/kb/relay-integration#w_frequently-asked-questions
    signon.firefoxRelay.privacy_policy_url -> https://www.mozilla.org/privacy/subscription-services/
    signon.firefoxRelay.terms_of_service_url -> https://www.mozilla.org/privacy/subscription-services/

    ANDROID:

    extensions.getAddons.search.browseURL -> https://addons.mozilla.org/android/search?q=%TERMS%

    DESKTOP:

    app.releaseNotesURL -> https://www.mozilla.org/firefox/%VERSION%/releasenotes
    app.releaseNotesURL.aboutDialog" -> https://www.mozilla.org/firefox/%VERSION%/releasenotes
    app.releaseNotesURL.prompt -> https://www.mozilla.org/firefox/%VERSION%/releasenotes
    app.update.url.details -> https://www.mozilla.org/firefox/notes
    app.update.url.manual -> https://www.mozilla.org/firefox/new
    browser.contentblocking.report.cookie.url -> https://support.mozilla.org/kb/trackers-and-scripts-firefox-blocks-enhanced-track#w_cross-site-tracking-cookies
    browser.contentblocking.report.cryptominer.url -> https://support.mozilla.org/kb/trackers-and-scripts-firefox-blocks-enhanced-track#w_cryptominers
    browser.contentblocking.report.fingerprinter.url -> https://support.mozilla.org/kb/trackers-and-scripts-firefox-blocks-enhanced-track#w_fingerprinters
    browser.contentblocking.report.lockwise.how_it_works.url -> https://support.mozilla.org/kb/password-manager-remember-delete-edit-logins
    browser.contentblocking.report.social.url -> https://support.mozilla.org/kb/trackers-and-scripts-firefox-blocks-enhanced-track#w_social-media-trackers
    browser.contentblocking.report.tracker.url -> https://support.mozilla.org/kb/trackers-and-scripts-firefox-blocks-enhanced-track#w_tracking-content
    browser.dictionaries.download.url -> https://addons.mozilla.org/language-tools/
    browser.search.searchEnginesURL -> https://addons.mozilla.org/firefox/search-engines/
    browser.xr.warning.infoURL -> https://support.mozilla.org/kb/webxr-permission-info-page
    extensions.getAddons.link.url -> https://addons.mozilla.org/
    extensions.getAddons.search.browseURL -> https://addons.mozilla.org/search?q=%TERMS%
    lightweightThemes.getMoreURL -> https://addons.mozilla.org/themes/

  • DESKTOP: Removed Mozilla's feedback URL & the about:home support article (which definitely isn't relevant to us...).

    app.feedback.baseURL ->
    browser.newtabpage.activity-stream.support.url ->

  • Removed unnecessary partner attribution identifiers, to protect against fingerprinting.

    app.distributor ->
    app.distributor.channel ->
    mozilla.partner.id ->

    DESKTOP:

    browser.search.param.search_rich_suggestions ->

  • DESKTOP: Disabled Mozilla's new Ad Routing Service (MARS) OHTTP provider & ad reporting.

    browser.newtabpage.activity-stream.discoverystream.reportAds.enabled -> false
    browser.newtabpage.activity-stream.unifiedAds.ohttp.enabled -> false

  • DESKTOP: Disabled Mozilla's new Firefox Suggest (Merino) OHTTP provider.

    browser.newtabpage.activity-stream.discoverystream.merino-provider.ohttp.enabled -> false

  • DESKTOP: Disabled ('inferred') 'personalization' on about:home

    browser.newtabpage.activity-stream.discoverystream.sections.personalization.enabled -> false
    browser.newtabpage.activity-stream.discoverystream.sections.personalization.inferred.enabled -> false
    browser.newtabpage.activity-stream.discoverystream.sections.personalization.inferred.user.enabled -> false

  • DESKTOP: Disabled new about:home mobile promotions.

    DESKTOP:

    browser.newtabpage.activity-stream.mobileDownloadModal.enabled -> false
    browser.newtabpage.activity-stream.mobileDownloadModal.variant-a -> false
    browser.newtabpage.activity-stream.mobileDownloadModal.variant-b -> false
    browser.newtabpage.activity-stream.mobileDownloadModal.variant-c -> `false``

  • DESKTOP: Disabled the new about:home Fakespot promotion card.

    browser.shopping.experience2023.newPositionCard.hasSeen -> true

  • DESKTOP: Disabled the 'Revised Pocket Story Card UI' on about:home

    See details: https://searchfox.org/mozilla-central/source/toolkit/components/nimbus/FeatureManifest.yaml

    browser.newtabpage.activity-stream.discoverystream.sections.cards.enabled -> false

  • Enabled various performance optimizations.

    See details: https://codeberg.org/celenity/Phoenix/commit/6a7263d95b16d77c961e886248cc4f15f3ac8c8c + https://codeberg.org/celenity/Phoenix/commit/f4295b0baa3905b6527741a91e1a26808303ca9f

    network.fetchpriority.enabled -> true
    javascript.options.mem.gc_parallel_marking -> true
    javascript.options.wasm_branch_hinting -> true
    javascript.options.wasm_relaxed_simd -> true
    javascript.options.wasm_simd_avx -> true

  • DESKTOP: Enabled advanced performance settings at about:preferences#general by default.

    browser.preferences.defaultPerformanceSettings.enabled -> false

  • Lowered the network priority of known trackers (if not blocked...).

    privacy.trackingprotection.lower_network_priority -> true

  • Disabled the ability for websites to prevent disabling Picture-in-Picture.

    media.videocontrols.picture-in-picture.respect-disablePictureInPicture -> false

  • DESKTOP: Enabled the ability to download and switch locales (as well as the ability to switch without restarting...

    intl.multilingual.downloadEnabled -> true
    intl.multilingual.enabled -> true
    intl.multilingual.liveReload -> true
    intl.multilingual.liveReloadBidirectional -> true

  • Ensured that uBlock Origin (if enabled) can always run on restricted/quarantined domains by default.

    extensions.quarantineIgnoredByUser.uBlock0@raymondhill.net -> true

  • Disabled Mozilla's remote fingerprinting protection overrides by default (for now) to re-enable canvas randomization for Google domains

    See details: https://codeberg.org/celenity/Phoenix/commit/776c3921efbe355ce9ba4549c06a312ecb5447f6

    privacy.fingerprintingProtection.remoteOverrides.enabled -> false

  • Disabled Mozilla's 'Remote Permissions' by default.

    See details: https://codeberg.org/celenity/Phoenix/commit/f203b52b1ae49cd3cf5dbfaa21df541e642c50a4

    permissions.manager.remote.enabled -> false

  • DESKTOP: Temporarily switched the Web Compatibility Reporter URL from Mozilla's to our issue tracker, as it's currently impossible to fully disable it due to an upstream bug...

    See details: https://bugzilla.mozilla.org/show_bug.cgi?id=1963764

    ui.new-webcompat-reporter.new-report-endpoint -> https://phoenix.celenity.dev/issues

  • DESKTOP: Stopped locking the value of 'security.cert_pinning.enforcement_level', to ensure users can still access the pinned domains if ex. certs are changed/become outdated.

  • Various other changes...

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

:)

Check out latest releases or
releases around celenity/Phoenix 2025.05.11.1

Don't miss a new Phoenix release

NewReleases is sending notifications on new releases.

Get notifications