celenity/Phoenix 2025.12.23.1

on Codeberg

Changes

• Blocked permission prompts to access MIDI devices by default.
• Disabled the WebExtensions AI API (Details).
• Disabled the Windows UI Automation API.
• Enabled hardware acceleration for PDF.js by default to improve performance.
• Enabled optimized partial rendering for PDF.js by default to improve performance (Details).
• Forced WebGL to be loaded out of process to improve security.
• Re-enabled Trusted Types by default.
  • We used to enable this by default a while back, but we stopped due to bugs found with the implementation. Thankfully, this feature has now matured a lot, and the previously encountered bugs no longer appear to be a problem.
• Other minor tweaks, adjustments, and fixes.

Android-only

• Disabled the Firefox "AI" (Local machine learning) Runtime by default.
  • We keep this enabled on desktop for the time-being, as it's required for certain legitimate functionality there (PDF.js alt text image generation), and we still don't enable/install any AI models/functionality on desktop by default. But, this legitimate functionality isn't currently implemented/relevant to Android, so there's no reason not to disable it entirely here.
• Fixed an issue with BankID authentication for certain websites.
• Fixed an issue with Obtainium app installation.

Desktop-only

• Disabled import of Mozilla's default bookmarks via prefs (in addition to how we currently handle it with policies).
• Disabled the prompt/nag for users to enable the AI Link Preview (key points) feature.
• Hid the UI toggle to enable the AI Link Preview (key points) feature at about:preferences#general.
• Reduced the amount of items stored in the browser console's input history by default.
• Prevented browser console queries/searches and recent selections from persisting across browser restarts.
• Updated the Merino OHTTP endpoints.

Specialized Configs

• Disabled clipboard events by default (but re-enabled for certain configs to avoid breakage, like Discord).
• Disabled history swipe animations.
• Disabled screensharing by default (but re-enabled in certain configs to avoid breakage, like Discord and Element).
• Disabled tab warming.
• Disabled update of zoom level for background tabs.
• Enabled audio focus mangement by default, as it prevents multiple tabs from playing audio at the same time.
• Enabled Local Network Access Restrictions for top-level domains.
• Enabled suspension of inactive/background tabs.
• Increased session history to restore functionality of the back/forward buttons.
• Instead of relaxing site permissions globally for specialized configs, we now include custom default permissions files to relax permissions only for the config's corresponding site(s).
  • (Ex. for the Apple Maps config, instead of re-enabling geolocation prompts globally, we only allow maps.apple.com to prompt to use geolocation).
• Prevented the browser from attempting to resume background video playback upon tab hover.
• Re-enabled containers by default, as disabling them (and even re-enabling them after) appears to have caused strange data loss issues in the Discord specialized config, and, in general, it just wasn't necessary to disable them.
• Re-enabled the download panel (Though it's still hidden until a file is actually downloaded).
• Set cookies and site data to clear on exit by default (except for the Element config).
  • Using the new custom default permissions files detailed above, we still set prevent clearing data for the specialized configs' corresponding site(s) by default.

Discord:

• Re-enabled origin headers for same-origin requests to fix an issue with file uploads.

Photopea:

• Re-enabled tooltips by default.

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

:)