All Platforms

• Updated Firefox to 128.4.0esr
• Updated NoScript to 11.5.2
• Updated Mullvad Browser Extension to 0.9.3
• Bug 328: Provide search engine icons [mullvad-browser]
• Bug 329: Remove the Security Levels icon from the toolbar [mullvad-browser]
• Bug 344: set media.navigator.enabled = true [mullvad-browser]
• Bug 349: Tidy up mullvad Fluent files [mullvad-browser]
• Bug 30543: compat: make spoofed orientation reflect spoofed screen dimensions [1607032 + 1918202] [tor-browser]
• Bug 30862: 10ms time precision via EXSLT date-time function [tor-browser]
• Bug 32668: NoScript default whitelist re-appears on clicking NoScript Options / Reset [tor-browser]
• Bug 40147: Re-enable Picture-in-Picture mode [tor-browser]
• Bug 41309: Re-enable screenshots component [tor-browser]
• Bug 41817: Add more color aliases that take dark mode into account [tor-browser]
• Bug 42070: Backport Bugzilla 1834307 and hide smooth-scroll UX [tor-browser]
• Bug 42255: pdfjs.disabled used to be part of RFP until Bug 1838415; lock pref to false in stable [tor-browser]
• Bug 42356: Review 000-tor-browser.js and 001-base-profile.js for 128 [tor-browser]
• Bug 42362: "New window" missing from File menu [tor-browser]
• Bug 42596: Several console errors: Console.maxLogLevelPref used with a non-existing pref: [tor-browser]
• Bug 42601: Check Bug 1894779: Allow font-face urls to be resource:// urls and relax CORS for resource:// URLs [tor-browser]
• Bug 42603: Remove safebrowsing URLs [tor-browser]
• Bug 42611: Set clipboard.imageAsFile.enabled to false [tor-browser]
• Bug 42617: Restore the HTML form on DDG when using safest in 128 [tor-browser]
• Bug 42630: Review LaterRun in 128 [tor-browser]
• Bug 42640: Disable Firefox Flame button due to unknown interactions with New Identity [tor-browser]
• Bug 42641: Move from panel-footer class to moz-button-group [tor-browser]
• Bug 42644: toolbar rules in panelUI-shared.css are unneccessary [tor-browser]
• Bug 42646: Remove migrations for security.certerrors.mitm.auto_enable_enterprise_roots [tor-browser]
• Bug 42647: "Switching to a new device" regressed on 128 [tor-browser]
• Bug 42653: The Neterror page has a checkbox to report iframe origin errors to TPO [tor-browser]
• Bug 42665: Drop "Learn More" spacing [tor-browser]
• Bug 42667: Add description-deemphasized class to our additions to about:preferences [tor-browser]
• Bug 42679: Use a more robust approach to hide the "tracking protection" urlbar button [tor-browser]
• Bug 42683: Create script to generate issue triage csv's from bugzilla query and git scraping [tor-browser]
• Bug 42684: Disable network prefetch [tor-browser]
• Bug 42685: compat: ESR128: enable textmetrics [tor-browser]
• Bug 42687: Disable Privacy-Preserving Attribution [tor-browser]
• Bug 42699: Drop level="top" attribute from panels [tor-browser]
• Bug 42704: Drop the badged="true" attribute from security level button [tor-browser]
• Bug 42705: Update our preferences to account for new line height [tor-browser]
• Bug 42718: Remove the firefox-view button from UI, even when always-on private-browsing mode is disabled [tor-browser]
• Bug 42730: Make RemoteSettings use only local dumps [tor-browser]
• Bug 42735: Disable recent search suggestions [tor-browser]
• Bug 42740: Stop trying to hide "Restore previous session" [tor-browser]
• Bug 42742: Inconsistent use of "New private window" vs "New window" [tor-browser]
• Bug 42745: Remove some residuals from update scripts [tor-browser]
• Bug 42764: Unconditionally disable find-bar transition animation [tor-browser]
• Bug 42777: Remove 'Website Privacy Preferences' and ensure sensible default prefs [tor-browser]
• Bug 42814: Opt out from Firefox relay by default. [tor-browser]
• Bug 42831: Remove the shopping components [tor-browser]
• Bug 42867: Disable contentRelevancy component [tor-browser]
• Bug 42872: Disable translations until audited and solved the UX problems [tor-browser]
• Bug 43054: check bounceTrackingProtection in PB mode does not persist to disk [tor-browser]
• Bug 43072: moz-message-bar does not get announced on Orca screen-reader [tor-browser]
• Bug 43083: Backport fix for Mozilla 1436462 [tor-browser]
• Bug 43103: Verify whether an update is unsupported before choosing one [tor-browser]
• Bug 43109: Remove mention of Firefox Relay from settings [tor-browser]
• Bug 43117: Hide 'Always underline links' option [tor-browser]
• Bug 43134: Backport Bugzilla 1436226 Hardcode VP8/VP9 [tor-browser]
• Bug 43144: Ensure non-privacy browsing also sets the GPC header [tor-browser]
• Bug 43163: Disable offscreen canvas until verified it is not fingerprintable [tor-browser]
• Bug 43164: Prevent search-bar from being auto-hidden when not used for awhile [tor-browser]
• Bug 43178: Audit fingerprinting overrides (MozBug 1834274) [tor-browser]
• Bug 43184: Backport Bugzilla 1922294: RFP: fixup square spoofed orientation [tor-browser]
• Bug 43197: Disable automatic exception for HTTPS-First [tor-browser]
• Bug 43209: UI freezes when clipboard is empty after screen lock [tor-browser]
• Bug 43217: Fullscreen videos have rounded letterboxing corners [tor-browser]
• Bug 43257: NoScript-blocked content placeholders causing slow downs [tor-browser]
• Bug 43258: NoScript Lifecycle error on extension updates [tor-browser]
• Bug 41248: Check and update bundled font versions [tor-browser-build]

Windows + macOS

• Bug 43021: Revert the OS deprecation notification introduced in #42347 [tor-browser]

Windows

• Bug 43051: windows: remove UI for "open Tor Browser automatically when computer starts" [tor-browser]

macOS

• Bug 42494: mac: add Arial Black and Arial Narrow to allowlist [tor-browser]

Linux

• Bug 42773: Replace ~ with the original HOME [tor-browser]
• Bug 43092: Disable Wayland by default in 14.0 [tor-browser]
• Bug 43101: Security features warning links to Firefox installation support page with incomplete info [tor-browser]
• Bug 43141: Hardcode Arimo as a system-ui font [tor-browser]
• Bug 43196: Remove the vendor name from the "is playing media" notification on Linux [tor-browser]
• Bug 41237: Add some aliases to our Linux font config for compatibility [tor-browser-build]

Build System

All Platforms

• Bug 43157: Move tb-dev to base-browser [tor-browser]
• Bug 41096: Set SOURCE_DATE_EPOCH in the default env variables [tor-browser-build]
• Bug 41155: Update toolchains for ESR128 [tor-browser-build]
• Bug 41156: Split the Rust configuration options [tor-browser-build]
• Bug 41176: Update list of people with github commit access in MB issue templates [tor-browser-build]
• Bug 41188: Upgrade binutils to 2.41 [tor-browser-build]
• Bug 41236: Remove binutils when not needed [tor-browser-build]
• Bug 41256: tools/signing/upload-update_responses-to-staticiforme should regenerate update-responses when it already exists [tor-browser-build]
• Bug 41259: Skip versions which don't set incremental_from when generating incrementals [tor-browser-build]
• Bug 41260: Don't set legacy version for Mullvad Browser [tor-browser-build]
• Bug 41274: Improve fetch_changelogs.py for major releases [tor-browser-build]
• Bug 41279: Add @PieroV and @ma1 as new signers [tor-browser-build]
• Bug 41289: Fix single-browser in relprep.py [tor-browser-build]

Windows + macOS

• Bug 41197: Modify update-responses to prevent upgrades on unsupported Windows and macOS versions [tor-browser-build]

Windows

• Bug 29318: Drop mingw-w64/gcc toolchain [tor-browser-build]
• Bug 29320: Use mingw-w64/clang toolchain to build Rust [tor-browser-build]
• Bug 41296: Implement missing Windows headers required for building cross-compiling WebRTC with mingw [tor-browser-build]

Linux

• Bug 41013: Add a README to each project [tor-browser-build]
• Bug 41222: link_old_mar_filenames still referenced in torbrowser-incrementals-{release,alpha}-unsigned [tor-browser-build]
• Bug 41243: Add own apparmor profile to deb package [tor-browser-build]
• Bug 41282: Add SSL to our custom Python for MozBug 1924022 [tor-browser-build]