Friday, November 2, 2018

TenFourFox FPR11b1 available

TenFourFox Feature Parity 11 beta 1 is now available (downloads, hashes, release notes). As mentioned, FPR11 and FPR12 will be smaller in scope due to less low-hanging fruit to work on and other competing projects such as the POWER9 JIT, but there are still new features and improvements.

The most notable one is my second attempt to get unique origin for data: URIs to stick (issue 525). This ran aground in FPR10 and had to be turned off because of compatibility issues with the Firefox 45 version of uBlock Origin, which would be too major an add-on for me to ignore breaking. FPR11 now has a shim in it to allow the old behaviour for data URL access initiated by the internal system principal (including add-ons) but use the new behaviour for web content, and seems to properly reject the same test cases while allowing uBlock to run normally. As before, we really need this in the browser to defend against XSS attacks, so please test thoroughly. Once again, if you experience unusual behaviour in this version, please flip security.data_uri.unique_opaque_origin to false and restart the browser. If the behaviour changes, then this was the cause and you should report it in the comments.

FPR11 also has a more comprehensive fix for sites that use Cloudflare Rocket Loader, a minor speedup to the JavaScript JIT, and new support for two JavaScript features (Symbol.hasInstance and Object.getOwnPropertyDescriptors). In addition, for a small additional speed boost, CSS error reporting is now disabled by default except for debug builds (JavaScript error reporting is of course maintained). If you want this back on, set layout.css.report_errors to true.

After a lot of test cases and poring through bug reports, I think that the issue with Citibank is issue 533. Sites that use that combination of front-end deployment tools will not work in Firefox 50 or lower, which worryingly may affect quite a few, and it seems to be due to the large front-end refactor that landed in Firefox 51. The symptom is usually an error that looks like "this is undefined" in the JavaScript console. Like the other two looming JavaScript issues we are starting to face, this requires a large amount of work and is likely to have substantial regressions if I can get it finished (let alone get it building) at all. I'm looking through the changes to see if any obviously affect the scope of this to see if the actual error that is reported can be worked around, but it may just be masking some bigger problem which requires much more surgery and, if so, would not be feasible to fix unfortunately either.


  1. Cameron, thanks for looking further into the Citibank issue, which impacts me. Would be cool if it could be fixed, but it's certainly not worth killing yourself over it.

    1. Unfortunately I am also a Citibank customer, and I can't seem to find any workaround for it.

  2. Have noticed that the FoxBoxes have been slowing down of late and it turns out that the "Data Reporting" notations can get seriously out of hand! The prefs.js for my Google FoxBox had over 2000 notations on it. After I edited them down, it seemed to load much faster. Also, for youtube, were possible, disabling VP9 is a good idea (at least on G4s). So have augmented my FoxBox Starting Prefs to make the most of this new info. Keep in mind this would go in ~/Application Support/"FOXBOX NAME"/Profiles/********.default/ (once you have started the FoxBox once to make the folder).

    Has Tangibly Speeded them up.

    Can be downloaded from here:


Due to an increased frequency of spam, comments are now subject to moderation.