Merging upstream version 125.0.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

10 files changed, 502 insertions, 47 deletions

diff --git a/browser/app/macbuild/Contents/Info.plist.in b/browser/app/macbuild/Contents/Info.plist.in
index bf7aac37a7..48fc32199b 100644
--- a/browser/app/macbuild/Contents/Info.plist.in
+++ b/browser/app/macbuild/Contents/Info.plist.in
@@ -237,7 +237,7 @@
 			<string>Firefox Protocol</string>
 			<key>CFBundleURLSchemes</key>
 			<array>
-				<string>firefox</string>
+				<string>firefox-bridge</string>
 			</array>
 		</dict>
 		<dict>
@@ -245,7 +245,7 @@
 			<string>Firefox Private Browsing Protocol</string>
 			<key>CFBundleURLSchemes</key>
 			<array>
-				<string>firefox-private</string>
+				<string>firefox-private-bridge</string>
 			</array>
 		</dict>
 	</array>
diff --git a/browser/app/macbuild/Contents/MacOS-files.in b/browser/app/macbuild/Contents/MacOS-files.in
index e3ed3b7b94..8c43996f34 100644
--- a/browser/app/macbuild/Contents/MacOS-files.in
+++ b/browser/app/macbuild/Contents/MacOS-files.in
@@ -16,6 +16,7 @@
 #if defined(MOZ_CRASHREPORTER)
 /minidump-analyzer
 #endif
+/nmhproxy
 /pingsender
 /pk12util
 /ssltunnel
diff --git a/browser/app/moz.build b/browser/app/moz.build
index a933a3cb9b..c731e9798a 100644
--- a/browser/app/moz.build
+++ b/browser/app/moz.build
@@ -135,6 +135,9 @@ if CONFIG["MOZ_SANDBOX"] and CONFIG["OS_ARCH"] == "WINNT":
         "usp10.dll",
     ]
 
+if CONFIG["TARGET_OS"] in ("WINNT", "OSX"):
+    DIRS += ["nmhproxy"]
+
 # Control the default heap size.
 # This is the heap returned by GetProcessHeap().
 # As we use the CRT heap, the default size is too large and wastes VM.
diff --git a/browser/app/nmhproxy/Cargo.toml b/browser/app/nmhproxy/Cargo.toml
new file mode 100644
index 0000000000..14746d51b6
--- /dev/null
+++ b/browser/app/nmhproxy/Cargo.toml
@@ -0,0 +1,17 @@
+[package]
+name = "nmhproxy"
+version = "0.1.0"
+edition = "2021"
+license = "MPL-2.0"
+description = "A lightweight native messaging listener executable for the Firefox Bridge extension which launches Firefox in regular or private modes, avoiding the need to convert Firefox itself into a listener."
+
+[[bin]]
+name = "nmhproxy"
+path = "src/main.rs"
+
+[dependencies]
+mozbuild = "0.1"
+mozilla-central-workspace-hack = { version = "0.1", features = ["nmhproxy"], optional = true }
+serde = { version = "1", features = ["derive", "rc"] }
+serde_json = "1.0"
+url = "2.4"
diff --git a/browser/app/nmhproxy/moz.build b/browser/app/nmhproxy/moz.build
new file mode 100644
index 0000000000..1f12e2880d
--- /dev/null
+++ b/browser/app/nmhproxy/moz.build
@@ -0,0 +1,15 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+RUST_PROGRAMS += [
+    "nmhproxy",
+]
+
+# Ideally, the build system would set @rpath to be @executable_path as
+# a default for this executable so that this addition to LDFLAGS would not be
+# needed here. Bug 1772575 is filed to implement that.
+if CONFIG["OS_ARCH"] == "Darwin":
+    LDFLAGS += ["-Wl,-rpath,@executable_path"]
diff --git a/browser/app/nmhproxy/src/commands.rs b/browser/app/nmhproxy/src/commands.rs
new file mode 100644
index 0000000000..29c86a0dd7
--- /dev/null
+++ b/browser/app/nmhproxy/src/commands.rs
@@ -0,0 +1,350 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+* License, v. 2.0. If a copy of the MPL was not distributed with this
+* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+use serde::{Deserialize, Serialize};
+use std::io::{self, Read, Write};
+use std::process::Command;
+use url::Url;
+
+#[cfg(target_os = "windows")]
+const OS_NAME: &str = "windows";
+
+#[cfg(target_os = "macos")]
+const OS_NAME: &str = "macos";
+
+#[derive(Serialize, Deserialize)]
+#[serde(tag = "command", content = "data")]
+// {
+//     "command": "LaunchFirefox",
+//     "data": {"url": "https://example.com"},
+// }
+pub enum FirefoxCommand {
+    LaunchFirefox { url: String },
+    LaunchFirefoxPrivate { url: String },
+    GetVersion {},
+}
+#[derive(Serialize, Deserialize)]
+// {
+//     "message": "Successful launch",
+//     "result_code": 1,
+// }
+pub struct Response {
+    pub message: String,
+    pub result_code: u32,
+}
+
+#[repr(u32)]
+pub enum ResultCode {
+    Success = 0,
+    Error = 1,
+}
+impl From<ResultCode> for u32 {
+    fn from(m: ResultCode) -> u32 {
+        m as u32
+    }
+}
+
+trait CommandRunner {
+    fn new() -> Self
+    where
+        Self: Sized;
+    fn arg(&mut self, arg: &str) -> &mut Self;
+    fn args(&mut self, args: &[&str]) -> &mut Self;
+    fn spawn(&mut self) -> std::io::Result<()>;
+    fn to_string(&mut self) -> std::io::Result<String>;
+}
+
+impl CommandRunner for Command {
+    fn new() -> Self {
+        #[cfg(target_os = "macos")]
+        {
+            Command::new("open")
+        }
+        #[cfg(target_os = "windows")]
+        {
+            use mozbuild::config::MOZ_APP_NAME;
+            use std::env;
+            use std::path::Path;
+            // Get the current executable's path, we know Firefox is in the
+            // same folder is nmhproxy.exe so we can use that.
+            let nmh_exe_path = env::current_exe().unwrap();
+            let nmh_exe_folder = nmh_exe_path.parent().unwrap_or_else(|| Path::new(""));
+            let moz_exe_path = nmh_exe_folder.join(format!("{}.exe", MOZ_APP_NAME));
+            Command::new(moz_exe_path)
+        }
+    }
+    fn arg(&mut self, arg: &str) -> &mut Self {
+        self.arg(arg)
+    }
+    fn args(&mut self, args: &[&str]) -> &mut Self {
+        self.args(args)
+    }
+    fn spawn(&mut self) -> std::io::Result<()> {
+        self.spawn().map(|_| ())
+    }
+    fn to_string(&mut self) -> std::io::Result<String> {
+        Ok("".to_string())
+    }
+}
+
+struct MockCommand {
+    command_line: String,
+}
+
+impl CommandRunner for MockCommand {
+    fn new() -> Self {
+        MockCommand {
+            command_line: String::new(),
+        }
+    }
+    fn arg(&mut self, arg: &str) -> &mut Self {
+        self.command_line.push_str(arg);
+        self.command_line.push(' ');
+        self
+    }
+    fn args(&mut self, args: &[&str]) -> &mut Self {
+        for arg in args {
+            self.command_line.push_str(arg);
+            self.command_line.push(' ');
+        }
+        self
+    }
+    fn spawn(&mut self) -> std::io::Result<()> {
+        Ok(())
+    }
+    fn to_string(&mut self) -> std::io::Result<String> {
+        Ok(self.command_line.clone())
+    }
+}
+
+// The message length is a 32-bit integer in native byte order
+pub fn read_message_length<R: Read>(mut reader: R) -> std::io::Result<u32> {
+    let mut buffer = [0u8; 4];
+    reader.read_exact(&mut buffer)?;
+    let length: u32 = u32::from_ne_bytes(buffer);
+    if (length > 0) && (length < 100 * 1024) {
+        Ok(length)
+    } else {
+        Err(io::Error::new(
+            io::ErrorKind::InvalidData,
+            "Invalid message length",
+        ))
+    }
+}
+
+pub fn read_message_string<R: Read>(mut reader: R, length: u32) -> io::Result<String> {
+    let mut buffer = vec![0u8; length.try_into().unwrap()];
+    reader.read_exact(&mut buffer)?;
+    let message =
+        String::from_utf8(buffer).map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?;
+    Ok(message)
+}
+
+pub fn process_command(command: &FirefoxCommand) -> std::io::Result<bool> {
+    match &command {
+        FirefoxCommand::LaunchFirefox { url } => {
+            launch_firefox::<Command>(url.to_owned(), false, OS_NAME)?;
+            Ok(true)
+        }
+        FirefoxCommand::LaunchFirefoxPrivate { url } => {
+            launch_firefox::<Command>(url.to_owned(), true, OS_NAME)?;
+            Ok(true)
+        }
+        FirefoxCommand::GetVersion {} => generate_response("1", ResultCode::Success.into()),
+    }
+}
+
+pub fn generate_response(message: &str, result_code: u32) -> std::io::Result<bool> {
+    let response_struct = Response {
+        message: message.to_string(),
+        result_code,
+    };
+    let response_str = serde_json::to_string(&response_struct)
+        .map_err(|e| std::io::Error::new(std::io::ErrorKind::InvalidData, e))?;
+    let response_len_bytes: [u8; 4] = (response_str.len() as u32).to_ne_bytes();
+    std::io::stdout().write_all(&response_len_bytes)?;
+    std::io::stdout().write_all(response_str.as_bytes())?;
+    std::io::stdout().flush()?;
+    Ok(true)
+}
+
+fn validate_url(url: String) -> std::io::Result<String> {
+    let parsed_url = Url::parse(url.as_str())
+        .map_err(|e| std::io::Error::new(std::io::ErrorKind::InvalidData, e))?;
+    match parsed_url.scheme() {
+        "http" | "https" | "file" => Ok(parsed_url.to_string()),
+        _ => Err(std::io::Error::new(
+            std::io::ErrorKind::InvalidInput,
+            "Invalid URL scheme",
+        )),
+    }
+}
+
+fn launch_firefox<C: CommandRunner>(
+    url: String,
+    private: bool,
+    os: &str,
+) -> std::io::Result<String> {
+    let validated_url: String = validate_url(url)?;
+    let mut command = C::new();
+    if os == "macos" {
+        use mozbuild::config::MOZ_MACBUNDLE_ID;
+        let mut args: [&str; 2] = ["--args", "-url"];
+        if private {
+            args[1] = "-private-window";
+        }
+        command
+            .arg("-n")
+            .arg("-b")
+            .arg(MOZ_MACBUNDLE_ID)
+            .args(&args)
+            .arg(validated_url.as_str());
+    } else if os == "windows" {
+        let mut args: [&str; 2] = ["-osint", "-url"];
+        if private {
+            args[1] = "-private-window";
+        }
+        command.args(&args).arg(validated_url.as_str());
+    }
+    match command.spawn() {
+        Ok(_) => generate_response(
+            if private {
+                "Successful private launch"
+            } else {
+                "Sucessful launch"
+            },
+            ResultCode::Success.into(),
+        )?,
+        Err(_) => generate_response(
+            if private {
+                "Failed private launch"
+            } else {
+                "Failed launch"
+            },
+            ResultCode::Error.into(),
+        )?,
+    };
+    command.to_string()
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use std::io::Cursor;
+    #[test]
+    fn test_validate_url() {
+        let valid_test_cases = vec![
+            "https://example.com/".to_string(),
+            "http://example.com/".to_string(),
+            "file:///path/to/file".to_string(),
+            "https://test.example.com/".to_string(),
+        ];
+
+        for input in valid_test_cases {
+            let result = validate_url(input.clone());
+            assert!(result.is_ok(), "Expected Ok, got Err");
+            // Safe to unwrap because we know the result is Ok
+            let ok_value = result.unwrap();
+            assert_eq!(ok_value, input);
+        }
+
+        assert!(matches!(
+            validate_url("fakeprotocol://test.example.com/".to_string()).map_err(|e| e.kind()),
+            Err(std::io::ErrorKind::InvalidInput)
+        ));
+
+        assert!(matches!(
+            validate_url("invalidURL".to_string()).map_err(|e| e.kind()),
+            Err(std::io::ErrorKind::InvalidData)
+        ));
+    }
+
+    #[test]
+    fn test_read_message_length_valid() {
+        let input: [u8; 4] = 256u32.to_ne_bytes();
+        let mut cursor = Cursor::new(input);
+        let length = read_message_length(&mut cursor);
+        assert!(length.is_ok(), "Expected Ok, got Err");
+        assert_eq!(length.unwrap(), 256);
+    }
+
+    #[test]
+    fn test_read_message_length_invalid_too_large() {
+        let input: [u8; 4] = 1_000_000u32.to_ne_bytes();
+        let mut cursor = Cursor::new(input);
+        let result = read_message_length(&mut cursor);
+        assert!(result.is_err());
+        let error = result.err().unwrap();
+        assert_eq!(error.kind(), io::ErrorKind::InvalidData);
+    }
+
+    #[test]
+    fn test_read_message_length_invalid_zero() {
+        let input: [u8; 4] = 0u32.to_ne_bytes();
+        let mut cursor = Cursor::new(input);
+        let result = read_message_length(&mut cursor);
+        assert!(result.is_err());
+        let error = result.err().unwrap();
+        assert_eq!(error.kind(), io::ErrorKind::InvalidData);
+    }
+
+    #[test]
+    fn test_read_message_string_valid() {
+        let input_data = b"Valid UTF8 string!";
+        let input_length = input_data.len() as u32;
+        let message = read_message_string(&input_data[..], input_length);
+        assert!(message.is_ok(), "Expected Ok, got Err");
+        assert_eq!(message.unwrap(), "Valid UTF8 string!");
+    }
+
+    #[test]
+    fn test_read_message_string_invalid() {
+        let input_data: [u8; 3] = [0xff, 0xfe, 0xfd];
+        let input_length = input_data.len() as u32;
+        let result = read_message_string(&input_data[..], input_length);
+        assert!(result.is_err());
+        let error = result.err().unwrap();
+        assert_eq!(error.kind(), io::ErrorKind::InvalidData);
+    }
+
+    #[test]
+    fn test_launch_regular_command_macos() {
+        let url = "https://example.com";
+        let result = launch_firefox::<MockCommand>(url.to_string(), false, "macos");
+        assert!(result.is_ok());
+        let command_line = result.unwrap();
+        let correct_url_format = format!("-url {}", url);
+        assert!(command_line.contains(correct_url_format.as_str()));
+    }
+
+    #[test]
+    fn test_launch_regular_command_windows() {
+        let url = "https://example.com";
+        let result = launch_firefox::<MockCommand>(url.to_string(), false, "windows");
+        assert!(result.is_ok());
+        let command_line = result.unwrap();
+        let correct_url_format = format!("-osint -url {}", url);
+        assert!(command_line.contains(correct_url_format.as_str()));
+    }
+
+    #[test]
+    fn test_launch_private_command_macos() {
+        let url = "https://example.com";
+        let result = launch_firefox::<MockCommand>(url.to_string(), true, "macos");
+        assert!(result.is_ok());
+        let command_line = result.unwrap();
+        let correct_url_format = format!("-private-window {}", url);
+        assert!(command_line.contains(correct_url_format.as_str()));
+    }
+
+    #[test]
+    fn test_launch_private_command_windows() {
+        let url = "https://example.com";
+        let result = launch_firefox::<MockCommand>(url.to_string(), true, "windows");
+        assert!(result.is_ok());
+        let command_line = result.unwrap();
+        let correct_url_format = format!("-osint -private-window {}", url);
+        assert!(command_line.contains(correct_url_format.as_str()));
+    }
+}
diff --git a/browser/app/nmhproxy/src/main.rs b/browser/app/nmhproxy/src/main.rs
new file mode 100644
index 0000000000..de9cd8c2a3
--- /dev/null
+++ b/browser/app/nmhproxy/src/main.rs
@@ -0,0 +1,55 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+mod commands;
+use commands::ResultCode;
+use std::io::Error;
+use std::io::ErrorKind;
+
+fn main() -> Result<(), Error> {
+    // The general structure of these functions is to print error cases to
+    // stdout so that the extension can read them and then do error-handling
+    // on that end.
+    let message_length: u32 =
+        commands::read_message_length(std::io::stdin()).or_else(|_| -> Result<u32, _> {
+            commands::generate_response("Failed to read message length", ResultCode::Error.into())
+                .expect("JSON error");
+            return Err(Error::new(
+                ErrorKind::InvalidInput,
+                "Failed to read message length",
+            ));
+        })?;
+    let message: String = commands::read_message_string(std::io::stdin(), message_length).or_else(
+        |_| -> Result<String, _> {
+            commands::generate_response("Failed to read message", ResultCode::Error.into())
+                .expect("JSON error");
+            return Err(Error::new(
+                ErrorKind::InvalidInput,
+                "Failed to read message",
+            ));
+        },
+    )?;
+    // Deserialize the message with the following expected format
+    let native_messaging_json: commands::FirefoxCommand =
+        serde_json::from_str(&message).or_else(|_| -> Result<commands::FirefoxCommand, _> {
+            commands::generate_response(
+                "Failed to deserialize message JSON",
+                ResultCode::Error.into(),
+            )
+            .expect("JSON error");
+            return Err(Error::new(
+                ErrorKind::InvalidInput,
+                "Failed to deserialize message JSON",
+            ));
+        })?;
+    commands::process_command(&native_messaging_json).or_else(|_| -> Result<bool, _> {
+        commands::generate_response("Failed to process command", ResultCode::Error.into())
+            .expect("JSON error");
+        return Err(Error::new(
+            ErrorKind::InvalidInput,
+            "Failed to process command",
+        ));
+    })?;
+    Ok(())
+}
diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js
index 5964d40ca3..1ef5a05907 100644
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -57,7 +57,7 @@ pref("extensions.systemAddon.update.url", "https://aus5.mozilla.org/update/3/Sys
 pref("extensions.systemAddon.update.enabled", true);
 
 // Disable add-ons that are not installed by the user in all scopes by default.
-// See the SCOPE constants in AddonManager.jsm for values to use here.
+// See the SCOPE constants in AddonManager.sys.mjs for values to use here.
 pref("extensions.autoDisableScopes", 15);
 // Scopes to scan for changes at startup.
 pref("extensions.startupScanScopes", 0);
@@ -295,12 +295,6 @@ pref("browser.shell.checkDefaultPDF", true);
 // Will be set to `true` if the user indicates that they don't want to be asked
 // again about Firefox being their default PDF handler any more.
 pref("browser.shell.checkDefaultPDF.silencedByUser", false);
-// URL to navigate to when launching Firefox after accepting the Windows Default
-// Browser Agent "Set Firefox as default" call to action.
-pref("browser.shell.defaultBrowserAgent.thanksURL", "https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/");
-// Whether or not we want to run through the early startup idle task
-// which registers the firefox and firefox-private registry keys.
-pref("browser.shell.customProtocolsRegistered", false);
 #endif
 
 
@@ -439,12 +433,8 @@ pref("browser.search.param.search_rich_suggestions", "fen");
 // Feature gate pref for weather suggestions in the urlbar.
 pref("browser.urlbar.weather.featureGate", false);
 
-// Enable clipboard suggestions in Nightly.
-#ifdef NIGHTLY_BUILD
+// Enable clipboard suggestions feature, the pref should be removed once stable.
 pref("browser.urlbar.clipboard.featureGate", true);
-#else
-pref("browser.urlbar.clipboard.featureGate", false);
-#endif
 
 // When false, the weather suggestion will not be fetched when a VPN is
 // detected. When true, it will be fetched anyway.
@@ -556,11 +546,7 @@ pref("browser.urlbar.switchTabs.adoptIntoActiveWindow", false);
 
 // Controls whether searching for open tabs returns tabs from any container
 // or only from the current container.
-#ifdef NIGHTLY_BUILD
 pref("browser.urlbar.switchTabs.searchAllContainers", true);
-#else
-pref("browser.urlbar.switchTabs.searchAllContainers", false);
-#endif
 
 // Whether addresses and search results typed into the address bar
 // should be opened in new tabs by default.
@@ -732,6 +718,13 @@ pref("browser.download.clearHistoryOnDelete", 0);
 pref("browser.helperApps.showOpenOptionForPdfJS", true);
 pref("browser.helperApps.showOpenOptionForViewableInternally", true);
 
+// Whether search-config-v2 is enabled.
+#ifdef NIGHTLY_BUILD
+pref("browser.search.newSearchConfig.enabled", true);
+#else
+pref("browser.search.newSearchConfig.enabled", false);
+#endif
+
 // search engines URL
 pref("browser.search.searchEnginesURL",      "https://addons.mozilla.org/%LOCALE%/firefox/search-engines/");
 
@@ -949,7 +942,6 @@ pref("browser.tabs.tooltipsShowPidAndActiveness", false);
 #endif
 
 pref("browser.tabs.cardPreview.enabled", false);
-pref("browser.tabs.cardPreview.delayMs", 1000);
 pref("browser.tabs.cardPreview.showThumbnails", true);
 
 pref("browser.tabs.firefox-view", true);
@@ -1079,6 +1071,17 @@ pref("privacy.cpd.offlineApps",             false);
 pref("privacy.cpd.siteSettings",            false);
 pref("privacy.cpd.openWindows",             false);
 
+// clearHistory and clearSiteData pref branches are used to
+// remember user pref options based on the two different entry points
+pref("privacy.clearHistory.historyFormDataAndDownloads", true);
+pref("privacy.clearHistory.cookiesAndStorage", true);
+pref("privacy.clearHistory.cache", true);
+pref("privacy.clearHistory.siteSettings", false);
+pref("privacy.clearSiteData.historyFormDataAndDownloads", false);
+pref("privacy.clearSiteData.cookiesAndStorage", true);
+pref("privacy.clearSiteData.cache", true);
+pref("privacy.clearSiteData.siteSettings", false);
+
 pref("privacy.history.custom",              false);
 
 // What default should we use for the time span in the sanitizer:
@@ -1097,7 +1100,10 @@ pref("privacy.sanitize.useOldClearHistoryDialog", false);
 pref("privacy.sanitize.useOldClearHistoryDialog", true);
 #endif
 
-pref("privacy.sanitize.sanitizeOnShutdown.hasMigratedToNewPrefs", false);
+pref("privacy.sanitize.clearOnShutdown.hasMigratedToNewPrefs", false);
+// flag to track migration of clear history dialog prefs, where cpd stands for
+// clear private data
+pref("privacy.sanitize.cpd.hasMigratedToNewPrefs", false);
 
 pref("privacy.panicButton.enabled",         true);
 
@@ -1301,8 +1307,6 @@ pref("browser.sessionstore.upgradeBackup.maxUpgradeBackups", 3);
 pref("browser.sessionstore.debug", false);
 // Forget closed windows/tabs after two weeks
 pref("browser.sessionstore.cleanup.forget_closed_after", 1209600000);
-// Platform collects session storage data for session store
-pref("browser.sessionstore.collect_session_storage", true);
 
 // temporary pref that will be removed in a future release, see bug 1836952
 pref("browser.sessionstore.persist_closed_tabs_between_sessions", true);
@@ -1418,11 +1422,7 @@ pref("browser.bookmarks.editDialog.maxRecentFolders", 7);
   // On windows these levels are:
   // See - security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
   // SetSecurityLevelForContentProcess() for what the different settings mean.
-  #if defined(NIGHTLY_BUILD)
-    pref("security.sandbox.content.level", 7);
-  #else
-    pref("security.sandbox.content.level", 6);
-  #endif
+  pref("security.sandbox.content.level", 6);
 
   // Pref controlling if messages relevant to sandbox violations are logged.
   pref("security.sandbox.logging.enabled", false);
@@ -1763,6 +1763,7 @@ pref("browser.newtabpage.activity-stream.discoverystream.spocTopsitesPlacement.e
 pref("browser.newtabpage.activity-stream.discoverystream.spocSiteId", "");
 pref("browser.newtabpage.activity-stream.discoverystream.ctaButtonSponsors", "");
 pref("browser.newtabpage.activity-stream.discoverystream.ctaButtonVariant", "");
+pref("browser.newtabpage.activity-stream.discoverystream.spocMessageVariant", "");
 
 pref("browser.newtabpage.activity-stream.discoverystream.sendToPocket.enabled", true);
 
@@ -1854,6 +1855,8 @@ pref("pdfjs.previousHandler.alwaysAskBeforeHandling", false);
 // Try to convert PDFs sent as octet-stream
 pref("pdfjs.handleOctetStream", true);
 
+pref("sidebar.companion", false);
+
 // Is the sidebar positioned ahead of the content browser
 pref("sidebar.position_start", true);
 
@@ -2102,8 +2105,6 @@ pref("browser.contentblocking.features.strict", "tp,tpPrivate,cookieBehavior5,co
 // lists enabled.
 pref("browser.contentblocking.customBlockList.preferences.ui.enabled", false);
 
-pref("browser.contentblocking.reportBreakage.url", "https://tracking-protection-issues.herokuapp.com/new");
-
 // Enable Protections report's Lockwise card by default.
 pref("browser.contentblocking.report.lockwise.enabled", true);
 
@@ -2324,8 +2325,6 @@ pref("browser.migrate.interactions.passwords", false);
 
 pref("browser.migrate.preferences-entrypoint.enabled", true);
 
-pref("browser.device-migration.help-menu.hidden", false);
-
 pref("extensions.pocket.api", "api.getpocket.com");
 pref("extensions.pocket.bffApi", "firefox-api-proxy.cdn.mozilla.net");
 pref("extensions.pocket.bffRecentSaves", true);
@@ -2406,8 +2405,12 @@ pref("browser.suppress_first_window_animation", true);
 // Preference that allows individual users to disable Screenshots.
 pref("extensions.screenshots.disabled", false);
 
-// Preference that determines whether Screenshots is opened as a dedicated browser component
-pref("screenshots.browser.component.enabled", false);
+// Preference that determines whether Screenshots uses the dedicated browser component
+#ifdef NIGHTLY_BUILD
+  pref("screenshots.browser.component.enabled", true);
+#else
+  pref("screenshots.browser.component.enabled", false);
+#endif
 
 // Preference that determines what button to focus
 pref("screenshots.browser.component.last-saved-method", "download");
@@ -2491,8 +2494,6 @@ pref("browser.toolbars.bookmarks.showOtherBookmarks", true);
 
 // Felt Privacy pref to control simplified private browsing UI
 pref("browser.privatebrowsing.felt-privacy-v1", false);
-// Visiblity of the bookmarks toolbar in PBM (currently only applies if felt-privacy-v1 is true)
-pref("browser.toolbars.bookmarks.showInPrivateBrowsing", false);
 
 // Prefs to control the Firefox Account toolbar menu.
 // This pref will surface existing Firefox Account information
@@ -2503,7 +2504,7 @@ pref("identity.fxaccounts.toolbar.accessed", false);
 pref("identity.fxaccounts.toolbar.defaultVisible", true);
 
 // Prefs to control Firefox Account panels that shows call to actions
-// for other supported Mozilla products 
+// for other supported Mozilla products
 pref("identity.fxaccounts.toolbar.pxiToolbarEnabled", false);
 pref("identity.fxaccounts.toolbar.pxiToolbarEnabled.monitorEnabled", true);
 pref("identity.fxaccounts.toolbar.pxiToolbarEnabled.relayEnabled", true);
@@ -2922,6 +2923,13 @@ pref("svg.context-properties.content.allowed-domains", "profile.accounts.firefox
   pref("extensions.translations.disabled", true);
 #endif
 
+#if defined(XP_MACOSX) || defined(XP_WIN)
+pref("browser.firefoxbridge.enabled", false);
+pref("browser.firefoxbridge.extensionOrigins",
+    "chrome-extension://gkcbmfjnnjoambnfmihmnkneakghogca/"
+);
+#endif
+
 // Turn on interaction measurements
 pref("browser.places.interactions.enabled", true);
 
@@ -3016,9 +3024,16 @@ pref("ui.new-webcompat-reporter.reason-dropdown.randomized", true);
 pref("browser.privatebrowsing.resetPBM.showConfirmationDialog", true);
 
 // the preferences related to the Nimbus experiment, to activate and deactivate
-// the the entire rollout or deactivate only the OS prompt (see: bug 1864216)
+// the the entire rollout (see: bug 1864216 - two prompts, 1877500 - set two in one prompt)
 pref("browser.mailto.dualPrompt", false);
-pref("browser.mailto.dualPrompt.os", false);
 // When visiting a site which uses registerProtocolHandler: Ask the user to set Firefox as
 // default mailto handler.
 pref("browser.mailto.prompt.os", true);
+
+pref("browser.backup.enabled", false);
+
+// Pref to enable the new profiles
+pref("browser.profiles.enabled", false);
+
+pref("startup.homepage_override_url_nimbus", "");
+pref("startup.homepage_override_nimbus_maxVersion", "");
diff --git a/browser/app/winlauncher/LauncherProcessWin.cpp b/browser/app/winlauncher/LauncherProcessWin.cpp
index b40e0fceb5..81d4ee91e9 100644
--- a/browser/app/winlauncher/LauncherProcessWin.cpp
+++ b/browser/app/winlauncher/LauncherProcessWin.cpp
@@ -401,8 +401,12 @@ Maybe<int> LauncherMain(int& argc, wchar_t* argv[],
   }
 #endif  // defined(MOZ_LAUNCHER_PROCESS)
 
-  // Now proceed with setting up the parameters for process creation
-  UniquePtr<wchar_t[]> cmdLine(MakeCommandLine(argc, argv));
+  // Now proceed with setting up the parameters for process creation.
+  constexpr static const wchar_t* extraArgs[] = {
+      L"/prefetch:1",  // for APFL; see ipc/glue/GeckoChildProcessHost.cpp
+  };
+  UniquePtr<wchar_t[]> cmdLine(
+      MakeCommandLine(argc, argv, ARRAYSIZE(extraArgs), extraArgs));
   if (!cmdLine) {
     HandleLauncherError(LAUNCHER_ERROR_GENERIC());
     return Nothing();
diff --git a/browser/app/winlauncher/freestanding/DllBlocklist.cpp b/browser/app/winlauncher/freestanding/DllBlocklist.cpp
index bfb3d6239b..f8f9560acb 100644
--- a/browser/app/winlauncher/freestanding/DllBlocklist.cpp
+++ b/browser/app/winlauncher/freestanding/DllBlocklist.cpp
@@ -11,7 +11,6 @@
 #include "mozilla/Types.h"
 #include "mozilla/WindowsDllBlocklist.h"
 
-#include "CrashAnnotations.h"
 #include "DllBlocklist.h"
 #include "LoaderPrivateAPI.h"
 #include "ModuleLoadFrame.h"
@@ -136,12 +135,8 @@ void NativeNtBlockSet::Write(WritableBuffer& aBuffer) {
 
 static NativeNtBlockSet gBlockSet;
 
-extern "C" void MOZ_EXPORT
-NativeNtBlockSet_Write(CrashReporter::AnnotationWriter& aWriter) {
-  WritableBuffer buffer;
-  gBlockSet.Write(buffer);
-  aWriter.Write(CrashReporter::Annotation::BlockedDllList, buffer.Data(),
-                buffer.Length());
+extern "C" void MOZ_EXPORT NativeNtBlockSet_Write(WritableBuffer& aBuffer) {
+  gBlockSet.Write(aBuffer);
 }
 
 enum class BlockAction {