Post #1450

Latest IronFox for Android update Updated to Firefox 138.0. Updated to Phoenix 2025.04.27.1. - (See changes from the last IronFox release) Added a toggle under Privacy and security in settings to control Safe Browsing. Note that this requires a restart to take effect. Added toggles under Privacy and security -> Site settings to control JavaScript, JIT, and WebAssembly. (Note that the JIT toggle requires a restart to take effect). Due to the addition of these toggles, we've now enabled WebAssembly by default(due to the notable breakage it causes), though users are recommended to disable it if possible to improve security. JIT will remain disabled by default. Neutered the mozAddonManager API to restrict its capabilities and limit the data shared with Mozilla, while still allowing users to install extensions from addons.mozilla.org. We now harden FPP (Fingerprinting Protection) and set our overrides to unbreak websites internally, instead of using the privacy.fingerprintingProtection.granularOverrides & privacy.fingerprintingProtection.overrides preferences like we have previously. This makes it far easier for users to add their own overrides if needed. If you have previously configured either of these preferences, it is highly recommended to reset them after updating to these release. If you would like to disable our overrides to unbreak websites (as well as Mozilla's), you can do so by setting privacy.fingerprintingProtection.remoteOverrides.enabled to false in your about:config. Added a Quick fixes list to uBlock Origin by default to allow us to work-around/fix issues caused by our default config significantly faster (while we wait on the upstream list maintainers to fix the issues...). Implemented LibreWolf's Remote Settings Blocker patch to allow us (and users) to limit what collections are read/downloaded from Mozilla, and reduce the data shared. Users can configure this from the browser.ironfox.services.settings.allowedCollections preference in the about:config, though we would not recommend editing this unless necessary, as the collections we allow by default were carefully considered and provide important functionality, including for security. Improved visibility of domains in the URL bar to better protect against phishing. - (Thanks to @mimi89999! 💜) Significantly improved upon and expanded Mozilla's built-in certificate pinning to protect against MITM attacks. If you're a website operator and would like your domain to be added or want to request details be changed, please file an issue! Took back control of all Safe Browsing preferences, meaning these can now be freely controlled by the users from the about:config (with the exception of browser.safebrowsing.malware.enabled & browser.safebrowsing.phishing.enabled - these are controlled by the new toggle in Settings). For example, users can now set their own custom Safe Browsing provider if desired, disable our proxy and revert back to Google's standard domains, etc... Hardened the internal PDF Viewer (PDF.js) with changes inspired by GrapheneOS's PDF Viewer. - #79 Disabled CSP Reporting to improve privacy, reduce undesired network activity, and limit the data shared with website operators. Enabled Proxy Bypass Protection to help prevent leaks for proxy users. Fixed a bug that caused cookies/site data and permissions to always clear on exit, regardless of their check boxes/values set by users. Disabled Firefox's new Unified Trust Panel redesign for the menu that appears when you select the lock icon on the top left of the URL bar by default, due to phishing concerns (as it unfortunately doesn't currently display the full URL if it's too long). - You can re-enable this if preferred by navigating to IronFox's Settings -> About IronFox -> Tap IronFox's logo at the top 5 times, then go back to Settings -> Secret Settings -> Unified Trust Panel. Disabled the com.widevine.alpha key system(MediaDrm). Disabled Mozilla's GeoIP/Region Service to prevent Firefox from monitoring the user's region/general location and reduce unwanted network activity.