Mullvad Browser 14.5a1

##All Platforms

• Updated Firefox to 128.5.0esr
• Updated NoScript to 11.5.2
• Updated Mullvad Browser Extension to 0.9.3
• Updated uBlock Origin to 1.61.2
• Bug 383: Rebase MB alpha onto 128.5.0esr [mullvad-browser]
• Bug 32668: NoScript default whitelist re-appears on clicking NoScript Options / Reset [tor-browser]
• Bug 42125: lock RFP part 2 [tor-browser]
• Bug 42739: Fix localization in the profile error dialog [tor-browser]
• Bug 43257: NoScript-blocked content placeholders causing slow downs [tor-browser]
• Bug 43258: NoScript Lifecycle error on extension updates [tor-browser]
• Bug 43313: Backport security fixes from Firefox 133 [tor-browser]

macOS

• Bug 43165: Disable Microsoft SSO on macOS [MozBug 1768724] [tor-browser]

Linux

• Bug 41799: Make lack of fonts.conf less of a footgun [tor-browser]
• Bug 43140: Ship our FontConfig configuration with the browser [tor-browser]
• Bug 41298: Remove --detach parameter from .desktop files [tor-browser-build]
• Bug 41312: Remove comment in start-browser about --class and --name parameters [tor-browser-build]
• Bug 41313: Show waiting cursor while app opens [tor-browser-build]

Build System

All Platforms

• Bug 43295: Update MR templates [tor-browser]
• Bug 40996: Do not version the .nobackup files [tor-browser-build]
• Bug 41284: Update relprep.py script to not synchronise changelogs between channels [tor-browser-build]
• Bug 41288: Use exec_noco option when using exec [tor-browser-build]
• Bug 41300: Add bea, clairehurst, and jwilde to tb_builders [tor-browser-build]
• Bug 41304: Add a browser commit tag+signing script [tor-browser-build]
• Bug 41306: Container dependencies are sorted before resolving templates [tor-browser-build]
• Bug 41307: Container dependencies are not filtered for duplicates [tor-browser-build]
• Bug 41315: Fix the Mullvad Extension update in relprep.py [tor-browser-build]
• Bug 41321: Update PieroV's expired keys [tor-browser-build]
• Bug 40006: Add option to avoid doing a git checkout when using the exec template function [rbm]

Linux

• Bug 41266: Build the Tor and Mullvad Browsers for aarch64 Linux [tor-browser-build]

Mullvad Browser 14.0.3

All Platforms

• Updated Firefox to 128.5.0esr
• Updated uBlock Origin to 1.61.0
• Rebase Mullvad Browser stable onto Firefox 128.5.0esr [mullvad-browser]
• Backport security fixes from Firefox 133 [tor-browser]

macOS

• Bug 43165: Disable Microsoft SSO on macOS [MozBug 1768724] [tor-browser]

Build System

All Platforms

• Do not version the .nobackup files [tor-browser-build]
• Update relprep.py script to not synchronise changelogs between channels [tor-browser-build]
• Add bea, clairehurst, and jwilde to tb_builders [tor-browser-build]
• Fix the Mullvad Extension update in relprep.py [tor-browser-build]

Mullvad Browser 14.0

All Platforms

• Updated Firefox to 128.4.0esr
• Updated NoScript to 11.5.2
• Updated Mullvad Browser Extension to 0.9.3
• Bug 328: Provide search engine icons [mullvad-browser]
• Bug 329: Remove the Security Levels icon from the toolbar [mullvad-browser]
• Bug 344: set media.navigator.enabled = true [mullvad-browser]
• Bug 349: Tidy up mullvad Fluent files [mullvad-browser]
• Bug 30543: compat: make spoofed orientation reflect spoofed screen dimensions [1607032 + 1918202] [tor-browser]
• Bug 30862: 10ms time precision via EXSLT date-time function [tor-browser]
• Bug 32668: NoScript default whitelist re-appears on clicking NoScript Options / Reset [tor-browser]
• Bug 40147: Re-enable Picture-in-Picture mode [tor-browser]
• Bug 41309: Re-enable screenshots component [tor-browser]
• Bug 41817: Add more color aliases that take dark mode into account [tor-browser]
• Bug 42070: Backport Bugzilla 1834307 and hide smooth-scroll UX [tor-browser]
• Bug 42255: pdfjs.disabled used to be part of RFP until Bug 1838415; lock pref to false in stable [tor-browser]
• Bug 42356: Review 000-tor-browser.js and 001-base-profile.js for 128 [tor-browser]
• Bug 42362: "New window" missing from File menu [tor-browser]
• Bug 42596: Several console errors: Console.maxLogLevelPref used with a non-existing pref: [tor-browser]
• Bug 42601: Check Bug 1894779: Allow font-face urls to be resource:// urls and relax CORS for resource:// URLs [tor-browser]
• Bug 42603: Remove safebrowsing URLs [tor-browser]
• Bug 42611: Set clipboard.imageAsFile.enabled to false [tor-browser]
• Bug 42617: Restore the HTML form on DDG when using safest in 128 [tor-browser]
• Bug 42630: Review LaterRun in 128 [tor-browser]
• Bug 42640: Disable Firefox Flame button due to unknown interactions with New Identity [tor-browser]
• Bug 42641: Move from panel-footer class to moz-button-group [tor-browser]
• Bug 42644: toolbar rules in panelUI-shared.css are unneccessary [tor-browser]
• Bug 42646: Remove migrations for security.certerrors.mitm.auto_enable_enterprise_roots [tor-browser]
• Bug 42647: "Switching to a new device" regressed on 128 [tor-browser]
• Bug 42653: The Neterror page has a checkbox to report iframe origin errors to TPO [tor-browser]
• Bug 42665: Drop "Learn More" spacing [tor-browser]
• Bug 42667: Add description-deemphasized class to our additions to about:preferences [tor-browser]
• Bug 42679: Use a more robust approach to hide the "tracking protection" urlbar button [tor-browser]
• Bug 42683: Create script to generate issue triage csv's from bugzilla query and git scraping [tor-browser]
• Bug 42684: Disable network prefetch [tor-browser]
• Bug 42685: compat: ESR128: enable textmetrics [tor-browser]
• Bug 42687: Disable Privacy-Preserving Attribution [tor-browser]
• Bug 42699: Drop level="top" attribute from panels [tor-browser]
• Bug 42704: Drop the badged="true" attribute from security level button [tor-browser]
• Bug 42705: Update our preferences to account for new line height [tor-browser]
• Bug 42718: Remove the firefox-view button from UI, even when always-on private-browsing mode is disabled [tor-browser]
• Bug 42730: Make RemoteSettings use only local dumps [tor-browser]
• Bug 42735: Disable recent search suggestions [tor-browser]
• Bug 42740: Stop trying to hide "Restore previous session" [tor-browser]
• Bug 42742: Inconsistent use of "New private window" vs "New window" [tor-browser]
• Bug 42745: Remove some residuals from update scripts [tor-browser]
• Bug 42764: Unconditionally disable find-bar transition animation [tor-browser]
• Bug 42777: Remove 'Website Privacy Preferences' and ensure sensible default prefs [tor-browser]
• Bug 42814: Opt out from Firefox relay by default. [tor-browser]
• Bug 42831: Remove the shopping components [tor-browser]
• Bug 42867: Disable contentRelevancy component [tor-browser]
• Bug 42872: Disable translations until audited and solved the UX problems [tor-browser]
• Bug 43054: check bounceTrackingProtection in PB mode does not persist to disk [tor-browser]
• Bug 43072: moz-message-bar does not get announced on Orca screen-reader [tor-browser]
• Bug 43083: Backport fix for Mozilla 1436462 [tor-browser]
• Bug 43103: Verify whether an update is unsupported before choosing one [tor-browser]
• Bug 43109: Remove mention of Firefox Relay from settings [tor-browser]
• Bug 43117: Hide 'Always underline links' option [tor-browser]
• Bug 43134: Backport Bugzilla 1436226 Hardcode VP8/VP9 [tor-browser]
• Bug 43144: Ensure non-privacy browsing also sets the GPC header [tor-browser]
• Bug 43163: Disable offscreen canvas until verified it is not fingerprintable [tor-browser]
• Bug 43164: Prevent search-bar from being auto-hidden when not used for awhile [tor-browser]
• Bug 43178: Audit fingerprinting overrides (MozBug 1834274) [tor-browser]
• Bug 43184: Backport Bugzilla 1922294: RFP: fixup square spoofed orientation [tor-browser]
• Bug 43197: Disable automatic exception for HTTPS-First [tor-browser]
• Bug 43209: UI freezes when clipboard is empty after screen lock [tor-browser]
• Bug 43217: Fullscreen videos have rounded letterboxing corners [tor-browser]
• Bug 43257: NoScript-blocked content placeholders causing slow downs [tor-browser]
• Bug 43258: NoScript Lifecycle error on extension updates [tor-browser]
• Bug 41248: Check and update bundled font versions [tor-browser-build]

Windows + macOS

• Bug 43021: Revert the OS deprecation notification introduced in #42347 [tor-browser]

Windows

• Bug 43051: windows: remove UI for "open Tor Browser automatically when computer starts" [tor-browser]

macOS

• Bug 42494: mac: add Arial Black and Arial Narrow to allowlist [tor-browser]

Linux

• Bug 42773: Replace ~ with the original HOME [tor-browser]
• Bug 43092: Disable Wayland by default in 14.0 [tor-browser]
• Bug 43101: Security features warning links to Firefox installation support page with incomplete info [tor-browser]
• Bug 43141: Hardcode Arimo as a system-ui font [tor-browser]
• Bug 43196: Remove the vendor name from the "is playing media" notification on Linux [tor-browser]
• Bug 41237: Add some aliases to our Linux font config for compatibility [tor-browser-build]

Build System

All Platforms

• Bug 43157: Move tb-dev to base-browser [tor-browser]
• Bug 41096: Set SOURCE_DATE_EPOCH in the default env variables [tor-browser-build]
• Bug 41155: Update toolchains for ESR128 [tor-browser-build]
• Bug 41156: Split the Rust configuration options [tor-browser-build]
• Bug 41176: Update list of people with github commit access in MB issue templates [tor-browser-build]
• Bug 41188: Upgrade binutils to 2.41 [tor-browser-build]
• Bug 41236: Remove binutils when not needed [tor-browser-build]
• Bug 41256: tools/signing/upload-update_responses-to-staticiforme should regenerate update-responses when it already exists [tor-browser-build]
• Bug 41259: Skip versions which don't set incremental_from when generating incrementals [tor-browser-build]
• Bug 41260: Don't set legacy version for Mullvad Browser [tor-browser-build]
• Bug 41274: Improve fetch_changelogs.py for major releases [tor-browser-build]
• Bug 41279: Add @PieroV and @ma1 as new signers [tor-browser-build]
• Bug 41289: Fix single-browser in relprep.py [tor-browser-build]

Windows + macOS

• Bug 41197: Modify update-responses to prevent upgrades on unsupported Windows and macOS versions [tor-browser-build]

Windows

• Bug 29318: Drop mingw-w64/gcc toolchain [tor-browser-build]
• Bug 29320: Use mingw-w64/clang toolchain to build Rust [tor-browser-build]
• Bug 41296: Implement missing Windows headers required for building cross-compiling WebRTC with mingw [tor-browser-build]

Linux

• Bug 41013: Add a README to each project [tor-browser-build]
• Bug 41222: link_old_mar_filenames still referenced in torbrowser-incrementals-{release,alpha}-unsigned [tor-browser-build]
• Bug 41243: Add own apparmor profile to deb package [tor-browser-build]
• Bug 41282: Add SSL to our custom Python for MozBug 1924022 [tor-browser-build]

Mullvad Browser 14.0a10

All Platforms

• Updated Firefox to 128.4.0esr
• Updated NoScript to 11.5.0
• Bug 42356: Review 000-tor-browser.js and 001-base-profile.js for 128 [tor-browser]
• Bug 43134: Backport Bugzilla 1436226 Hardcode VP8/VP9 [tor-browser]
• Bug 43174: Issue with custom home page on local filesystem [tor-browser]
• Bug 43184: Backport Bugzilla 1922294: RFP: fixup square spoofed orientation [tor-browser]
• Bug 43209: UI freezes when clipboard is empty after screen lock [tor-browser]
• Bug 43217: Fullscreen videos have rounded letterboxing corners [tor-browser]
• Bug 43240: Backport security fixes from Firefox 132 [tor-browser]

Windows

• Bug 373: Re-enable WebRTC for Windows builds [mullvad-browser]

Linux

• Bug 43101: Security features warning links to Firefox installation support page with incomplete info [tor-browser]
• Bug 43196: Remove the vendor name from the "is playing media" notification on Linux [tor-browser]

Build System

All Platforms

• Bug 41273: relprep.py: bump Firefox and GV to a (yet) non-existing tag when the last one does not match HEAD [tor-browser-build]
• Bug 41274: Improve fetch_changelogs.py for major releases [tor-browser-build]
• Bug 41279: Add @PieroV and @ma1 as new signers [tor-browser-build]
• Bug 41289: Fix single-browser in relprep.py [tor-browser-build]

Windows

• Bug 41296: Implement missing Windows headers required for building cross-compiling WebRTC with mingw [tor-browser-build]

Linux

• Bug 41243: Add own apparmor profile to deb package [tor-browser-build]
• Bug 41282: Add SSL to our custom Python for MozBug 1924022 [tor-browser-build]

Mullvad Browser 13.5.9

All Platforms

• Updated Firefox to 115.17.0esr
• Updated NoScript to 11.4.42
• Bug 43174: Issue with custom home page on local filesystem [tor-browser]
• Bug 43207: Backport Mozbug 1886222 [tor-browser]
• Bug 43240: Backport security fixes from Firefox 132 [tor-browser]
• Bug 41273: relprep.py: bump Firefox and GV to a (yet) non-existing tag when the last one does not match HEAD [tor-browser-build]

Mullvad Browser 14.0a9

All Platforms

• Bug 43197: Disable automatic exception for HTTPS-First [tor-browser]
• Bug 43201: Security fixes from Firefox 131.0.2 [tor-browser]
• Build System
• Bug 41260: Don't set legacy version for Mullvad Browser [tor-browser-build]

Mullvad Browser 13.5.7

All Platforms

• Updated uBlock Origin to 1.60.0
• Bug 361: SSL_ERROR_NO_CYPHER_OVERLAP on some Brazilian government websites [mullvad-browser]
• Bug 43201: Security fixes from Firefox 131.0.2 [tor-browser]

Mullvad Browser 14.0a8

All Platforms

• Updated uBlock Origin to 1.60.0
• Bug 349: Tidy up mullvad Fluent files [mullvad-browser]
• Bug 30543: compat: make spoofed orientation reflect spoofed screen dimensions [1607032 + 1918202] [tor-browser]
• Bug 42054: ESR128: investigate - thorin's list [tor-browser]
• Bug 43164: Prevent search-bar from being auto-hidden when not used for awhile [tor-browser]
• Bug 43169: compat: align userAgent in navigator + HTTP Header [tor-browser]
• Bug 43173: Backport security fixes from Firefox 131 [tor-browser]
• Bug 43178: Audit fingerprinting overrides (MozBug 1834274) [tor-browser]

Build System

All Platforms

• Bug 43157: Move tb-dev to base-browser [tor-browser]
• Bug 41256: tools/signing/upload-update_responses-to-staticiforme should regenerate update-responses when it already exists [tor-browser-build]
• Bug 41259: Skip versions which don't set incremental_from when generating incrementals [tor-browser-build]

Mullvad Browser 13.5.6

Note Mullvad Browser 13.5.4 and 13.5.5 were skipped because they were Tor Browser only numbered releases.

---

All Platforms

• Updated Firefox to 115.16.0esr
• Updated NoScript to 11.4.40
• Bug 356: Rebase Mullvad Browser Release onto Firefox 115.16.0esr [mullvad-browser]
• Bug 42832: Download spam prevention should not affect browser extensions [tor-browser]
• Bug 43173: Backport security fixes from Firefox 131 [tor-browser]

Linux

• Bug 334: When set as default browser on Linux in standard mode, links don't open correctly [mullvad-browser]

Build System

macOS

• Bug 41231: Use var/browser_release_date in tools/signing/gatekeeper-bundling.sh [tor-browser-build]

Mullvad Browser 14.0a7

All Platforms

• Updated Firefox to 128.3.0esr
• Updated NoScript to 11.4.40
• Bug 355: Rebase Mullvad Browser Alpha onto Firefox 128.3.0esr [mullvad-browser]
• Bug 42070: Backport Bugzilla 1834307 and hide smooth-scroll UX [tor-browser]
• Bug 42362: "New window" missing from File menu [tor-browser]
• Bug 42742: Inconsistent use of "New private window" vs "New window" [tor-browser]
• Bug 42832: Download spam prevention should not affect browser extensions [tor-browser]
• Bug 43163: Disable offscreen canvas until verified it is not fingerprintable [tor-browser]
• Bug 41248: Check and update bundled font versions [tor-browser-build]

Build System

All Platforms

• Bug 41236: Remove binutils when not needed [tor-browser-build]