My Browser Builds (Part 3)

[DanR20]

2 hours ago, NotHereToPlayGames said:

Basemark Web 3.0 test locks up at 9/20 in 55 and completes in 52.  Other than that it seems that 55 is microscopically faster than 52.

Interesting test but I can only go by my own experience. I can browse heavy sites like Twitter all day with 55 and the browser never slows down, sticks when scrolling or freezes the UI as it does in 52.

It's possible that it's actually some UXP features that are causing that in 52 and porting them to 55 will carry over the same problems. Hope not because then I'd have to stay on an older version. One way to find out is to run a Firefox 52ESR profile to see how it performs then I'll know if it's UXP features or the browser itself.

Update: FWIW I've been running a copied 52UXP profile using Firefox 52.9.0 and have  been surfing Twitter and other sites like Hotmail that I'm having problems with in 52UXP with no loss of browser performance. There's something specific to UXP as well as New Moon 27 and 28 that are experiencing similar problems.

Roy should I file a bug with the Pale Moon team?  

 

Edited December 22, 2021 by DanR20

[roytam1]

2 hours ago, DanR20 said:

Interesting test but I can only go by my own experience. I can browse heavy sites like Twitter all day with 55 and the browser never slows down, sticks when scrolling or freezes the UI as it does in 52.

It's possible that it's actually some UXP features that are causing that in 52 and porting them to 55 will carry over the same problems. Hope not because then I'd have to stay on an older version. One way to find out is to run a Firefox 52ESR profile to see how it performs then I'll know if it's UXP features or the browser itself.

Update: FWIW I've been running a copied 52UXP profile using Firefox 52.9.0 and have  been surfing Twitter and other sites like Hotmail that I'm having problems with in 52UXP with no loss of browser performance. There's something specific to UXP as well as New Moon 27 and 28 that are experiencing similar problems.

Roy should I file a bug with the Pale Moon team?  

 

if you can reproduce this with official builds on supported OS, you should file a bug on their side.

[DanR20]

6 hours ago, roytam1 said:

if you can reproduce this with official builds on supported OS, you should file a bug on their side.

It's definitely on their end. I downloaded the latest 32-bit official Pale Moon running on Windows 10 and it's behaving exactly the same as 52 UXP.

The trick is to get on a Twitter page and scroll down a while, the farther you go the worse it gets. Keyboard scrolling on other tabs begins to stick then eventually the whole browser freezes and you have to kill in Task Manager. Another way is to go to an outlook.live.com account and it happens even quicker.

No such loss in browser performance with 45.0, 55.0, or FF 52.9.0. I'll try to file a bug but with Tobin it's doubtful they'll even bother with it.    

[msfntor]

On 12/21/2021 at 2:32 PM, roytam1 said:

should be arcticfox-27.11.0.win32-git-20210130

-so this same build date than my Basilisk/Serpent/Moebius 55 I use...

I've posted April 2 2021, in My Browser Builds (Part 2) this, without have a reply:

Posted April 2
"Hello,
@roytam1, could you review the latest code changes of new latest Basilisk MOEBIUS (Serpent 55) from 20210327, Win32: http://o.rthost.win/basilisk/basilisk55-win32-git-20210327-2b3213dec-xpmod.7z
I find it less responsive (on all websites) than all previous versions of Serpent 55. By measuring the page speed with app.telemetry Page Speed Monitor extension: there is the problem of larger values for App cache, DNS lookup, TCP connection, then onload event (Page fully loaded...) also becomes longer.
Problem (on the last version of Serpent 55 from 20210327): with the last 3 versions of this add-on which are on AMO (17 series...): https://addons.mozilla.org/en-US/firefox/addon/apptelemetry/  - with refresh page, icon blinks twice... once when clicking, and second time when giving the page speed result.

There is no such double flashing with the older version (e.g. 16.1.3.xpi) of this app.telemetry Page Speed Monitor found on web.archive.org: https://web.archive.org/web/20191029181242/https://legacycollector.org/firefox-addons/377584/index.html
Thank you in advance..."

NO reply since...

So I'm stick with Basilisk/Serpent/Moebius 55 build from 20210130.
And now, @roytam1 quotes ArcticFox  build from "20210130" that "the last version of Arcticfox that still has the always-on status bar"

So what is the common denominator for these two browsers, that makes these builds work better than the most recent builds, please? Or rather, what is the common denominator that makes all subsequent builds work worse?

 

[roytam1]

3 hours ago, msfntor said:

what is the common denominator that makes all subsequent builds work worse?

security.

[NotHereToPlayGames]

52 minutes ago, roytam1 said:

security.

"theoritically"...  "red herring"...

[msfntor]

1 hour ago, roytam1 said:

security.

So could you revert this "security" for the next 55 build, to make it work BETTER, please?

[NotHereToPlayGames]

Well, the "security" answer WAS NOT AN ANSWER.  It was a "copout", plain and simple.

I *guarantee* you it will not be "reverted" - because that answer tells us that it's a THOUSAND different "patches" and cannot be tracked down to "a few", so the "security" answer was thrown out willy-nilly.

Security is a RED HERRING.  Tell people that changing a pixel color from white to black and that it was done for "security" and most people will BELIEVE YOU.

Security schmacurity.

 

Don't get me wrong, Roytam is doing it the way the MAJORITY of his followers prefer it, sacrifice PERFORMANCE for the sake of "security".

It is a VALID approach!  I am not trying to undermine that.

 

But I take the opposite approach, I use OLDER versions of Roytam's browsers and prefer PERFORMANCE over "security".

WE ALL HAVE THAT OPTION.  Don't be "fooled" by the claim that newer offers more "security".  Just my two cents.

 

Greatly appreciate Roytam's work.  It's all a matter of personal preference and we can all decide for ourselves if an older version best fits our needs or if a newer version best fits our needs.

[XPerceniol]

For some reason ( I guess updated "security" reasons ) the latest Serpent is slower (for me, at least) so I also use an older version, still.

Serpent 52 Build ID:     20211110012942 Seems to be better in comparison. I didn't scrutinize the changes after that build and don't know exactly what was changed (Updated )

EDIT: You guys have me curious, so I'm going to give 55 another shot and see without these new upcoming changes. Just my spotty recollection, there were no button on videos.

 

Edited December 23, 2021 by XPerceniol

[roytam1]

1 hour ago, NotHereToPlayGames said:

Security is a RED HERRING

but unfortunately we(including me, TFF, MCP, WF, SM, Moz, Google, Apple, etc.) are chasing the same rabbit.

[NotHereToPlayGames]

17 minutes ago, roytam1 said:

but unfortunately we(including me, TFF, MCP, WF, SM, Moz, Google, Apple, etc.) are chasing the same rabbit.

I disagree.  Developers have the intellectual knowledge to know the probability of a "theoretical vulnerability" that will STATISTICALLY NEVER HIT A REAL-LIFE COMPUTER versus applying a patch that 100% STATISTICALLY DEGRADES PERFORMANCE.

And you also know the large number of "patches" that tend to be graphic-based vectors and scalars, really nothing to do with "security".  But that DEGRADE performance.

I no longer follow the patches, but I do know that a very large number have NOTHING to do with "security".  "Stability", perhaps.  But not "security".

 

At any rate, keep up the great work, it may appear that I'm "arguing" but I'm not trying to, just trying to paint the full picture.

[XPerceniol]

16 hours ago, XPerceniol said:

For some reason ( I guess updated "security" reasons ) the latest Serpent is slower (for me, at least) so I also use an older version, still.

Serpent 52 Build ID:     20211110012942 Seems to be better in comparison. I didn't scrutinize the changes after that build and don't know exactly what was changed (Updated )

EDIT: You guys have me curious, so I'm going to give 55 another shot and see without these new upcoming changes. Just my spotty recollection, there were no button on videos.

 

so .. been enjoying the deadly Serpent today and nothing venomous has happened as of yet :o

But, have I (totally) gone bonkers (the emphasis on "totally") is there still google telemetry in this and is this still trying to go through https://disconnect.me/ ?

Apparently, I'll have to dig out my (trusty old) 52.9.1 prefs.js because just glancing at it, its doesn't mach my St52 profile. Did MC not remove all this before it was abandoned?

I goofed up my clipboard this morning when I was dizzy and can't take a screen grab until fix it, but on youtube and other videos, there is no control buttons even with a clean pristine profile.

Or maybe I've started too early on the eggnog ... kidding, of course.

[roytam1]

16 hours ago, msfntor said:

So could you revert this "security" for the next 55 build, to make it work BETTER, please?

since moebius builds in this year are come with new security patches only, so you may just stay on the version you feel better is good to you.

[roytam1]

New NewMoon 27 Build!

32bit https://o.rthost.win/palemoon/palemoon-27.10.0.win32-git-20211225-50c54215f-xpmod.7z
32bit SSE https://o.rthost.win/palemoon/palemoon-27.10.0.win32-git-20211225-50c54215f-xpmod-sse.7z
32bit noSSE https://o.rthost.win/palemoon/palemoon-27.10.0.win32-git-20211225-50c54215f-xpmod-ia32.7z

64bit https://o.rthost.win/palemoon/palemoon-27.10.0.win64-git-20211225-50c54215f-xpmod.7z

source repo: https://github.com/roytam1/palemoon27

repo changes since my last build:
- update NSS builtin certstore to Dec 2021 version from mozilla upstream. (9e2156453)
- import changes from `dev' branch of rmottola/Arctic-Fox:
 - Bug 1159155 - Add telemetry probe for SHA-1 usage (r=keeler) (158224ce1)
 - Bug 1143921 - Fix crash in Debugger.defineProperty when the descriptor contains {get: undefined}. r=efaust. (f786d7133)
 - Bug 1151957 - Rewrite GDB extension for ignoring asm.js segmentation faults in Python, fixing some bugs and bringing it under test. r=jimb. (1665478ff)
 - Bug 1153970 - Change js/src/gdb/run-tests.py to take an OBJDIR argument instead of a LIBDIR argument, since jorendorff can never guess which directory to pass for LIBDIR in fewer than six tries. r=jimb. (3919e23e9)
 - pointer style and missing bit of Bug 1137523 - Unprefix most js_* functions. (538aca92c)
 - Bug 1148750, part 17 - Remove ApplyOrDefaultAttributes. r=efaust. (d368ba23c)
 - Bug 1156386 - UXTH instruction. r=dougc (62522247a)
 - Bug 1122021 - make number_constants internal to js_InitNumberClass; r=jorendorff (1c9a7717a)
 - pointer style (4fc25e5e3)
 - code style (8292f47ee)
 - Bug 1090695 - Reduce indent in Parser<ParseHandler>::expr. r=arai (34ee34f5e)
 - Bug 1191486 - Generators should not have [[Construct]]; r=jorendorff (498d91bcb)
 - Bug 1089045 - Part 1: Supply consistent modifiers to TokenStream. r=Waldo (c9a72d6e4)
 - Bug 1089045 - Part 2: Tests for modifiers. r=Waldo (78e961dec)
 - Bug 1089045 - Part 3: Add parser test for ES6 class. r=Waldo (e521c0821)
 - Bug 1193606 - Clean up LazyFunction case of tryConvertFreeName and remove directlyInEval. (r=bhackett) (fec7726ba)
 - Bug 1185961 - Properly install home object on methods in classes in lazy scripts. (r=shu) (989b62d69)
 - pointer style (1eb70d0a1) (16239dad2)
- import changes from `dev' branch of rmottola/Arctic-Fox:
 - Bug 1170842 - Part 1: Sort out ARB_framebuffer_object symbol queries. r=jgilbert (3cbaf14fc)
 - Bug 1170842 - Part 2: Wrangle glGetInternalformativ symbols. r=jgilbert (f7a0c5cab)
 - Bug 1114333 - "putImageData(imageData, 0, 0, 0, 0, 1, 1) unreasonably slow". r=bas (11043328c)
 - Bug 1177271 - Add WebGLFormat format tables. - r=kamidphish (de39a313f)
 - Bug 1156980 - Validate target in ImageData variants of TexImage2D/TexSubImage2D. r=jgilbert (7f2bdbaa9)
 - Bug 1151930 - Check against updated length while appending. - r=kamidphish (fca204f81)
 - Bug 896693 - Work around glCopyTexImage2D errors on framebuffers backed by IOSurface. r=jgilbert (8aaa916ac)
 - Bug 1182371 - Misc WebGL cleanup. - r=kamidphish (05d1fff1d)
 - Bug 1172992 - Send security info override from HttpChildChannel to the parent, r=jduell (c4480d779)
 - Bug 1194847 - Part 1: Make it possible to tell whether the response of a channel has been synthesized; r=michal (e42b96400)
 - Bug 1194847 - Part 2: Bypass CORS checks if the response of a channel has been synthesized; r=nsm (92b858d00)
 - Bug 1183853 - Rename hasPermission() to permissionState(). r=mt,smaug (797b07991)
 - Bug 1157250. Give PushSubscription an attribute serializer. r=nsm (dd3ee5547)
 - Bug 1149271 - Remove subscriptionid. r=baku (0ecbdbfa6)
 - Bug 1160333 - When denying permission, use the string 'PermissionDeniedError'. r=nsm (0c4628efb)
 - Bug 1170817 - Fix unsubscribe() resolution value. r=dougt (ae7825429)
 - Bug 1172667 - Use EXTRA_JS_MODULES for dom/push/ jsm files. r=dougt (e1fec67a6)
 - Bug 1166350 - Patch 2 - Fix tests. a=bustage (6b72dfc46)
 - Bug 1153504 - Add per-origin push quotas. r=nsm,mt,markh (c9cab6cb5)
 - Bug 1183867 - Fix PushSubscription.unsubscribe() semantics r=mt resolve with false when subscription does not exist. true when successfully unregistered. reject with NetworkError in other cases. (6aa6804eb)
 - BIN vs RESPATH (e2227b64e)
 - Bug 1174420 - Package PushService launcher on B2G r=kitcambridge (b433c4eea)
 - Bug 1184574 - Allow access to PushManager on ServiceWorker. r=kitcambridge,smaug,catalinb (6ceeb49fe)
 - Bug 1170455 - Part 1: Reformat GetVertexAttrib function. r=jgilbert (7795a8d2a)
 - Bug 1170455 - Part 2: Split vertex attribute functions into separate file. r=jgilbert (e18493902)
 - Bug 1170455 - Part 3: Wrangle GetVertexAttribI symbols. r=jgilbert (e088f4e79)
 - Bug 1170455 - Part 4: Track the type of the generic vertex attribute. r=jgilbert (f8cf490aa)
 - Bug 1192071 - use llvm-symbolizer when running jit-tests under TSan; r=mshal (97dc9d659)
 - Bug 1192278 - empower |make check-jit-test| to specify a subset of tests to run; r=terrence (9fe90b546)
 - Bug 1154480 - Make new Uint8Array().set([], -1) throw a RangeError, not merely an Error. r=till (57345e639) (f9c3c72b8)
- import changes from `dev' branch of rmottola/Arctic-Fox:
 - Bug 1183825 - Hide PushMessageData methods until we support sending push data. r=mt,smaug (c07f6b6c9)
 - Bug 1186880 - Performance timing api in workers should output entries if preference is enabled. r=baku (642bd335a)
 - Bug 1188091 - Fix the exposure of Push interfaces; r=dougt,bzbarsky,nsm Currently we don't check the dom.push.enabled pref in some cases for some of these interfaces.  This patch unifies how all of these interfaces are exposed to Window, Worker, and ServiceWorker. (dbe4ebfcc)
 - Bug 1188062 - Unship Request.context; r=baku (6ca2ebcf6)
 - Bug 1162714 - Don't let YCM generate machc. r=ehsan (7c5f36c12)
 - Bug 1160897 - Fixing .ycm_extra_conf for Fennec. r=ehsan (22adf0705)
 - goanna->gecko (94b69bd6c)
 - improve (e87b53162)
 - Bug 1147939 - The expression decompiler can't assume that it's called directly from script. (r=bhackett) (4759a5210)
 - Bug 1188609 - Remove mirroring support from RokuApp (Toolkit) r=snorp (81a0bb66a)
 - Bug 1050749 - Expose BatteryManager via getBattery() returning a Promise. r=bz, r=baku, r=jgraham (67d2dd502)
 - Bug 1182347 - Remove nsIPrincipal::cookieJar. r=sicking (855d0e8ce)
 - remove double method, probably misspach (3c256c5b4)
 - Bug 1182357 - Add an API to mint nsExpandedPrincipals. r=mrbkap (42de17cfd)
 - Bug 1172080 - Part 1: Throw when requesting origin for poorly behaved URIs, r=bholley (c8410f3c6)
 - Bug 1124126 - Retry database connection for the case of corrupted permissions.sqlite. r=bsmedberg (748e9205a) (9e4ed9857)
- partly ported changes from mozilla upstream:
 - Bug 1250048 - CSP manifest-src doesn't override default-src. r=ckerschb,bkelly,ehsan (a80b31406b47) (without dom/fetch)
 - Bug 1355801: Nonce should only apply to script and style. r=dveditz (92676fadb9e2)
 - Bug 1247459 - Meta and header CSP are merged without a semicolon. r=ckerschb (a22e275b759f)
 - Bug 1268327 - ReferrerPolicy should not be delivered through CSPRO r=tnguyen (0bed705c1430)
 - Bug 1296027 - CSP: Include 'Source' within error message when logging to the console. r=freddyb,bgrins (cc2cbca41195) (50c54215f)

[roytam1]

New regular/weekly KM-Goanna release:
https://o.rthost.win/kmeleon/KM76.4.5-Goanna-20211225.7z

Changelog:

Out-of-tree changes:
* update Goanna3 to git 8612ec640...50c54215f:
- update NSS builtin certstore to Dec 2021 version from mozilla upstream. (9e2156453)
- import changes from `dev' branch of rmottola/Arctic-Fox:
 - Bug 1159155 - Add telemetry probe for SHA-1 usage (r=keeler) (158224ce1)
 - Bug 1143921 - Fix crash in Debugger.defineProperty when the descriptor contains {get: undefined}. r=efaust. (f786d7133)
 - Bug 1151957 - Rewrite GDB extension for ignoring asm.js segmentation faults in Python, fixing some bugs and bringing it under test. r=jimb. (1665478ff)
 - Bug 1153970 - Change js/src/gdb/run-tests.py to take an OBJDIR argument instead of a LIBDIR argument, since jorendorff can never guess which directory to pass for LIBDIR in fewer than six tries. r=jimb. (3919e23e9)
 - pointer style and missing bit of Bug 1137523 - Unprefix most js_* functions. (538aca92c)
 - Bug 1148750, part 17 - Remove ApplyOrDefaultAttributes. r=efaust. (d368ba23c)
 - Bug 1156386 - UXTH instruction. r=dougc (62522247a)
 - Bug 1122021 - make number_constants internal to js_InitNumberClass; r=jorendorff (1c9a7717a)
 - pointer style (4fc25e5e3)
 - code style (8292f47ee)
 - Bug 1090695 - Reduce indent in Parser<ParseHandler>::expr. r=arai (34ee34f5e)
 - Bug 1191486 - Generators should not have [[Construct]]; r=jorendorff (498d91bcb)
 - Bug 1089045 - Part 1: Supply consistent modifiers to TokenStream. r=Waldo (c9a72d6e4)
 - Bug 1089045 - Part 2: Tests for modifiers. r=Waldo (78e961dec)
 - Bug 1089045 - Part 3: Add parser test for ES6 class. r=Waldo (e521c0821)
 - Bug 1193606 - Clean up LazyFunction case of tryConvertFreeName and remove directlyInEval. (r=bhackett) (fec7726ba)
 - Bug 1185961 - Properly install home object on methods in classes in lazy scripts. (r=shu) (989b62d69)
 - pointer style (1eb70d0a1) (16239dad2)
- import changes from `dev' branch of rmottola/Arctic-Fox:
 - Bug 1170842 - Part 1: Sort out ARB_framebuffer_object symbol queries. r=jgilbert (3cbaf14fc)
 - Bug 1170842 - Part 2: Wrangle glGetInternalformativ symbols. r=jgilbert (f7a0c5cab)
 - Bug 1114333 - "putImageData(imageData, 0, 0, 0, 0, 1, 1) unreasonably slow". r=bas (11043328c)
 - Bug 1177271 - Add WebGLFormat format tables. - r=kamidphish (de39a313f)
 - Bug 1156980 - Validate target in ImageData variants of TexImage2D/TexSubImage2D. r=jgilbert (7f2bdbaa9)
 - Bug 1151930 - Check against updated length while appending. - r=kamidphish (fca204f81)
 - Bug 896693 - Work around glCopyTexImage2D errors on framebuffers backed by IOSurface. r=jgilbert (8aaa916ac)
 - Bug 1182371 - Misc WebGL cleanup. - r=kamidphish (05d1fff1d)
 - Bug 1172992 - Send security info override from HttpChildChannel to the parent, r=jduell (c4480d779)
 - Bug 1194847 - Part 1: Make it possible to tell whether the response of a channel has been synthesized; r=michal (e42b96400)
 - Bug 1194847 - Part 2: Bypass CORS checks if the response of a channel has been synthesized; r=nsm (92b858d00)
 - Bug 1183853 - Rename hasPermission() to permissionState(). r=mt,smaug (797b07991)
 - Bug 1157250. Give PushSubscription an attribute serializer. r=nsm (dd3ee5547)
 - Bug 1149271 - Remove subscriptionid. r=baku (0ecbdbfa6)
 - Bug 1160333 - When denying permission, use the string 'PermissionDeniedError'. r=nsm (0c4628efb)
 - Bug 1170817 - Fix unsubscribe() resolution value. r=dougt (ae7825429)
 - Bug 1172667 - Use EXTRA_JS_MODULES for dom/push/ jsm files. r=dougt (e1fec67a6)
 - Bug 1166350 - Patch 2 - Fix tests. a=bustage (6b72dfc46)
 - Bug 1153504 - Add per-origin push quotas. r=nsm,mt,markh (c9cab6cb5)
 - Bug 1183867 - Fix PushSubscription.unsubscribe() semantics r=mt resolve with false when subscription does not exist. true when successfully unregistered. reject with NetworkError in other cases. (6aa6804eb)
 - BIN vs RESPATH (e2227b64e)
 - Bug 1174420 - Package PushService launcher on B2G r=kitcambridge (b433c4eea)
 - Bug 1184574 - Allow access to PushManager on ServiceWorker. r=kitcambridge,smaug,catalinb (6ceeb49fe)
 - Bug 1170455 - Part 1: Reformat GetVertexAttrib function. r=jgilbert (7795a8d2a)
 - Bug 1170455 - Part 2: Split vertex attribute functions into separate file. r=jgilbert (e18493902)
 - Bug 1170455 - Part 3: Wrangle GetVertexAttribI symbols. r=jgilbert (e088f4e79)
 - Bug 1170455 - Part 4: Track the type of the generic vertex attribute. r=jgilbert (f8cf490aa)
 - Bug 1192071 - use llvm-symbolizer when running jit-tests under TSan; r=mshal (97dc9d659)
 - Bug 1192278 - empower |make check-jit-test| to specify a subset of tests to run; r=terrence (9fe90b546)
 - Bug 1154480 - Make new Uint8Array().set([], -1) throw a RangeError, not merely an Error. r=till (57345e639) (f9c3c72b8)
- import changes from `dev' branch of rmottola/Arctic-Fox:
 - Bug 1183825 - Hide PushMessageData methods until we support sending push data. r=mt,smaug (c07f6b6c9)
 - Bug 1186880 - Performance timing api in workers should output entries if preference is enabled. r=baku (642bd335a)
 - Bug 1188091 - Fix the exposure of Push interfaces; r=dougt,bzbarsky,nsm Currently we don't check the dom.push.enabled pref in some cases for some of these interfaces.  This patch unifies how all of these interfaces are exposed to Window, Worker, and ServiceWorker. (dbe4ebfcc)
 - Bug 1188062 - Unship Request.context; r=baku (6ca2ebcf6)
 - Bug 1162714 - Don't let YCM generate machc. r=ehsan (7c5f36c12)
 - Bug 1160897 - Fixing .ycm_extra_conf for Fennec. r=ehsan (22adf0705)
 - goanna->gecko (94b69bd6c)
 - improve (e87b53162)
 - Bug 1147939 - The expression decompiler can't assume that it's called directly from script. (r=bhackett) (4759a5210)
 - Bug 1188609 - Remove mirroring support from RokuApp (Toolkit) r=snorp (81a0bb66a)
 - Bug 1050749 - Expose BatteryManager via getBattery() returning a Promise. r=bz, r=baku, r=jgraham (67d2dd502)
 - Bug 1182347 - Remove nsIPrincipal::cookieJar. r=sicking (855d0e8ce)
 - remove double method, probably misspach (3c256c5b4)
 - Bug 1182357 - Add an API to mint nsExpandedPrincipals. r=mrbkap (42de17cfd)
 - Bug 1172080 - Part 1: Throw when requesting origin for poorly behaved URIs, r=bholley (c8410f3c6)
 - Bug 1124126 - Retry database connection for the case of corrupted permissions.sqlite. r=bsmedberg (748e9205a) (9e4ed9857)
- partly ported changes from mozilla upstream:
 - Bug 1250048 - CSP manifest-src doesn't override default-src. r=ckerschb,bkelly,ehsan (a80b31406b47) (without dom/fetch)
 - Bug 1355801: Nonce should only apply to script and style. r=dveditz (92676fadb9e2)
 - Bug 1247459 - Meta and header CSP are merged without a semicolon. r=ckerschb (a22e275b759f)
 - Bug 1268327 - ReferrerPolicy should not be delivered through CSPRO r=tnguyen (0bed705c1430)
 - Bug 1296027 - CSP: Include 'Source' within error message when logging to the console. r=freddyb,bgrins (cc2cbca41195) (50c54215f)

* Notice: the changelog above may not always applicable to XULRunner code which K-Meleon uses.

A goanna3 source tree that has kmeleon adaption patch applied is available here: https://github.com/roytam1/palemoon27/tree/kmeleon76

Edited January 1, 2022 by roytam1