New Update Mullvad Browser - Updates Thread

Mullvad Browser 14.5.4​

All Platforms​

  • Updated Firefox to 128.12.0esr
  • Updated NoScript to 13.0.8
  • Bug 450: Rebase Mullvad Browser stable onto 128.12.0esr [mullvad-browser]
  • Bug 43782: Add new UX flow for changing security level (Desktop) [tor-browser]
  • Bug 43783: Tighten up the SecurityLevel module to enforce new UX flow [tor-browser]
  • Bug 43784: Get confirmation from NoScript that settings are applied [tor-browser]
  • Bug 43911: Backport security fixes from Firefox 140 [tor-browser]

Build System​

All Platforms​

  • Bug 41477: Update keyring/boklm.gpg for new subkeys (2025) [tor-browser-build]
  • Bug 41498: Update keyring/morgan.gpg with updated public key [tor-browser-build]
 

Mullvad Browser 14.5.5​

All Platforms​

  • Updated Firefox to 128.13.0esr
  • Updated uBlock Origin to 1.65.0
  • Bug 453: Rebase Mulvad Browser Stable onto 128.13.0esr [mullvad-browser]
  • Bug 43993: Backport Security Fixes from Firefox 141 [tor-browser]
 

Mullvad Browser 14.5.6​

All Platforms​

  • Updated Firefox to 128.14.0esr
  • Updated NoScript to 13.0.9
  • Bug 459: Rebase Mullvad Browser onto 128.14.0esr [mullvad-browser]
  • Bug 44041: Letterboxing causes greyed out alert background to be mis-aligned [tor-browser]
  • Bug 44048: Backport Bug 1979608 [tor-browser]
  • Bug 44100: Backport Security Fixes from Firefox 142 [tor-browser]

Build System​

All Platforms​

  • Bug 41529: Automate publishing browser release branch and tags to Mullvad repository [tor-browser-build]
 

Mullvad Browser 14.5.7​

All Platforms​

  • Updated uBlock Origin to 1.66.0
  • Bug 44199: Backport Security Fixes from Firefox 143 [tor-browser]
  • Bug 41462: Backport #40994 and #41280: Add support in signing scripts to sign release for some archs only & Update download-android-*.json files for android-only releases [tor-browser-build]
  • Bug 41543: mmdebstrap-image fails to build bookworm images on maint-14.5 [tor-browser-build]

Build System​

Linux​

  • Bug 41560: Backport mullvad-browser#463: Fix typo in MimeType entry in .desktop file included in deb/rpm package [tor-browser-build]
 
Mullvad Browser 14.5.8

All Platforms​

  • Updated NoScript to 13.2.1
  • Updated Mullvad Browser Extension to 0.9.5
  • Updated uBlock Origin to 1.66.4
  • Bug 44239: DDG HTML page and search results displayed incorrectly with Safest security setting [tor-browser]
  • Bug 44240: Typo on dom.security.https_first_add_exception_on_failure [tor-browser]
  • Bug 44244: Backport Security Fixes from Firefox 144 [tor-browser]
 
Mullvad Browser 15.0
  • All Platforms
    • Updated Firefox to 140.4.0esr
    • Updated NoScript to 13.2.2
    • Bug 451: The restart to apply button doesn't work [mullvad-browser]
    • Bug 463: Fix typo in MimeType entry in .desktop file included in deb/rpm package (application/xhtml_xml instead of application/xhtml+xml) [mullvad-browser]
    • Bug 468: Drop the Metager search engine [mullvad-browser]
    • Bug 478: Update to the Mullvad Browser extension to 0.9.5 [mullvad-browser]
    • Bug 19741: Opensearch (contextual search) does not obey FPI [tor-browser]
    • Bug 42738: Tidy up the commit structure for browser updates UI [tor-browser]
    • Bug 43009: Backport Bug 1973265 - Put WebCodecs API behind RFP Target [tor-browser]
    • Bug 43093: Refactor the patch to disable LaterRun [tor-browser]
    • Bug 43111: Delete our webextensions for search engines when Bug 1885953 is fixed upstream [tor-browser]
    • Bug 43525: Check if our search engine customization still works after ESR 140 transition [tor-browser]
    • Bug 43590: Move letterboxing rules out of browser/base/content/browser.css [tor-browser]
    • Bug 43610: Use newer CSS variable names for ESR 140 [tor-browser]
    • Bug 43629: All migrations in migrateUIBB are run for new profiles [tor-browser]
    • Bug 43638: Fix up our <command> elements [tor-browser]
    • Bug 43664: Review Mozilla 1842832: Move the private browsing toggle to initial install dialog [tor-browser]
    • Bug 43728: Update search engine icon sizes [tor-browser]
    • Bug 43745: Disable HEVC (H265) playback support [tor-browser]
    • Bug 43749: Replace the newtab component and addon with our home page [tor-browser]
    • Bug 43770: Bugzilla 1958070: More BrowserGlue simplification/splitting [tor-browser]
    • Bug 43772: Do not use official branding for BB/TB/MB [tor-browser]
    • Bug 43776: Set branding files for l10n merging [tor-browser]
    • Bug 43795: Restore the URL classifier XPCOM components. [tor-browser]
    • Bug 43844: Security level shield icon should be flipped for RTL locales [tor-browser]
    • Bug 43850: Modify the Contrast Control settings for RFP [tor-browser]
    • Bug 43864: Remove features from the unified search button [tor-browser]
    • Bug 43869: Hide pens with RFP [tor-browser]
    • Bug 43874: Incorporate our unified extension button hiding logic into mozilla's changes for ESR 140 [tor-browser]
    • Bug 43886: Fix new tab for ESR 140 [tor-browser]
    • Bug 43900: Open newtab rather than firefoxview when unloading the last tab [tor-browser]
    • Bug 43902: Hide Sidebar buttons [tor-browser]
    • Bug 43903: Report broken site is disabled rather than hidden [tor-browser]
    • Bug 43905: base-browser.ftl missing from about:addons [tor-browser]
    • Bug 43906: Extension.sys.mjs change in the wrong commit [tor-browser]
    • Bug 43913: Context menu not properly populated [tor-browser]
    • Bug 43947: Console error from ContentBlockingPrefs.init [tor-browser]
    • Bug 43966: Notify the user when they are in a custom security level (desktop) [tor-browser]
    • Bug 43989: Switch off AI chatbot preference [tor-browser]
    • Bug 44030: Security Level selector does not get confirmation before restarting [tor-browser]
    • Bug 44034: Update string used for checkbox on New Identity confirmation dialog [tor-browser]
    • Bug 44040: Modify nsIPrompt and the commonDialog code to allow destructive buttons [tor-browser]
    • Bug 44045: Drop AI and machine learning components [tor-browser]
    • Bug 44090: Several of our XUL pages cause a crash because of missing CSP [tor-browser]
    • Bug 44106: Make sure background tasks are not used for shutdown cleanup [tor-browser]
    • Bug 44107: Switch tab search action is missing an icon [tor-browser]
    • Bug 44108: Fix the new history sidebar [tor-browser]
    • Bug 44123: Do not trim protocol off of URLs ever [tor-browser]
    • Bug 44125: Do not offer to save signatures by default in Private Browsing Mode [tor-browser]
    • Bug 44140: Refactored patch to prevent writing temp PDF files to disk [tor-browser]
    • Bug 44141: Hide "Report broken site" items by default [tor-browser]
    • Bug 44142: Missing document_pdf.svg from our branding directories [tor-browser]
    • Bug 44153: Test search engine customization [tor-browser]
    • Bug 44159: Change or hide the sidebar settings description [tor-browser]
    • Bug 44177: Remove more urlbar actions [tor-browser]
    • Bug 44178: Search preservation does not work with duckduckgo in safest security level [tor-browser]
    • Bug 44187: TLS session tickets leak Private Browsing mode [tor-browser]
    • Bug 44213: Reduce linkability concerns of the "Search with" contextual search action [tor-browser]
    • Bug 44214: Update letterboxing to reflect changes in ESR 140 [tor-browser]
    • Bug 44215: Hide Firefox home settings in about: references [tor-browser]
    • Bug 44221: Backport MozBug 1984333 Bump Spoofed Processor Count [tor-browser]
    • Bug 44234: No images in PDF [tor-browser]
    • Bug 44242: Hand over Security Level's WebAssembly controls to NoScript [tor-browser]
    • Bug 44262: Disable adding search engines from HTML forms [tor-browser]
    • Bug 44270: Match Firefox's TLS fingerprint [tor-browser]
    • Bug 44275: Reduce console noise on security level guess [tor-browser]
    • Bug 44279: Disable contextual search install prompt [tor-browser]
  • Windows
    • Bug 440: Make abseil use win32 thread model on mingw [mullvad-browser]
    • Bug 44046: Replace BASE_BROWSER_UPDATE with BASE_BROWSER_VERSION in the font visibility list [tor-browser]
    • Bug 44062: Force touch enabled on Windows and Android [tor-browser]
  • Linux
    • Bug 43950: Review Mozilla 1894818: Support HEVC playback on Linux [tor-browser]
    • Bug 43959: Make Noto Color Emoji the default emoji font on Linux [tor-browser]
    • Bug 44227: Some CJK characters cannot be rendered by Tor which uses the Noto font family [tor-browser]
    • Bug 44286: Hardcode GTK system font [tor-browser]
    • Bug 41586: Replace Noto CJK with Jigmo on Linux [tor-browser-build]

Build System​

  • All Platforms
    • Bug 466: Automate the release process / replace the new build email [mullvad-browser]
    • Bug 43891: Update the translation CI to use the new mozilla versions [tor-browser]
    • Bug 44067: Move --enable-geckodriver only to Linux-only mozconfigs [tor-browser]
    • Bug 44103: git's export-subst is a reproducibility problem [tor-browser]
    • Bug 44104: Don't run linter when there are no overall changes [tor-browser]
    • Bug 26408: Make MAR signature checks clearer when creating incremental MAR files [tor-browser-build]
    • Bug 34434: Remove unused variables from rbm.conf [tor-browser-build]
    • Bug 40697: Delete repackage_browser.sh [tor-browser-build]
    • Bug 40698: Update locale in tbb_version.json [tor-browser-build]
    • Bug 40994: Add support in do-all-signing to sign release for some archs only [tor-browser-build]
    • Bug 41064: Update tools/signing/README and add a tools/signing/machines-setup/README [tor-browser-build]
    • Bug 41227: Update projects/common/list_toolchain_updates-common-firefox-geckoview to include check for binutils [tor-browser-build]
    • Bug 41373: Remove _ALL from mar filenames [tor-browser-build]
    • Bug 41444: Build artifacts to support artifact builds of Tor/Muillvad/Base Browser [tor-browser-build]
    • Bug 41448: Update toolchains for Firefox ESR 140 [tor-browser-build]
    • Bug 41452: Skip update-responses xml files for versions which don't have incrementals [tor-browser-build]
    • Bug 41457: Set mar IDs as env variables in tor-browser-build [tor-browser-build]
    • Bug 41459: Update taskcluster/ci paths in README and comments [tor-browser-build]
    • Bug 41465: Disable development artifacts generation by default, keep it enabled for nightly builds [tor-browser-build]
    • Bug 41478: Add vim and others missing basic tools to base container image [tor-browser-build]
    • Bug 41496: Clean up unused projects [tor-browser-build]
    • Bug 41501: cargo_vendor generated archive maintains timestamps [tor-browser-build]
    • Bug 41517: Add morgan's key to the setup account on the signing machine [tor-browser-build]
    • Bug 41534: Copy geckodriver only for Linux x86-64 [tor-browser-build]
    • Bug 41539: Update Ubuntu version used to run mmdebstrap to 24.04.3 [tor-browser-build]
    • Bug 41568: Update instructions for manually building 7zip [tor-browser-build]
    • Bug 41579: Add zip to the list of Tor Browser Build dependencies [tor-browser-build]
    • Bug 40084: Always use bash for the debug terminal [rbm]
    • Bug 40087: Downloaded files getting stricter permissions than expected [rbm]
  • Windows
    • Bug 44167: Move the nsis-uninstall.patch to tor-browser repository [tor-browser]
  • macOS
    • Bug 41503: Error 403 when downloading macOS SDK [tor-browser-build]
    • Bug 41527: Update libdmg-hfsplus and enable LZMA compression on dmgs [tor-browser-build]
    • Bug 41538: Bump macOS SDK to 15.5 [tor-browser-build]
    • Bug 41571: Work-around to prevent older 7z versions to break rcodesign. [tor-browser-build]
  • Linux
    • Bug 41458: Ship geckodriver only on Linux [tor-browser-build]
    • Bug 41488: Disable sys/random.h for Node.js [tor-browser-build]
    • Bug 41558: Share descriptions between Linux packages and archives [tor-browser-build]
    • Bug 41561: Ship Noto Color Emoji on Linux [tor-browser-build]
    • Bug 41569: Use var/display_name in .desktop files [tor-browser-build]
 
Mullvad Browser 15.0.1
  • All Platforms
    • Updated Firefox to 140.5.0esr
    • Updated NoScript to 13.4
    • Updated uBlock Origin to 1.67.0
    • Bug 484: Rebase Mullvad Browser stable onto 140.5.0esr [mullvad-browser]
    • Bug 487: Search engines are sorted alphabetically rather than the desired order [mullvad-browser]
    • Bug 44275: Reduce console noise on security level guessing [tor-browser]
    • Bug 44310: Default zoom always resets to 100% [tor-browser]
    • Bug 44325: Backport Security Fixes from Firefox 145 [tor-browser]
    • Bug 44333: Add the "No AI" version of DuckDuckGo to available search engines [tor-browser]
  • Linux
    • Bug 44273: Restore Noto CJK as Jigmo has a too low readability [tor-browser]
    • Bug 44315: Font/text issue with self-upgrade window [tor-browser]
 
Mullvad Browser 15.0.2
All Platforms
  • Updated Mullvad Browser Extension to 0.9.6
  • Bug 486: Possible race condition for upgrade message in about:mullvad-browser [mullvad-browser]
  • Bug 488: Remove Leta search engine and migrate users to DuckDuckGo [mullvad-browser]
 
Mullvad Browser 15.0.3
  • All Platforms
    • Updated Firefox to 140.6.0esr
    • Updated NoScript to 13.5.2.1984
    • Updated uBlock Origin to 1.68.0
    • Bug 497: Rebase Mullvad Browser stable onto 140.6.0esr [mullvad-browser]
    • Bug 22974: Self-host NoScript Updates [tor-browser]
    • Bug 44348: Backport Bugzilla 1999126: Protect whether PDF.js is enabled/disabled to improve fingerprinting protection [tor-browser]
    • Bug 44391: Restrictions cascade blocks every capability in subframes (e.g. captchas) [tor-browser]
    • Bug 44409: Backport Security Fixes from Firefox 146 [tor-browser]
    • Bug 44414: Disable Zucchini for the 15.0 series. [tor-browser]

Build System​

  • All Platforms
    • Bug 493: Automatically check whether the signed build is avaliable on dist.torproject.org before notifying Mullvad for QA [mullvad-browser]
    • Bug 41644: Self-hosted browser extensions support in relprep.py [tor-browser-build]
 
Mullvad Browser 15.0.4
  • All Platforms
    • Updated Firefox to 140.7.0esr
    • Updated NoScript to 13.5.7.1984
    • Updated Mullvad Browser Extension to 0.9.7
    • Bug 503: Rebase Mullvad Browser stable onto 140.7.0esr [mullvad-browser]
    • Bug 44433: Weird §:domain.com label in the Blocked Objects window [tor-browser]
    • Bug 44474: Backport Security Fixes from Firefox 147 [tor-browser]
    • Bug 44482: (H1) Script execution in Safest mode via data URI navigation [tor-browser]

Build System​

  • All Platforms
    • Bug 41682: relprep.py should fail when a GitHub release is not found [tor-browser-build]
    • Bug 40090: Make the cleanup faster [rbm]
    • Bug 40095: cached checksums should not be used for input files when refresh_input is enabled [rbm]
 
Mullvad Browser 15.0.6
  • All Platforms
    • Updated Firefox to 140.7.1esr
    • Updated NoScript to 13.5.13.1984
    • Updated uBlock Origin to 1.69.0
    • Bug 508: Rebase Mullvad Browser stable onto 140.7.1esr [mullvad-browser]
    • Bug 44625: metamask.io won't load on Safer security level [tor-browser]
    • Bug 44626: Propagate WASM blocking to workers [tor-browser]

Build System​

  • All Platforms
    • Bug 40338: Running make release multiple times fails [tor-browser-build]
    • Bug 41708: relprep.py fails to update extensions when out/browser does not exist [tor-browser-build]
    • Bug 41720: cp -l in release/build fails when crossing file systems [tor-browser-build]
 
Mullvad Browser 15.0.7
  • All Platforms
    • Updated Firefox to 140.8.0esr
    • Updated NoScript to 13.5.14.1984
    • Bug 509: Rebase Mullvad Browser onto 140.8.0esr [mullvad-browser]
    • Bug 44681: Backport Security Fixes from Firefox 148 [tor-browser]
 
Mullvad Browser 15.0.8
  • All Platforms
    • Updated Firefox to 140.9.0esr
    • Updated NoScript to 13.6.12.1984
    • Updated uBlock Origin to 1.70.0
    • Bug 521: Rebase Mullvad Browser stable onto 140.9.0esr [mullvad-browser]
    • Bug 44663: NoScript behavior on “Safer” security level prevents integrity checks for dynamically loaded javascript [tor-browser]
    • Bug 44680: Properly handle subdocuments created by data: URLs [tor-browser]
    • Bug 44761: Safer Level's worker patching filters out Worker constructor options [tor-browser]
    • Bug 44784: Backport Security Fixes from Firefox 149 [tor-browser]
    • Bug 41738: Allow to specify an unsupportedURL on update responses [tor-browser-build]
  • Linux
    • Bug 44657: Backport tor-browser#44394: Do not read default prefs from /etc/firefox [tor-browser]
 
Mullvad Browser 15.0.9
  • All Platforms
    • Updated Firefox to 140.9.1esr
    • Updated NoScript to 13.6.15.1984
    • Bug 524: Rebase Mullvad Browser stable onto 140.9.1esr [mullvad-browser]

Build System​

  • All Platforms
    • Bug 41758: Rename tools/signing/deploy-legacy to tools/signing/redeploy-update_responses-release [tor-browser-build]
 
Mullvad Browser 15.0.10
  • All Platforms
    • Updated Firefox to 140.10.0esr
    • Updated Mullvad Browser Extension to 0.9.10
    • Bug 525: Rebase Mullvad Browser stable onto 140.10.0esr [mullvad-browser]
    • Bug 44288: New identity fails to block loading a custom home page [tor-browser]
    • Bug 44749: Check search engines parameter replacements [tor-browser]
    • Bug 44859: Backport Bugzilla 1666613: Display XML error pages in the browser directionality while force LTRing the XML code itself, without the use of intl.css [tor-browser]
    • Bug 44863: Backport Security Fixes from Firefox 150 [tor-browser]

Build System​

  • All Platforms
    • Bug 41767: Add jwilde to allowed signer for browser projects [tor-browser-build]
 
Mullvad Browser 15.0.11
All Platforms
  • Updated Firefox to 140.10.1esr
  • Updated NoScript to 13.6.18.1984
  • Bug 529: Rebase Mullvad Browser stable onto 140.10.1esr [mullvad-browser]
 
Mullvad Browser 15.0.12
  • All Platforms
    • Updated Firefox to 140.10.2esr

Build System​

  • All Platforms
    • Bug 41781: Fix clean section in rbm.local.conf.example [tor-browser-build]
 
Mullvad Browser 15.0.14
  • All Platforms
    • Updated Firefox to 140.11.0esr
    • Updated NoScript to 13.6.19.1984
    • Bug 44958: Backport Security Fixes from Firefox 151 [tor-browser]

Build System​

  • All Platforms
    • Bug 41781: Fix clean section in rbm.local.conf.example [tor-browser-build]
 
Mullvad Browser 15.0.16
  • All Platforms
    • Updated Firefox to 140.12.0esr
    • Updated NoScript to 13.6.24.1984
    • Updated uBlock Origin to 1.71.0
    • Bug 553: Rebase Mullvad Browser stable onto 140.12.0esr [mullvad-browser]
    • Bug 45044: NS 13.6.19.902 DocStartInjection regressed [tor-browser]
    • Bug 45054: Backport Security Fixes from Firefox 152 [tor-browser]

Build System​

  • All Platforms
    • Bug 41802: Remove the tor daemon requirement for signing [tor-browser-build]
 
  • Like
Reactions: harlan4096

You may also like...