closes #492: rc4 bad, increase throttle, update UAs, reduce font URL overhead, nerdwallet ATSUI font block

browser/components/preferences/in-content/tenfourfox.js

@@ -38,17 +38,25 @@ var gTenFourFoxPane = {
   
   // Find and set the appropriate UA string based on the UA template.
   validUA : {
-      "fx" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Firefox/52.0",
+      "fx" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/60.0",
       "classilla" : "NokiaN90-1/3.0545.5.1 Series60/2.8 Profile/MIDP-2.0 Configuration/CLDC-1.1 (en-US; rv:9.3.3) Clecko/20141026 Classilla/CFM",
       "ie8" : "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)",
-      "android" : "Mozilla/5.0 (Linux; Android 7.1.1; Nexus 5X Build/N4F26O) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.91 Mobile Safari/537.36",
-      "ipad" : "Mozilla/5.0 (iPhone; CPU iPhone OS 10_2_1 like Mac OS X) AppleWebKit/602.4.6 (KHTML, like Gecko) FxiOS/6.1 Mobile/14D27 Safari/602.4.6"
+      "android" : "Mozilla/5.0 (Linux; Android 8.1.0; Pixel XL Build/OPM1.171019.021) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.109 Mobile Safari/537.36",
+      "ipad" : "Mozilla/5.0 (iPhone; CPU iPhone OS 11_2_6 like Mac OS X) AppleWebKit/604.5.6 (KHTML, like Gecko) Version/11.0 Mobile/15D100 Safari/604.1"
   },
   _prefSvc: Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch),
   readUA: function ()
   {
     var pref = document.getElementById("tenfourfox.ua.template");
-    return (this.validUA[pref.value]) ? pref.value : "";
+    if (!pref) return "";
+
+    // Synchronize the pref on entry in case it's stale.
+    pref = pref.value;
+    if (this.validUA[pref]) {
+        this._prefSvc.setCharPref("general.useragent.override", this.validUA[pref]);
+        return pref;
+    }
+    return "";
   },
   writeUA : function()
   {

browser/components/preferences/in-content/tenfourfox.xul

@@ -63,7 +63,7 @@
                 preference="tenfourfox.ua.template">
           <menupopup>
               <menuitem label="&TFFuserAgent.default;" value=""/>
-              <menuitem label="Firefox 52ESR (Intel)" value="fx"/>
+              <menuitem label="Firefox 60ESR (Intel)" value="fx"/>
               <menuitem label="Classilla 9.3.x" value="classilla"/>
               <menuitem label="Internet Explorer 8" value="ie8"/>
               <menuitem label="Android Chrome" value="android"/>

caps/nsScriptSecurityManager.cpp

@@ -714,6 +714,8 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
                 BLOK("coinhive.com") ||
                 BLOK("www.freecontent.stream") ||
                 BLOK("www.freecontent.stream.") ||
+                BLOK("allfontshere.press") || // caused crashes on VCF
+                BLOK("www.allfontshere.press") ||
 
                 // other obnoxious things
                 BLOK("c.amazon-adsystem.com") ||

gfx/thebes/gfxPlatformMac.cpp

@@ -222,21 +222,21 @@ gfxPlatformMac::MakePlatformFont(const nsAString& aFontName,
 
 // Automates a whole buncha boilerplate.
 // Since HTTPS is becoming more common, check that first.
-#define HTTP_OR_HTTPS_SUBDIR(x) \
+#define HTTP_OR_HTTPS_SUBDIR(x, y) \
     { \
-           NS_NAMED_LITERAL_CSTRING(https_, "https://" x); \
-           spec.Left(loc, https_.Length()); \
-           if (loc.Equals(https_)) { \
+      if (hostname.Equals(x)) { \
+           NS_NAMED_LITERAL_CSTRING(https_, "https://" x y); \
+           if (StringBeginsWith(spec, https_)) { \
                failed = true; \
                goto halt_font; \
            } else { \
-               NS_NAMED_LITERAL_CSTRING(http_, "http://" x); \
-               spec.Left(loc, http_.Length()); \
-               if (loc.Equals(http_)) { \
+               NS_NAMED_LITERAL_CSTRING(http_, "http://" x y); \
+               if (StringBeginsWith(spec, http_)) { \
                    failed = true; \
                    goto halt_font; \
                } \
            } \
+      } \
     }
 
 // TenFourFox issue 477: deal with changing infix version URLs, such as latimes.com
@@ -270,27 +270,30 @@ gfxPlatformMac::IsFontFormatSupported(nsIURI *aFontURI, uint32_t aFormatFlags)
 #if DEBUG
                 fprintf(stderr, "Font blacklist checking: %s\n", spec.get());
 #endif
-                // Do left-most URL checks first.
-
-                HTTP_OR_HTTPS_SUBDIR("fonts.gstatic.com/ea/notosansjapanese/v6/NotoSansJP-");
-
-                HTTP_OR_HTTPS_SUBDIR("www.icloud.com/fonts/SFNSText-");
-
-                HTTP_OR_HTTPS_SUBDIR("typeface.nyt.com/fonts/nyt-cheltenham-");
-                HTTP_OR_HTTPS_SUBDIR("typeface.nytimes.com/fonts/nyt-cheltenham-");
-
-                // Don't cut to SF-Pro-; there are some dingbat fonts that DO work.
-                HTTP_OR_HTTPS_SUBDIR("www.apple.com/wss/fonts/SF-Pro-Text/v1/");
-                HTTP_OR_HTTPS_SUBDIR("www.apple.com/wss/fonts/SF-Pro-Display/v1/");
-
-                HTTP_OR_HTTPS_SUBDIR("lib.intuitcdn.net/fonts/AvenirNext/1.0/");
-
-                // Check hostname and subpatterns (TenFourFox issue 477).
+                // Get the hostname to eliminate creating unnecessary test strings.
                 nsAutoCString hostname;
                 if (MOZ_LIKELY(NS_SUCCEEDED(aFontURI->GetHost(hostname)))) {
                     ToLowerCase(hostname);
 
+                    // Start with leftmost, using hostname as a screen (TenFourFox issue 492).
+
+                    HTTP_OR_HTTPS_SUBDIR("fonts.gstatic.com", "/ea/notosansjapanese/v6/NotoSansJP-");
+
+                    HTTP_OR_HTTPS_SUBDIR("www.icloud.com", "/fonts/SFNSText-");
+
+                    HTTP_OR_HTTPS_SUBDIR("typeface.nyt.com", "/fonts/nyt-cheltenham-");
+                    HTTP_OR_HTTPS_SUBDIR("typeface.nytimes.com", "/fonts/nyt-cheltenham-");
+
+                    // Don't cut to SF-Pro-; there are some dingbat fonts that DO work.
+                    HTTP_OR_HTTPS_SUBDIR("www.apple.com", "/wss/fonts/SF-Pro-Text/v1/");
+                    HTTP_OR_HTTPS_SUBDIR("www.apple.com", "/wss/fonts/SF-Pro-Display/v1/");
+
+                    HTTP_OR_HTTPS_SUBDIR("lib.intuitcdn.net", "/fonts/AvenirNext/1.0/");
+
+                    // Check hostname and subpatterns (TenFourFox issue 477).
                     HOST_AND_KEY("www.latimes.com", "/fonts/KisFBDisplay-");
+                    HOST_AND_KEY("www.nerdwallet.com", "Gotham-Book--critical");
+                    HOST_AND_KEY("www.nerdwallet.com", "Gotham-Bold--critical");
                 } else
                     failed = true; // Didn't get hostname, should have.
             } // Must not be HTTP(S). We could catch others below.

layout/base/nsRefreshDriver.cpp

@@ -935,7 +935,7 @@ nsRefreshDriver::GetThrottledTimerInterval()
   if (rate <= 0) {
     rate = DEFAULT_THROTTLED_FRAME_RATE;
   }
-  return 3000.0 / rate;
+  return 10000.0 / rate;
 }
 
 /* static */ mozilla::TimeDuration

netwerk/base/security-prefs.js

@@ -25,13 +25,13 @@ pref("security.ssl3.ecdhe_rsa_aes_256_sha", true);
 pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true);
 pref("security.ssl3.dhe_rsa_aes_128_sha", true);
 pref("security.ssl3.dhe_rsa_aes_256_sha", true);
-pref("security.ssl3.ecdhe_rsa_rc4_128_sha", true);
-pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", true);
+pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false);
+pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false);
 pref("security.ssl3.rsa_aes_128_sha", true);
 pref("security.ssl3.rsa_aes_256_sha", true);
 pref("security.ssl3.rsa_des_ede3_sha", true);
-pref("security.ssl3.rsa_rc4_128_sha", true);
-pref("security.ssl3.rsa_rc4_128_md5", true);
+pref("security.ssl3.rsa_rc4_128_sha", false);
+pref("security.ssl3.rsa_rc4_128_md5", false);
 
 pref("security.default_personal_cert",   "Ask Every Time");
 pref("security.remember_cert_checkbox_default_setting", true);