#654: M1746720 M1737816 M1746011 M1739957 M1740985+backbugs M1742421, update HSTS, TLDs

2024-12-27 20:30:39 +00:00 · 2022-02-24 10:06:45 -08:00 · 2022-02-24 10:06:45 -08:00 · 861ae8f628
commit 861ae8f628
parent fd2b82f13a
10 changed files with 1128 additions and 2287 deletions
--- a/dom/events/EventListenerManager.cpp
+++ b/dom/events/EventListenerManager.cpp
@ -24,6 +24,7 @@
 #include "mozilla/dom/Element.h"
 #include "mozilla/dom/Event.h"
 #include "mozilla/dom/EventTargetBinding.h"
 #include "mozilla/ScopeExit.h"
 #include "mozilla/TimelineConsumers.h"
 #include "mozilla/EventTimelineMarker.h"
@ -712,6 +713,8 @@ EventListenerManager::SetEventHandler(nsIAtom* aName,
                                      bool aPermitUntrustedEvents,
                                      Element* aElement)
 {
  auto removeEventHandler = MakeScopeExit([&] { RemoveEventHandler(aName, EmptyString()); });
  nsCOMPtr<nsIDocument> doc;
  nsCOMPtr<nsIScriptGlobalObject> global =
    GetScriptGlobalAndDocument(getter_AddRefs(doc));
@ -786,6 +789,8 @@ EventListenerManager::SetEventHandler(nsIAtom* aName,
  NS_ENSURE_TRUE(context, NS_ERROR_FAILURE);
  NS_ENSURE_STATE(global->GetGlobalJSObject());
  removeEventHandler.release();
  Listener* listener = SetEventHandlerInternal(aName,
                                               EmptyString(),
                                               TypedEventHandler(),
--- a/dom/media/ADTSDemuxer.cpp
+++ b/dom/media/ADTSDemuxer.cpp
@ -852,8 +852,9 @@ ADTSTrackDemuxer::Read(uint8_t* aBuffer, int64_t aOffset, int32_t aSize)
  const int64_t streamLen = StreamLength();
  if (mInfo && streamLen > 0) {
    int64_t max = streamLen > aOffset ? streamLen - aOffset : 0;
    // Prevent blocking reads after successful initialization.
-    aSize = std::min<int64_t>(aSize, streamLen - aOffset);
+    aSize = std::min<int64_t>(aSize, max);
  }
  uint32_t read = 0;
--- a/dom/media/MP3Demuxer.cpp
+++ b/dom/media/MP3Demuxer.cpp
@ -655,7 +655,8 @@ MP3TrackDemuxer::Read(uint8_t* aBuffer, int64_t aOffset, int32_t aSize) {
  const int64_t streamLen = StreamLength();
  if (mInfo && streamLen > 0) {
    // Prevent blocking reads after successful initialization.
-    aSize = std::min<int64_t>(aSize, streamLen - aOffset);
+    uint64_t max = streamLen > aOffset ? streamLen - aOffset : 0;
    aSize = std::min<int64_t>(aSize, max);
  }
  uint32_t read = 0;
--- a/dom/workers/ScriptLoader.cpp
+++ b/dom/workers/ScriptLoader.cpp
@ -1993,12 +1993,14 @@ void ReportLoadError(JSContext* aCx, nsresult aLoadResult)
    case NS_ERROR_FILE_NOT_FOUND:
    case NS_ERROR_NOT_AVAILABLE:
    case NS_ERROR_CORRUPTED_CONTENT:
      Throw(aCx, NS_ERROR_DOM_NETWORK_ERR);
      break;
    case NS_ERROR_MALFORMED_URI:
      aLoadResult = NS_ERROR_DOM_SYNTAX_ERR;
      // fall through
    case NS_ERROR_DOM_BAD_URI:
    case NS_ERROR_DOM_SECURITY_ERR:
    case NS_ERROR_DOM_SYNTAX_ERR:
      Throw(aCx, aLoadResult);
--- a/dom/xslt/xslt/txMozillaXMLOutput.cpp
+++ b/dom/xslt/xslt/txMozillaXMLOutput.cpp
@ -236,19 +236,6 @@ txMozillaXMLOutput::endDocument(nsresult aResult)
        }
    }
    if (!mRefreshString.IsEmpty()) {
        nsPIDOMWindow *win = mDocument->GetWindow();
        if (win) {
            nsCOMPtr<nsIRefreshURI> refURI =
                do_QueryInterface(win->GetDocShell());
            if (refURI) {
                refURI->SetupRefreshURIFromHeader(mDocument->GetDocBaseURI(),
                                                  mDocument->NodePrincipal(),
                                                  mRefreshString);
            }
        }
    }
    if (mNotifier) {
        mNotifier->OnTransformEnd();
    }
@ -747,30 +734,13 @@ txMozillaXMLOutput::endHTMLElement(nsIContent* aElement)
        return NS_OK;
    }
-    else if (mCreatingNewDocument && aElement->IsHTMLElement(nsGkAtoms::meta)) {
+
        // handle HTTP-EQUIV data
        nsAutoString httpEquiv;
        aElement->GetAttr(kNameSpaceID_None, nsGkAtoms::httpEquiv, httpEquiv);
        if (!httpEquiv.IsEmpty()) {
            nsAutoString value;
            aElement->GetAttr(kNameSpaceID_None, nsGkAtoms::content, value);
            if (!value.IsEmpty()) {
                nsContentUtils::ASCIIToLower(httpEquiv);
                nsCOMPtr<nsIAtom> header = do_GetAtom(httpEquiv);
                processHTTPEquiv(header, value);
            }
        }
    }
    return NS_OK;
 }
 void txMozillaXMLOutput::processHTTPEquiv(nsIAtom* aHeader, const nsString& aValue)
 {
-    // For now we only handle "refresh". There's a longer list in
+    MOZ_CRASH("Don't call processHTTPEquiv, see bug 1746720");
    // HTMLContentSink::ProcessHeaderData
    if (aHeader == nsGkAtoms::refresh)
        LossyCopyUTF16toASCII(aValue, mRefreshString);
 }
 nsresult
--- a/netwerk/dns/effective_tld_names.dat
+++ b/netwerk/dns/effective_tld_names.dat
@ -9,7 +9,7 @@
 // ===BEGIN ICANN DOMAINS===
-// ac : https://en.wikipedia.org/wiki/.ac
+// ac : http://nic.ac/rules.htm
 ac
 com.ac
 edu.ac
@ -865,6 +865,7 @@ gov.cx
 // cy : http://www.nic.cy/
 // Submitted by registry Panayiotou Fotia <cydns@ucy.ac.cy>
 // namespace policies URL https://www.nic.cy/portal//sites/default/files/symfonia_gia_eggrafi.pdf
 cy
 ac.cy
 biz.cy
@ -872,10 +873,9 @@ com.cy
 ekloges.cy
 gov.cy
 ltd.cy
-name.cy
+mil.cy
 net.cy
 org.cy
 parliament.cy
 press.cy
 pro.cy
 tm.cy
@ -1366,7 +1366,7 @@ info
 int
 eu.int
-// io : http://www.nic.io/rules.html
+// io : http://www.nic.io/rules.htm
 // list of other 2nd level tlds ?
 io
 com.io
@ -3765,11 +3765,10 @@ org.kw
 // ky : http://www.icta.ky/da_ky_reg_dom.php
 // Confirmed by registry <kysupport@perimeterusa.com> 2008-06-17
 ky
 edu.ky
 gov.ky
 com.ky
-org.ky
+edu.ky
 net.ky
 org.ky
 // kz : https://en.wikipedia.org/wiki/.kz
 // see also: http://www.nic.kz/rules/index.jsp
@ -6037,7 +6036,7 @@ gov.sg
 edu.sg
 per.sg
-// sh : http://www.nic.sh/registrar.html
+// sh : http://nic.sh/rules.htm
 sh
 com.sh
 net.sh
@ -7132,7 +7131,7 @@ org.zw
 // newGTLDs
-// List of new gTLDs imported from https://www.icann.org/resources/registries/gtlds/v2/gtlds.json on 2021-12-04T15:13:28Z
+// List of new gTLDs imported from https://www.icann.org/resources/registries/gtlds/v2/gtlds.json on 2022-02-18T15:13:38Z
 // This list is auto-generated, don't edit it manually.
 // aaa : 2015-02-26 American Automobile Association, Inc.
 aaa
@ -7527,7 +7526,7 @@ bosch
 // bostik : 2015-05-28 Bostik SA
 bostik
-// boston : 2015-12-10 Boston TLD Management, LLC
+// boston : 2015-12-10 Registry Services, LLC
 boston
 // bot : 2014-12-18 Amazon Registry Services, Inc.
@ -7557,9 +7556,6 @@ brother
 // brussels : 2014-02-06 DNS.be vzw
 brussels
 // budapest : 2013-11-21 Minds + Machines Group Limited
 budapest
 // bugatti : 2015-07-23 Bugatti International SA
 bugatti
@ -7596,7 +7592,7 @@ call
 // calvinklein : 2015-07-30 PVH gTLD Holdings LLC
 calvinklein
-// cam : 2016-04-21 AC Webconnecting Holding B.V.
+// cam : 2016-04-21 Cam Connecting SARL
 cam
 // camera : 2013-08-27 Binky Moon, LLC
@ -7869,9 +7865,6 @@ cruise
 // cruises : 2013-12-05 Binky Moon, LLC
 cruises
 // csc : 2014-09-25 Alliance-One Services, Inc.
 csc
 // cuisinella : 2014-04-03 SCHMIDT GROUPE S.A.S.
 cuisinella
@ -8871,9 +8864,6 @@ live
 // living : 2015-07-30 Lifestyle Domain Holdings, Inc.
 living
 // lixil : 2015-03-19 LIXIL Group Corporation
 lixil
 // llc : 2017-12-14 Afilias Limited
 llc
@ -9012,7 +9002,7 @@ menu
 // merckmsd : 2016-07-14 MSD Registry Holdings, Inc.
 merckmsd
-// miami : 2013-12-19 Minds + Machines Group Limited
+// miami : 2013-12-19 Registry Services, LLC
 miami
 // microsoft : 2014-12-18 Microsoft Corporation
@ -10815,6 +10805,10 @@ myasustor.com
 // Submitted by Sam Smyth <devloop@atlassian.com>
 cdn.prod.atlassian-dev.net
 // Authentick UG (haftungsbeschränkt) : https://authentick.net
 // Submitted by Lukas Reschke <lukas@authentick.net>
 translated.page
 // AVM : https://avm.de
 // Submitted by Andreas Weise <a.weise@avm.de>
 myfritz.net
@ -10868,6 +10862,10 @@ theshop.jp
 shopselect.net
 base.shop
 // Beget Ltd
 // Submitted by Lev Nekrasov <lnekrasov@beget.com>
 *.beget.app
 // BetaInABox
 // Submitted by Adrian <adrian@betainabox.com>
 betainabox.com
@ -11109,6 +11107,10 @@ cloudns.us
 // Submitted by Angelo Gladding <angelo@lahacker.net>
 cnpy.gdn
 // Codeberg e. V. : https://codeberg.org
 // Submitted by Moritz Marquardt <git@momar.de>
 codeberg.page
 // CoDNS B.V.
 co.nl
 co.no
@ -11240,6 +11242,11 @@ dedyn.io
 *.rss.my.id
 *.diher.solutions
 // Discord Inc : https://discord.com
 // Submitted by Sahn Lam <slam@discordapp.com>
 discordsays.com
 discordsez.com
 // DNS Africa Ltd https://dns.business
 // Submitted by Calvin Browne <calvin@dns.business>
 jozi.biz
@ -11964,10 +11971,21 @@ futuremailing.at
 *.kunden.ortsinfo.at
 *.statics.cloud
-// GDS : https://www.gov.uk/service-manual/operations/operating-servicegovuk-subdomains
+// GDS : https://www.gov.uk/service-manual/technology/managing-domain-names
-// Submitted by David Illsley <david.illsley@digital.cabinet-office.gov.uk>
+// Submitted by Stephen Ford <hostmaster@digital.cabinet-office.gov.uk>
 independent-commission.uk
 independent-inquest.uk
 independent-inquiry.uk
 independent-panel.uk
 independent-review.uk
 public-inquiry.uk
 royal-commission.uk
 service.gov.uk
 // CDDO : https://www.gov.uk/guidance/get-an-api-domain-on-govuk
 // Submitted by Jamie Tanna <jamie.tanna@digital.cabinet-office.gov.uk>
 api.gov.uk
 // Gehirn Inc. : https://www.gehirn.co.jp/
 // Submitted by Kohei YOSHIDA <tech@gehirn.co.jp>
 gehirn.ne.jp
@ -12437,6 +12455,10 @@ js.org
 kaas.gg
 khplay.nl
 // Kapsi : https://kapsi.fi
 // Submitted by Tomi Juntunen <erani@kapsi.fi>
 kapsi.fi
 // Keyweb AG : https://www.keyweb.de
 // Submitted by Martin Dannehl <postmaster@keymachine.de>
 keymachine.de
@ -13046,6 +13068,10 @@ pleskns.com
 // Submitted by Maximilian Schieder <maxi@zeug.co>
 dyn53.io
 // Porter : https://porter.run/
 // Submitted by Rudraksh MK <rudi@porter.run>
 onporter.run
 // Positive Codes Technology Company : http://co.bn/faq.html
 // Submitted by Zulfais <pc@co.bn>
 co.bn
@ -13207,6 +13233,10 @@ itcouldbewor.se
 // Submitted by Jennifer Herting <jchits@rit.edu>
 git-pages.rit.edu
 // Rocky Enterprise Software Foundation : https://resf.org
 // Submitted by Neil Hanlon <neil@resf.org>
 rocky.page
 // Rusnames Limited: http://rusnames.ru/
 // Submitted by Sergey Zotov <admin@rusnames.ru>
 биз.рус
@ -13483,6 +13513,10 @@ gdynia.pl
 med.pl
 sopot.pl
 // team.blue https://team.blue
 // Submitted by Cedric Dubois <cedric.dubois@team.blue>
 site.tb-hosting.com
 // Teckids e.V. : https://www.teckids.org
 // Submitted by Dominik George <dominik.george@teckids.org>
 edugit.io
@ -13686,6 +13720,10 @@ me.vu
 // Submitted by Serhii Rostilo <sergey@rostilo.kiev.ua>
 v.ua
 // Vultr Objects : https://www.vultr.com/products/object-storage/
 // Submitted by Niels Maumenee <storage@vultr.com>
 *.vultrobjects.com
 // Waffle Computer Inc., Ltd. : https://docs.waffleinfo.com
 // Submitted by Masayuki Note <masa@blade.wafflecell.com>
 wafflecell.com
@ -13735,6 +13773,10 @@ wmcloud.org
 panel.gg
 daemon.panel.gg
 // Wizard Zines : https://wizardzines.com
 // Submitted by Julia Evans <julia@wizardzines.com>
 messwithdns.com
 // WoltLab GmbH : https://www.woltlab.com
 // Submitted by Tim Düsterhus <security@woltlab.cloud>
 woltlab-demo.com
--- a/security/manager/ssl/StaticHPKPins.h
+++ b/security/manager/ssl/StaticHPKPins.h
@ -1149,4 +1149,4 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
 static const int32_t kUnknownId = -1;
-static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1648464588021000);
+static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1654167021983000);
--- a/security/manager/ssl/nsSTSPreloadList.inc
+++ b/security/manager/ssl/nsSTSPreloadList.inc
--- a/security/pkix/lib/pkixocsp.cpp
+++ b/security/pkix/lib/pkixocsp.cpp
@ -28,14 +28,22 @@
 #include "pkixcheck.h"
 #include "pkixutil.h"
 namespace {
 const size_t SHA1_DIGEST_LENGTH = 160 / 8;
 } // unnamed namespace
 namespace mozilla { namespace pkix {
 inline size_t DigestAlgorithmToSizeInBytes(DigestAlgorithm digestAlgorithm) {
  switch (digestAlgorithm) {
    case DigestAlgorithm::sha1:
      return 160 / 8;
    case DigestAlgorithm::sha256:
      return 256 / 8;
    case DigestAlgorithm::sha384:
      return 384 / 8;
    case DigestAlgorithm::sha512:
      return 512 / 8;
      MOZILLA_PKIX_UNREACHABLE_DEFAULT_ENUM
  }
 }
 // These values correspond to the tag values in the ASN.1 CertStatus
 enum class CertStatus : uint8_t {
  Good = der::CONTEXT_SPECIFIC | 0,
@ -172,10 +180,12 @@ static inline Result CertID(Reader& input,
                            const Context& context,
                            /*out*/ bool& match);
 static Result MatchKeyHash(TrustDomain& trustDomain,
                           DigestAlgorithm hashAlgorithm,
                           Input issuerKeyHash,
                           Input issuerSubjectPublicKeyInfo,
                           /*out*/ bool& match);
 static Result KeyHash(TrustDomain& trustDomain,
                      DigestAlgorithm hashAlgorithm,
                      Input subjectPublicKeyInfo,
                      /*out*/ uint8_t* hashBuf, size_t hashBufSize);
@ -204,7 +214,7 @@ MatchResponderID(TrustDomain& trustDomain,
      if (rv != Success) {
        return rv;
      }
-      return MatchKeyHash(trustDomain, keyHash,
+      return MatchKeyHash(trustDomain, DigestAlgorithm::sha1, keyHash,
                          potentialSignerSubjectPublicKeyInfo, match);
    }
@ -715,36 +725,36 @@ CertID(Reader& input, const Context& context, /*out*/ bool& match)
    return Success;
  }
-  // TODO: support SHA-2 hashes.
+  size_t hashAlgorithmLength = DigestAlgorithmToSizeInBytes(hashAlgorithm);
-
+  if (issuerNameHash.GetLength() != hashAlgorithmLength) {
  if (hashAlgorithm != DigestAlgorithm::sha1) {
    // Again, not interested in this response. Consume input, return success.
    input.SkipToEnd();
    return Success;
  }
  if (issuerNameHash.GetLength() != SHA1_DIGEST_LENGTH) {
    return Result::ERROR_OCSP_MALFORMED_RESPONSE;
  }
  // From http://tools.ietf.org/html/rfc6960#section-4.1.1:
  // "The hash shall be calculated over the DER encoding of the
  // issuer's name field in the certificate being checked."
-  uint8_t hashBuf[SHA1_DIGEST_LENGTH];
+  uint8_t hashBuf[MAX_DIGEST_SIZE_IN_BYTES];
  if (hashAlgorithmLength > sizeof(hashBuf)) {
    return Result::FATAL_ERROR_LIBRARY_FAILURE;
  }
  rv = context.trustDomain.DigestBuf(context.certID.issuer,
-                                     DigestAlgorithm::sha1, hashBuf,
+                                     hashAlgorithm, hashBuf,
-                                     sizeof(hashBuf));
+                                     hashAlgorithmLength);
  if (rv != Success) {
    return rv;
  }
  Input computed;
  rv = computed.Init(hashBuf, hashAlgorithmLength);
  if (rv != Success) {
    return rv;
  }
  Input computed(hashBuf);
  if (!InputsAreEqual(computed, issuerNameHash)) {
    // Again, not interested in this response. Consume input, return success.
    input.SkipToEnd();
    return Success;
  }
-  return MatchKeyHash(context.trustDomain, issuerKeyHash,
+  return MatchKeyHash(context.trustDomain, hashAlgorithm, issuerKeyHash,
                      context.certID.issuerSubjectPublicKeyInfo, match);
 }
@ -758,30 +768,53 @@ CertID(Reader& input, const Context& context, /*out*/ bool& match)
 //                          -- BIT STRING subjectPublicKey [excluding
 //                          -- the tag, length, and number of unused
 //                          -- bits] in the responder's certificate)
 //
 // From https://datatracker.ietf.org/doc/html/rfc6960#section-4.1.1:
 //    CertID          ::=     SEQUENCE {
 //        hashAlgorithm       AlgorithmIdentifier,
 //        issuerNameHash      OCTET STRING, -- Hash of issuer's DN
 //        issuerKeyHash       OCTET STRING, -- Hash of issuer's public key
 //        serialNumber        CertificateSerialNumber }
 // ...
 //    o  hashAlgorithm is the hash algorithm used to generate the
 //       issuerNameHash and issuerKeyHash values.
 // ...
 //    o  issuerKeyHash is the hash of the issuer's public key.  The hash
 //       shall be calculated over the value (excluding tag and length) of
 //       the subject public key field in the issuer's certificate.
 static Result
-MatchKeyHash(TrustDomain& trustDomain, Input keyHash,
+MatchKeyHash(TrustDomain& trustDomain, DigestAlgorithm hashAlgorithm,
-             const Input subjectPublicKeyInfo, /*out*/ bool& match)
+             Input keyHash, const Input subjectPublicKeyInfo,
             /*out*/ bool& match)
 {
-  if (keyHash.GetLength() != SHA1_DIGEST_LENGTH)  {
+  size_t hashLength = DigestAlgorithmToSizeInBytes(hashAlgorithm);
  if (keyHash.GetLength() != hashLength)  {
    return Result::ERROR_OCSP_MALFORMED_RESPONSE;
  }
-  static uint8_t hashBuf[SHA1_DIGEST_LENGTH];
+  static uint8_t hashBuf[MAX_DIGEST_SIZE_IN_BYTES];
-  Result rv = KeyHash(trustDomain, subjectPublicKeyInfo, hashBuf,
+  if (hashLength > MAX_DIGEST_SIZE_IN_BYTES) {
-                      sizeof hashBuf);
+    return Result::FATAL_ERROR_LIBRARY_FAILURE;
  }
  Result rv = KeyHash(trustDomain, hashAlgorithm, subjectPublicKeyInfo,
                      hashBuf, hashLength);
  if (rv != Success) {
    return rv;
  }
  Input computed;
  rv = computed.Init(hashBuf, hashLength);
  if (rv != Success) {
    return rv;
  }
  Input computed(hashBuf);
  match = InputsAreEqual(computed, keyHash);
  return Success;
 }
 // TODO(bug 966856): support SHA-2 hashes
 Result
-KeyHash(TrustDomain& trustDomain, const Input subjectPublicKeyInfo,
+KeyHash(TrustDomain& trustDomain, DigestAlgorithm hashAlgorithm,
-        /*out*/ uint8_t* hashBuf, size_t hashBufSize)
+        const Input subjectPublicKeyInfo, /*out*/ uint8_t* hashBuf,
        size_t hashBufSize)
 {
-  if (!hashBuf || hashBufSize != SHA1_DIGEST_LENGTH) {
+  if (!hashBuf || hashBufSize != DigestAlgorithmToSizeInBytes(hashAlgorithm)) {
    return Result::FATAL_ERROR_LIBRARY_FAILURE;
  }
@ -814,8 +847,8 @@ KeyHash(TrustDomain& trustDomain, const Input subjectPublicKeyInfo,
    return rv;
  }
-  return trustDomain.DigestBuf(subjectPublicKey, DigestAlgorithm::sha1,
+  return trustDomain.DigestBuf(subjectPublicKey, hashAlgorithm, hashBuf,
-                               hashBuf, hashBufSize);
+                               hashBufSize);
 }
 Result
@ -865,8 +898,6 @@ CreateEncodedOCSPRequest(TrustDomain& trustDomain, const struct CertID& certID,
  // and thus more likely to fit within the 255 byte limit for OCSP GET that
  // is specified in RFC 5019 Section 5.
  // Bug 966856: Add the id-pkix-ocsp-pref-sig-algs extension.
  // Since we don't know whether the OCSP responder supports anything other
  // than SHA-1, we have no choice but to use SHA-1 for issuerNameHash and
  // issuerKeyHash.
@ -930,7 +961,8 @@ CreateEncodedOCSPRequest(TrustDomain& trustDomain, const struct CertID& certID,
  // reqCert.issuerKeyHash (OCTET STRING)
  *d++ = 0x04;
  *d++ = hashLen;
-  rv = KeyHash(trustDomain, certID.issuerSubjectPublicKeyInfo, d, hashLen);
+  rv = KeyHash(trustDomain, DigestAlgorithm::sha1,
               certID.issuerSubjectPublicKeyInfo, d, hashLen);
  if (rv != Success) {
    return rv;
  }
--- a/widget/cocoa/nsCocoaWindow.mm
+++ b/widget/cocoa/nsCocoaWindow.mm
@ -1272,6 +1272,8 @@ NS_METHOD nsCocoaWindow::SetSizeMode(nsSizeMode aMode)
      [mWindow deminiaturize:nil];
    else if (previousMode == nsSizeMode_Maximized && [mWindow isZoomed])
      [mWindow zoom:nil];
    else if (previousMode == nsSizeMode_Fullscreen)
      MakeFullScreen(false);
  }
  else if (aMode == nsSizeMode_Minimized) {
    if (![mWindow isMiniaturized])
`@ -1149,4 +1149,4 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {`

	`static const int32_t kUnknownId = -1;`	`static const int32_t kUnknownId = -1;`

	`static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1648464588021000);`	`static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1654167021983000);`