Backport fixes for bug 1552627 and 1549833

Not sure if they are as easily exploitable in Tor Browser as they are in Firefox but we should be better safe here than sorry and backport the pref changes coming with bug 1552627 and 1549833.

added GeorgKoppen201906 TorBrowserTeam201907R component::applications/tor browser owner::tbb-team priority::medium resolution::fixed severity::normal status::closed type::defect labels

Changesets in question are:

https://hg.mozilla.org/mozilla-central/rev/29d9eb1276a7 https://hg.mozilla.org/mozilla-central/rev/6fefc560ddc4 https://hg.mozilla.org/mozilla-central/rev/465fa362c702

bug_30849 (https://gitweb.torproject.org/user/gk/tor-browser.git/log/?h=bug_30849) does contain the last two changes as they are simple preference settings. I am not sure about the first one as it is more a fix to make social engineering harder and it seems to require some work to get it properly applied to esr60...

After revisiting I think we should just go with the two pref flips for now and pick up the other part of the fix once we move to esr68.

Trac:
Keywords: TorBrowserTeam201906 deleted, TorBrowserTeam201907R added
Status: new to needs_review

Looks good to me.

Trac:
Status: needs_review to merge_ready

Replying to acat:

Looks good to me.

Thanks! Cherry-picked to tor-browser-60.7.0esr-9.0-1 (commit 35560e850f9dbf29e18895b3e55ad9b4e684cd24 and 0be8d76933ec1e36553f1bfaffb261169757fa77) and tor-browser-60.7.0esr-8.5-1 (commit e0c4aa5835df2a0ea4c2555872fc467649e2cc49 and cb68eb598242fd211bf032e704069ea453f57c05).

Trac:
Resolution: N/A to fixed
Status: merge_ready to closed

closed

moved to tpo/applications/tor-browser#30849 (closed)