Don't let Mozilla recommend extensions again

It seems we need to ramp up our defense against the threat in #22899 (closed) again with ESR 68 as our users are getting shown recommended extensions again.

added TorBrowserTeam201909R actualpoints::0.2 component::applications/tor browser ff68-esr owner::tbb-team points::0.25 priority::medium resolution::fixed severity::normal status::closed tbb-9.0-must-alpha type::defect labels

Trac:
Points: N/A to 0.25

Trac:
Component: - Select a component to Applications/Tor Browser
Owner: N/A to tbb-team

Trac:
Keywords: N/A deleted, ff68-esr added

All new prefs added in FF68

user_pref("extensions.getAddons.discovery.api_url", "");
user_pref("extensions.htmlaboutaddons.discover.enabled", false);
user_pref("extensions.htmlaboutaddons.recommendations.enabled", false);

This disables recommendations in about:addons' Extensions and Themes panes and removes/hides any leftover UI bits and bobs

Thanks. I think extensions.htmlaboutaddons.recommendations.enabled is enough.

extensions.htmlaboutaddons.discover.enabled is used in [https://searchfox.org/mozilla-esr68/source/toolkit/mozapps/extensions/content/extensions.js#854], but the old extensions.getAddons.showPane should cover that.

Patch for review: https://www.github.com/acatarineu/tor-browser/commit/31601.

Trac:
Keywords: TorBrowserTeam201909 deleted, TorBrowserTeam201909R added
Status: new to needs_review

Looks good. Cherry-picked onto tor-browser-68.1.0esr-9.0-2 (commit e489c5048b762b3226db23b6ea9ffc440617615e).

Trac:
Status: needs_review to closed
Resolution: N/A to fixed

Replying to acat:

Thanks. I think extensions.htmlaboutaddons.recommendations.enabled is enough.

Yes. Sorry about that. the .enabled pref wasn't added until after 68.0b9 and I already had the other two pegged (because I'm that efficient!). They are indeed redundant

Trac:
Actualpoints: N/A to 0.2

closed

changed time estimate to 2h

added 1h 36m of time spent

moved to tpo/applications/tor-browser#31601 (closed)