Your message dated Sun, 06 Aug 2017 00:32:34 +0200
with message-id <>
and subject line Re: Bug#864791: Acknowledgement (firefox-esr: OAtab order 
cannot be changed with TabMixPlus)
has caused the Debian Bug report #864791,
regarding firefox-esr: OAtab order cannot be changed with TabMixPlus
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact

Debian Bug Tracking System
Contact with problems
--- Begin Message ---
Package: firefox-esr
Version: 52.2.0esr-1
Severity: normal


Since the upgrade to 52, the order of tabs cannot be changed anymore
when the TabMixPlus extension is active.

Not sure if this is an issue in FF or TMP, though.


-- Package-specific info:

-- Extensions information
Name: Adblock Plus
Location: /usr/share/xul-ext/adblock-plus
Package: xul-ext-adblock-plus
Status: enabled

Name: Application Update Service Helper
Status: enabled

Name: Certificate Patrol
Location: /usr/share/xul-ext/certificatepatrol
Package: xul-ext-certificatepatrol
Status: user-disabled

Name: Classic Theme Restorer
Location: /usr/share/xul-ext/classic-theme-restorer
Package: xul-ext-classic-theme-restorer
Status: user-disabled

Name: Cookie Monster
Location: /usr/share/xul-ext/cookie-monster
Package: xul-ext-cookie-monster
Status: enabled

Name: Default theme
Package: firefox-esr
Status: enabled

Name: DownThemAll!
Location: /usr/share/xul-ext/downthemall
Package: xul-ext-downthemall
Status: enabled

Name: Firebug
Location: /usr/share/xul-ext/firebug
Package: xul-ext-firebug
Status: user-disabled

Name: FirePath
Location: /usr/share/xul-ext/firexpath
Package: xul-ext-firexpath
Status: enabled

Name: Flashblock
Location: /usr/share/xul-ext/flashblock
Package: xul-ext-flashblock
Status: enabled

Name: FoxyProxy Standard
Location: /usr/share/xul-ext/foxyproxy-standard
Package: xul-ext-foxyproxy-standard
Status: enabled

Name: HTTPS Everywhere
Location: /usr/share/xul-ext/https-everywhere
Package: xul-ext-https-everywhere
Status: enabled

Name: Lightbeam
Location: /usr/share/xul-ext/lightbeam
Package: xul-ext-lightbeam
Status: enabled

Name: Live HTTP headers(Fixed By
Location: /usr/share/xul-ext/livehttpheaders
Package: xul-ext-livehttpheaders
Status: enabled

Name: Multi-process staged rollout
Status: enabled

Name: NoScript
Location: /usr/share/xul-ext/noscript
Package: xul-ext-noscript
Status: enabled

Name: Pocket
Status: enabled

Name: SearchLoad Options
Location: /usr/share/xul-ext/searchload-options
Package: xul-ext-searchload-options
Status: enabled

Name: Status-4-Evar
Location: /usr/share/xul-ext/status4evar
Package: xul-ext-status4evar
Status: enabled

Name: Tab Mix Plus
Location: /usr/share/xul-ext/tabmixplus
Package: xul-ext-tabmixplus
Status: enabled

Name: User Agent Switcher
Location: /usr/share/xul-ext/useragentswitcher
Package: xul-ext-useragentswitcher
Status: enabled

Name: Web Compat
Status: enabled

Name: Web Developer
Location: /usr/share/xul-ext/webdeveloper
Package: xul-ext-webdeveloper
Status: enabled

Name: Y U no validate
Location: /usr/share/xul-ext/y-u-no-validate
Package: xul-ext-y-u-no-validate
Status: enabled

-- Plugins information
Name: Shockwave Flash
Location: /usr/lib/gnash/
Package: browser-plugin-gnash
Status: enabled

-- Addons package information
ii  browser-plugin 0.8.11~git20 amd64        GNU Shockwave Flash (SWF) player 
ii  firefox-esr    52.2.0esr-1  amd64        Mozilla Firefox web browser - Ext
ii  xul-ext-adbloc 2.7.3+dfsg-1 all          advertisement blocking extension 
ii  xul-ext-certif 2.0.14-5     all          Certificate Monitor for Iceweasel
ii  xul-ext-classi 1.5.9-1      all          customize the new Firefox interfa
ii  xul-ext-cookie    all          manage cookies in a whitelist-bas
ii  xul-ext-downth 3.0.7-1      all          Firefox extension with advanced d
ii  xul-ext-firebu 2.0.17-1     all          web development plugin for Firefo
ii  xul-ext-firexp    all          extension for Firebug to edit, in
ii  xul-ext-flashb 1.5.20-2     all          Mozilla extension to block Adobe 
ii  xul-ext-foxypr 4.5.6-debian all          advanced proxy management tool fo
ii  xul-ext-https- 5.2.8-1      all          extension to force the use of HTT
ii  xul-ext-lightb 1.3.1+dfsg-1 all          visualize sites that may be track
ii  xul-ext-liveht 0.17.1-2     all          add information about HTTP header
ii  xul-ext-noscri   all          permissions manager for Firefox
ii  xul-ext-search 0.8.0-3      all          tweak the searchbar's functionali
ii  xul-ext-status 2016.10.11.0 all          Status bar widgets and progress i
ii  xul-ext-tabmix    all          add dozens of new capabilities to
ii  xul-ext-userag 0.7.3-3      all          Firefox addon that allows the use
ii  xul-ext-webdev 1.2.5+repack all          web developer extension
ii  xul-ext-y-u-no 2013052407-3 all          browser extension to make securit

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages firefox-esr depends on:
ii  debianutils     
ii  fontconfig                2.11.0-6.7+b1
ii  libasound2                1.1.3-5
ii  libatk1.0-0               2.22.0-1
ii  libc6                     2.24-11
ii  libcairo-gobject2         1.14.8-1
ii  libcairo2                 1.14.8-1
ii  libdbus-1-3               1.10.18-1
ii  libdbus-glib-1-2          0.108-2
ii  libevent-2.0-5            2.0.21-stable-3
ii  libffi6                   3.2.1-6
ii  libfontconfig1            2.11.0-6.7+b1
ii  libfreetype6              2.6.3-3.2
ii  libgcc1                   1:6.3.0-18
ii  libgdk-pixbuf2.0-0        2.36.5-2
ii  libglib2.0-0              2.50.3-2
ii  libgtk-3-0                3.22.12-1
ii  libgtk2.0-0               2.24.31-2
ii  libhunspell-1.4-0         1.4.1-2+b2
ii  libjsoncpp1               1.7.4-3
ii  libpango-1.0-0            1.40.5-1
ii  libsqlite3-0              3.16.2-5
ii  libstartup-notification0  0.12-4+b2
ii  libstdc++6                6.3.0-18
ii  libvpx4                   1.6.1-3
ii  libx11-6                  2:1.6.4-3
ii  libx11-xcb1               2:1.6.4-3
ii  libxcb-shm0               1.12-1
ii  libxcb1                   1.12-1
ii  libxcomposite1            1:0.4.4-2
ii  libxdamage1               1:1.1.4-2+b3
ii  libxext6                  2:1.3.3-1+b2
ii  libxfixes3                1:5.0.3-1
ii  libxrender1               1:0.9.10-1
ii  libxt6                    1:1.1.5-1
ii  procps                    2:3.3.12-3
ii  zlib1g                    1:1.2.8.dfsg-5

firefox-esr recommends no packages.

Versions of packages firefox-esr suggests:
ii  fonts-lmodern          2.004.5-3
ii  fonts-stix [otf-stix]  1.1.1-4
ii  libcanberra0           0.30-3
ii  libgssapi-krb5-2       1.15-1
pn  mozplugger             <none>

-- Configuration Files:
/etc/firefox-esr/firefox-esr.js changed:
// This is the Debian specific preferences file for Firefox
// You can make any change in here, it is the purpose of this file.
// You can, with this file and all files present in the
// /etc/firefox-esr directory, override any preference you can see in
// about:config.
// Note that lockPref is allowed in these preferences files if you
// don't want users to be able to override some preferences.
// Use LANG environment variable to choose locale
pref("intl.locale.matchOS", true);
// Disable default browser checking.
pref("", false);
// Avoid openh264 being downloaded.
pref("media.gmp-manager.url.override", "data:text/plain,");
// Disable openh264.
pref("media.gmp-gmpopenh264.enabled", false);
// Disable WideVine
pref("media.gmp-widevinecdm.enabled", false);
pref("media.gmp-widevinecdm.visible", false);
// Default to classic view for about:newtab
sticky_pref("browser.newtabpage.enhanced", false);
pref("media.gmp-provider.enabled", false);
pref("media.gmp-manager.certs.1.commonName", "invalid");
pref("media.gmp-manager.certs.2.commonName", "invalid");
pref("media.gmp-manager.url", "https://invalid.localhost/";);
pref("media.gmp-manager.cert.requireBuiltIn", true);
pref("media.fragmented-mp4.gmp.enabled", false);
pref("media.gmp.insecure.allow", false);
pref("media.eme.enabled", false);
pref("media.eme.apiVisible", false);
pref("media.gmp-eme-adobe.enabled", false);
pref("browser.eme.ui.enabled", false);
pref("pdfjs.disabled", true);
pref("security.ssl.require_safe_negotiation", true);
pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
pref("security.tls.unrestricted_rc4_fallback", false);
pref("security.tls.insecure_fallback_hosts", "");
pref("security.tls.insecure_fallback_hosts.use_static_list", false);
pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false);
pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false);
pref("security.ssl3.rsa_rc4_128_md5", false);
pref("security.ssl3.rsa_rc4_128_sha", false);
pref("security.ssl3.rsa_des_ede3_sha", false);
pref("security.OCSP.enabled", 1);
pref("security.OCSP.require", true);
pref("browser.send_pings", false);
pref("browser.send_pings.max_per_link", 0);
pref("browser.send_pings.require_same_host", true);
pref("media.peerconnection.enabled", false);
pref("", false);
pref("media.navigator.enabled", false);
pref("media.navigator.permission.disabled", false);
pref("", false);
pref("media.getusermedia.browser.enabled", false);
pref("media.getusermedia.audiocapture.enabled", false);
pref("media.getusermedia.screensharing.enabled", false);
pref("media.getusermedia.screensharing.allow_on_old_platforms", false);
pref("media.getusermedia.screensharing.allowed_domains", "invalid.localhost");
pref("media.webspeech.recognition.enable", false);
pref("dom.imagecapture.enabled", false);
pref("canvas.capturestream.enabled", false);
pref("loop.enabled", false);
pref("loop.textChat.enabled", false);
pref("offline-apps.allow_by_default", false);
pref("keyword.enabled", false);
//do not guess URIs
//Reason: Privacy, Security
//        Guessing the URI may lead the user to a wrong host, which in turn
//        could have effects on security.
//        For example: Consider a host “software” is available in a safe VPN or
//                     intranet, where people download trusted software. If such
//                     an address is completed to for example “”
//                     because “software” isn’t reachable, it may easily lead
//                     to a wrong and possibly malicious host.
pref("browser.fixup.alternate.enabled", false);
pref("browser.fixup.hide_user_pass", true);
pref("browser.fixup.alternate.suffix", ".invalid");
pref("experiments.enabled", false);
pref("experiments.supported", false);
pref("network.allow-experiments", false);
pref("extensions.getAddons.cache.enabled", false);
pref("security.mixed_content.block_active_content", false);
pref("security.mixed_content.block_display_content", false);
pref("plugins.click_to_play", true);
pref("dom.event.contextmenu.enabled", false);
pref("network.proxy.socks_remote_dns", true);
pref("", false);
pref("extensions.update.enabled", false);
pref("extensions.update.autoUpdateDefault", false);
pref("full-screen-api.allow-trusted-requests-only", true);
//disable “Pocket”
//Reason: Privacy, Security
//        Pocket is an inherent privacy leak, security may be compromised for
//        example by storing sensitive data in Pocket.
//Note: According to some reports, it may be necessary to additionally remove
//      the Pocket icon from Firefox’ toolbars.
pref("browser.pocket.enabled", false);
//disable “Mozilla Pishing And Malware Protection” (which is actually mostly
//“Google Safe Browsing”)
//Reason: Privacy, Security
//        This may send any visited URI (which includes any pre-fetched URIs) as
//        well as meta-data (including hashsums) of any downloaded files to
//        “Mozilla and/or its partners”.
//        The actual security benefit seems to be disputed by many security
//        experts.
//Note: While parts of this is configurable via Firfox’ preferences it seems
//      that this “feature” cannot be fully disabled there.
//Note: Apparently there is/was a feature that just downloaded lists of
//      suspicious sites/files and matched against these (which would be safe),
//      but according two Mozilla’s own documentation this isn’t guaranteed and
//      it actually seems that the options therefore have already changed their
//      semantics over time. Therefore, it is disabled completely.
pref("browser.safebrowsing.enabled", false);
pref("browser.safebrowsing.malware.enabled", false);
pref("browser.safebrowsing.downloads.enabled", false);
pref("browser.safebrowsing.downloads.remote.enabled", false);
pref("browser.safebrowsing.phishing.enabled", false);
//try to render the “Social API” and social network integration disfunctional
//Reason: Privacy, Security
//        It shouldn’t be necessary for social networks to have more
//        functionality and control over the browser than “normal” websites,
//        which makes this quite suspicious from a security and privacy point of
//        view.
//Note: There once seemed to be options to “fully” disable this which where
//      however dropped. This makes the whole “feature” even more suspicious.
pref("social.directories", "https://invalid.localhost/";);
pref("social.whitelist", "https://invalid.localhost/";);
pref("social.shareDirectory", "https://invalid.localhost/";);
pref("social.remote-install.enabled", false);
pref("social.share.activationPanelEnabled", false);
pref("social.toast-notifications.enabled", false);
//disable sensor probing
//Reason: Privacy, Security
//        It's unclear what this actually exactly does as Mozilla doesn’t
//        document it properly.
//        However, no “sensor” (which could perhaps even include microphones or
//        cameras) information should be read out by a browser.
pref("device.sensors.enabled", false);
//disable camera face detection
//Reason: Privacy
//        It may be helpful to find and kill Jason Bourne (if he was using
//        Firefox) but apart from that there is no reason why a browser should
//        ever has access to a camera and thus no reason either why faces should
//        be detected.
pref("camera.control.face_detection.enabled", false);
pref("datareporting.healthreport.service.enabled", false);
pref("datareporting.healthreport.uploadEnabled", false);
pref("datareporting.policy.dataSubmissionEnabled", false);
pref("datareporting.policy.dataSubmissionEnabled.v2", false);
pref("toolkit.telemetry.enabled", false);
pref("toolkit.telemetry.unified", false);
pref("toolkit.telemetry.unifiedIsOptIn", true);
pref("toolkit.telemetry.archive.enabled", false);
pref("toolkit.telemetry.server", "https://invalid.localhost/";);
pref("geo.wifi.logging.enabled", false);
pref("security.ssl.errorReporting.automatic", false);
pref("", "https://invalid.localhost/";);
pref("", "https://invalid.localhost/";);
pref("browser.aboutHomeSnippets.updateUrl", "data:text/html,");
pref("extensions.webservice.discoverURL", "data:text/plain,disabled via the 
option extensions.webservice.discoverURL");
pref("breakpad.reportURL", "https://invalid.localhost/";);
pref("browser.selfsupport.url", "https://invalid.localhost/";);
pref("media.autoplay.enabled", false);
pref("dom.event.clipboardevents.enabled", false);
pref("dom.battery.enabled", false);
//pref("", false);
//pref("", false);
//signon.schemeUpgrades => das ist VERMUTLICH die option die kontrolliert, dass 
ein HTTP Basic Auth password das für eine http url gespeichert wurde auch für 
nen https login benutzt wird... aber evtl können wir das eh "on" lassen, da es 
evtl. gar kein security problem ist
//sollen wir web assembly deaktivieren? Wenn ja sind das vermutlich relevante 
//pref("network.websocket.max-message-size", 1);
//dom.allow_cut_copy  => hidden property, erscheint nicht per default in 
about:config obwohl sie da ist
//*** User Settings                                                          ***
pref("browser.cache.disk.enable", false);
pref("browser.cache.disk_cache_ssl", false);
pref("browser.urlbar.unifiedcomplete", false);
//configureable via Preferences
pref("privacy.donottrackheader.enabled", true);
//*** Interesting                                                            ***
//not needed, because not active due to another setting
//security.ssl.errorReporting.enabled (because of: 
//*** Locked Prefs                                                           ***
// Es gibt wohl nen bug, dass ab dem ersten lock_pref alle anderen gesetzten 
Prefs nicht mehr gelesen werden
lock_pref("app.update.enabled", false);

-- no debconf information

--- End Message ---
--- Begin Message ---
Hey David.

On Sat, 2017-08-05 at 14:11 -0400, David Prévot wrote:
> Can you please confirm if this issue is fixed with the latest version
> ( I was not bitten myself with it and the set of addons
> currently installed on my development box…

Seems that the new version fixes all issues (well except that the FF
windows open always with the size being one vertical half of the screen
and I'm not even sure whether this is TM+ related)... but the tab-
moving works, and the too-large-tabs in the (non ESR) firefox package
also works now.

Thanks for the upload :-)


Attachment: smime.p7s
Description: S/MIME cryptographic signature

--- End Message ---

Reply via email to