fidzu : thunderbird

The latest version of PerfCompare is now live!

Check out the change-log below to see the updates:

Highlights

[kala]

• Bug 2032537: Results Page: show count of the improvements and regressions in the subtests per platform

• Bug 2026346: Created cookies to save previous sort and filter selection

• Bug 2026353: Sorting CLES by abs value - 0.5

Other contributions:

[kala]

• Added the optional param enable_silverman_kde to loaders and treeherder logic

[moijes]

• Bug-2022758: Remove redundant Dark fonts

Thank you for the contributions!

Bugs or feature requests can be filed on Bugzilla. The team can also be found on the #perfcompare channel on Element. Come and chat!

1 post - 1 participant

Read full topic

05 May 2026 6:22pm GMT

Bugs resolved in Moz-Phab 2.15.0:

• bug 2033810 Open the browser to the uplift request form on successful moz-phab uplift
• bug 2036007 test_integration_patch.py flaky since v2.14.0
• bug 2036394 moz-phab: circleci => github action
• bug 2036890 Push moz-phab to PyPI using Trusted Publisher workflow

Discuss these changes in #engineering-workflow on Slack or #Conduit Matrix.

1 post - 1 participant

Read full topic

05 May 2026 4:23pm GMT

The open web is a critical platform for applications that handle highly sensitive data, from private communications to financial transactions and medical records. Traditionally, servers are trusted to deliver the appropriate code and resources for their web applications to browsers, who then provide a secure and isolated environment for their execution. In some circumstances, this trust model falls short.

Consider a browser-based messaging application, like Signal or WhatsApp, which uses end-to-end encryption. The browser depends on the server to provide a trustworthy javascript implementation of the app; which ensures the user's messages and cryptographic keys are suitably protected. A malicious or compromised server could selectively serve modified code to some users, undermining their security with little risk of detection. This challenges the basic premise of end-to-end encryption: that a misbehaving server should not be able to compromise user security.

Towards Verifiable Security on the Web

For web applications to be trustworthy in the presence of malicious servers, two properties are essential:

• Integrity: The code executed by the user matches what the developer committed to in a manifest.
• Transparency: These manifests are publicly logged and can be independently audited.

Web Application Integrity, Consistency and Transparency (WAICT) brings these properties to the web platform.

WAICT allows websites to cryptographically bind their client-side code to a manifest and commit that manifest to a publicly auditable log. Sites which need this stronger trust model can then opt in to WAICT enforcement. If an opted-in site delivers code that has not been publicly logged, the browser rejects it and attacks that were previously invisible become observable and attributable. This ensures that the code delivered to user's machines is consistent with the publicly available code which security researchers can inspect.

Bringing Integrity and Transparency to the Open Web

We are collaborating with partners across the ecosystem - including Cloudflare, the Freedom of the Press Foundation and Meta - to ensure the deployment model is practical, secure, and as simple as possible. You can learn more about WAICT in our joint talk at Real World Cryptography 2026.

An early prototype of WAICT is available behind a pref in Firefox Nightly to help validate the approach in real-world scenarios. You can test drive the prototype on https://waict.dev/ - including an end-to-end encrypted video calling app secured by WAICT. The implementation is a work in progress, not a finished solution, but it provides a concrete foundation for iteration and standardization. We're developing the specifications in the open and welcome early feedback.

WAICT marks an important step toward making strong, verifiable application security a first-class property of the open web.

With special thanks to Anna Weine, Benjamin Beurdouche, Christoph Kerschbaumer, Dennis Jackson, Frederik Braun, and Tom Schuster.

The post Trustworthy JavaScript for the Open Web appeared first on Mozilla Hacks - the Web developer blog.

05 May 2026 3:49pm GMT