3052 changed files with 64698 additions and 129917 deletions
--- a/icecat/.cargo/config.toml.in
+++ b/icecat/.cargo/config.toml.in
@ -85,9 +85,9 @@ git = "https://github.com/mozilla/audioipc"
 rev = "e6f44a2bd1e57d11dfc737632a9e849077632330"
 replace-with = "vendored-sources"
-[source."git+https://github.com/mozilla/cubeb-coreaudio-rs?rev=bebaa23317332c95734df76e25193c24a83a6840"]
+[source."git+https://github.com/mozilla/cubeb-coreaudio-rs?rev=2407441a2f67341a0e13b4ba6547555e387c671c"]
 git = "https://github.com/mozilla/cubeb-coreaudio-rs"
-rev = "bebaa23317332c95734df76e25193c24a83a6840"
+rev = "2407441a2f67341a0e13b4ba6547555e387c671c"
 replace-with = "vendored-sources"
 [source."git+https://github.com/mozilla/cubeb-pulse-rs?rev=8678dcab1c287de79c4c184ccc2e065bc62b70e2"]
@ -100,9 +100,9 @@ git = "https://github.com/mozilla/midir.git"
 rev = "85156e360a37d851734118104619f86bd18e94c6"
 replace-with = "vendored-sources"
-[source."git+https://github.com/mozilla/mp4parse-rust?rev=25ebfa59a21dc0d223052d73a2fafdd55307c2d7"]
+[source."git+https://github.com/mozilla/mp4parse-rust?rev=e64650a686e5c5732395cd059e17cfd3b1e5b63b"]
 git = "https://github.com/mozilla/mp4parse-rust"
-rev = "25ebfa59a21dc0d223052d73a2fafdd55307c2d7"
+rev = "e64650a686e5c5732395cd059e17cfd3b1e5b63b"
 replace-with = "vendored-sources"
 [source."git+https://github.com/mozilla/neqo?tag=v0.13.4"]
--- a/icecat/.cron.yml
+++ b/icecat/.cron.yml
@ -263,7 +263,8 @@ jobs:
          - mozilla-release
          - mozilla-esr140
      when:
-          - {weekday: 'Monday', hour: 5, minute: 0}
+          - {weekday: 'Monday', hour: 8, minute: 0}
          - {weekday: 'Thursday', hour: 8, minute: 0}
    - name: daily-beta-perf
      job:
--- a/icecat/.gitignore
+++ b/icecat/.gitignore
@ -37,10 +37,6 @@ ID
 # third-party packages is dealt with by the script vendoring them.
 *.egg-info/
 # Ignore pywebsocket3 intermediate files.
 testing/web-platform/tests/tools/third_party/pywebsocket3/pywebsocket3.egg-info
 testing/web-platform/tests/tools/third_party/pywebsocket3/build
 # Vim swap files.
 .*.sw[a-z]
 .sw[a-z]
@ -373,6 +369,3 @@ toolkit/crashreporter/minidump-analyzer/analyzer-test/target/
 # Ignore mozperftest artifacts folder
 /artifacts/
 # Ignore personal preferences files
 CLAUDE.local.md
--- a/icecat/.taskcluster.yml
+++ b/icecat/.taskcluster.yml
@ -101,7 +101,7 @@ tasks:
                                description: 'Created by a [cron task](https://icecat-ci-tc.services.mozilla.com/tasks/${cron.task_id}) (${treeherder_link})'
              provisionerId: "${trustDomain}-${repository.level}"
-              workerType: "decision"
+              workerType: "decision-gcp"
              tags:
                  $if: 'tasks_for == "hg-push"'
--- a/icecat/CLOBBER
+++ b/icecat/CLOBBER
@ -22,4 +22,4 @@
 # changes to stick? As of bug 928195, this shouldn't be necessary! Please
 # don't change CLOBBER for WebIDL changes any more.
-Merge day clobber 2026-03-23
+Merge day clobber 2025-11-10
--- a/icecat/Cargo.lock
+++ b/icecat/Cargo.lock
@ -1086,7 +1086,7 @@ dependencies = [
 [[package]]
 name = "coreaudio-sys-utils"
 version = "0.1.0"
-source = "git+https://github.com/mozilla/cubeb-coreaudio-rs?rev=bebaa23317332c95734df76e25193c24a83a6840#bebaa23317332c95734df76e25193c24a83a6840"
+source = "git+https://github.com/mozilla/cubeb-coreaudio-rs?rev=2407441a2f67341a0e13b4ba6547555e387c671c#2407441a2f67341a0e13b4ba6547555e387c671c"
 dependencies = [
 "core-foundation-sys",
 "coreaudio-sys",
@ -1166,7 +1166,6 @@ dependencies = [
 name = "crash_helper_common"
 version = "0.1.0"
 dependencies = [
 "getrandom 0.3.3",
 "minidump-writer",
 "nix 0.30.1",
 "num-derive",
@ -1398,7 +1397,7 @@ dependencies = [
 [[package]]
 name = "cubeb-coreaudio"
 version = "0.1.0"
-source = "git+https://github.com/mozilla/cubeb-coreaudio-rs?rev=bebaa23317332c95734df76e25193c24a83a6840#bebaa23317332c95734df76e25193c24a83a6840"
+source = "git+https://github.com/mozilla/cubeb-coreaudio-rs?rev=2407441a2f67341a0e13b4ba6547555e387c671c#2407441a2f67341a0e13b4ba6547555e387c671c"
 dependencies = [
 "atomic",
 "audio-mixer",
@ -4607,7 +4606,7 @@ dependencies = [
 [[package]]
 name = "mp4parse"
 version = "0.17.0"
-source = "git+https://github.com/mozilla/mp4parse-rust?rev=25ebfa59a21dc0d223052d73a2fafdd55307c2d7#25ebfa59a21dc0d223052d73a2fafdd55307c2d7"
+source = "git+https://github.com/mozilla/mp4parse-rust?rev=e64650a686e5c5732395cd059e17cfd3b1e5b63b#e64650a686e5c5732395cd059e17cfd3b1e5b63b"
 dependencies = [
 "bitreader",
 "byteorder",
@ -4624,7 +4623,7 @@ version = "0.1.0"
 [[package]]
 name = "mp4parse_capi"
 version = "0.17.0"
-source = "git+https://github.com/mozilla/mp4parse-rust?rev=25ebfa59a21dc0d223052d73a2fafdd55307c2d7#25ebfa59a21dc0d223052d73a2fafdd55307c2d7"
+source = "git+https://github.com/mozilla/mp4parse-rust?rev=e64650a686e5c5732395cd059e17cfd3b1e5b63b#e64650a686e5c5732395cd059e17cfd3b1e5b63b"
 dependencies = [
 "byteorder",
 "fallible_collections",
--- a/icecat/accessible/base/AccIterator.cpp
+++ b/icecat/accessible/base/AccIterator.cpp
@ -23,7 +23,7 @@ using namespace mozilla::a11y;
 // AccIterator
 ////////////////////////////////////////////////////////////////////////////////
-AccIterator::AccIterator(LocalAccessible* aAccessible,
+AccIterator::AccIterator(const LocalAccessible* aAccessible,
                         filters::FilterFuncPtr aFilterFunc)
    : mFilterFunc(aFilterFunc) {
  mState = new IteratorState(aAccessible);
@ -63,7 +63,7 @@ LocalAccessible* AccIterator::Next() {
 ////////////////////////////////////////////////////////////////////////////////
 // nsAccIterator::IteratorState
-AccIterator::IteratorState::IteratorState(LocalAccessible* aParent,
+AccIterator::IteratorState::IteratorState(const LocalAccessible* aParent,
                                          IteratorState* mParentState)
    : mParent(aParent), mIndex(0), mParentState(mParentState) {}
--- a/icecat/accessible/base/AccIterator.h
+++ b/icecat/accessible/base/AccIterator.h
@ -42,7 +42,7 @@ class AccIterable {
 */
 class AccIterator : public AccIterable {
 public:
-  AccIterator(LocalAccessible* aRoot, filters::FilterFuncPtr aFilterFunc);
+  AccIterator(const LocalAccessible* aRoot, filters::FilterFuncPtr aFilterFunc);
  virtual ~AccIterator();
  /**
@ -57,10 +57,10 @@ class AccIterator : public AccIterable {
  AccIterator& operator=(const AccIterator&);
  struct IteratorState {
-    explicit IteratorState(LocalAccessible* aParent,
+    explicit IteratorState(const LocalAccessible* aParent,
                           IteratorState* mParentState = nullptr);
-    RefPtr<LocalAccessible> mParent;
+    const LocalAccessible* mParent;
    int32_t mIndex;
    IteratorState* mParentState;
  };
--- a/icecat/accessible/base/CachedTableAccessible.cpp
+++ b/icecat/accessible/base/CachedTableAccessible.cpp
@ -71,14 +71,10 @@ void CachedTableAccessible::Invalidate(Accessible* aAcc) {
    return;
  }
-  Accessible* table = nsAccUtils::TableFor(aAcc);
+  if (Accessible* table = nsAccUtils::TableFor(aAcc)) {
  while (table && table->IsTable()) {
    // Destroy the instance (if any). We'll create a new one the next time it
-    // is requested. Climb up the heirarcy to invalidate parent tables as well.
+    // is requested.
    sCachedTables->Remove(table);
    // The table may be a direct child of another table, invalidate that one as
    // well.
    table = table->Parent();
  }
 }
--- a/icecat/accessible/base/TextLeafRange.cpp
+++ b/icecat/accessible/base/TextLeafRange.cpp
@ -536,7 +536,7 @@ static dom::Selection* GetDOMSelection(const nsIContent* aStartContent,
  return startFrameSel ? &startFrameSel->NormalSelection() : nullptr;
 }
-std::pair<RefPtr<nsIContent>, uint32_t> TextLeafPoint::ToDOMPoint(
+std::pair<nsIContent*, uint32_t> TextLeafPoint::ToDOMPoint(
    bool aIncludeGenerated) const {
  if (!(*this) || !mAcc->IsLocal()) {
    MOZ_ASSERT_UNREACHABLE("Invalid point");
--- a/icecat/accessible/base/TextLeafRange.h
+++ b/icecat/accessible/base/TextLeafRange.h
@ -188,7 +188,7 @@ class TextLeafPoint final {
  /**
   * Translate given TextLeafPoint into a DOM point.
   */
-  MOZ_CAN_RUN_SCRIPT std::pair<RefPtr<nsIContent>, uint32_t> ToDOMPoint(
+  MOZ_CAN_RUN_SCRIPT std::pair<nsIContent*, uint32_t> ToDOMPoint(
      bool aIncludeGenerated = true) const;
 private:
--- a/icecat/accessible/generic/DocAccessible.cpp
+++ b/icecat/accessible/generic/DocAccessible.cpp
@ -1768,12 +1768,11 @@ void DocAccessible::DoInitialUpdate() {
  }
 #endif
-  // Fire a reorder event on the OuterDocAccessible after the document tree is
+  // Fire reorder event after the document tree is constructed. Note, since
-  // constructed. Note that since this reorder event is processed by the parent
+  // this reorder event is processed by parent document then events targeted to
-  // document, events targeted to this child document may be fired prior to this
+  // this document may be fired prior to this reorder event. If this is
-  // reorder event. We don't fire a reorder event for remote documents; the
+  // a problem then consider to keep event processing per tab document.
-  // parent process handles that.
+  if (!IsRoot()) {
  if (!IPCDoc() && !IsRoot()) {
    RefPtr<AccReorderEvent> reorderEvent = new AccReorderEvent(LocalParent());
    ParentDocument()->FireDelayedEvent(reorderEvent);
  }
--- a/icecat/accessible/generic/HyperTextAccessible.cpp
+++ b/icecat/accessible/generic/HyperTextAccessible.cpp
@ -859,15 +859,16 @@ void HyperTextAccessible::ReplaceText(const nsAString& aText) {
    return;
  }
  RefPtr<EditorBase> editorBase = GetEditor();
  SetSelectionBoundsAt(TextLeafRange::kRemoveAllExistingSelectedRanges, 0,
                       CharacterCount());
-  if (editorBase) {
+  RefPtr<EditorBase> editorBase = GetEditor();
-    DebugOnly<nsresult> rv = editorBase->InsertTextAsAction(aText);
+  if (!editorBase) {
-    NS_WARNING_ASSERTION(NS_SUCCEEDED(rv), "Failed to insert the new text");
+    return;
  }
  DebugOnly<nsresult> rv = editorBase->InsertTextAsAction(aText);
  NS_WARNING_ASSERTION(NS_SUCCEEDED(rv), "Failed to insert the new text");
 }
 void HyperTextAccessible::InsertText(const nsAString& aText,
--- a/icecat/accessible/ipc/DocAccessibleParent.cpp
+++ b/icecat/accessible/ipc/DocAccessibleParent.cpp
@ -50,7 +50,6 @@ DocAccessibleParent::DocAccessibleParent()
      mTopLevel(false),
      mTopLevelInContentProcess(false),
      mShutdown(false),
      mIsInitialTreeDone(false),
      mFocus(0),
      mCaretId(0),
      mCaretOffset(-1),
@ -118,11 +117,6 @@ mozilla::ipc::IPCResult DocAccessibleParent::ProcessShowEvent(
      return IPC_OK();
 #endif
    }
    if (parent->IsOuterDoc()) {
      return IPC_FAIL(this, "Cannot attach non-doc to OuterDoc");
    }
    lastParent = parent;
    lastParentID = accData.ParentID();
@ -151,9 +145,7 @@ mozilla::ipc::IPCResult DocAccessibleParent::ProcessShowEvent(
    // Otherwise, clients might crawl the incomplete subtree and they won't get
    // mutation events for the remaining pieces.
    if (aComplete || root != child) {
-      if (!AttachChild(parent, childIdx, child)) {
+      AttachChild(parent, childIdx, child);
        return IPC_FAIL(this, "failed to attach child");
      }
    }
  }
@ -182,9 +174,7 @@ mozilla::ipc::IPCResult DocAccessibleParent::ProcessShowEvent(
    MOZ_ASSERT(rootParent);
    root = GetAccessible(mPendingShowChild);
    MOZ_ASSERT(root);
-    if (!AttachChild(rootParent, mPendingShowIndex, root)) {
+    AttachChild(rootParent, mPendingShowIndex, root);
      return IPC_FAIL(this, "failed to attach pending show child");
    }
    mPendingShowChild = 0;
    mPendingShowParent = 0;
    mPendingShowIndex = 0;
@ -228,11 +218,6 @@ mozilla::ipc::IPCResult DocAccessibleParent::ProcessShowEvent(
 RemoteAccessible* DocAccessibleParent::CreateAcc(
    const AccessibleData& aAccData) {
  if (aAccData.ID() == 0) {
    MOZ_ASSERT_UNREACHABLE("An ID of 0 is reserved for the document itself");
    return nullptr;
  }
  RemoteAccessible* newProxy;
  if ((newProxy = GetAccessible(aAccData.ID()))) {
    // This is a move. Reuse the Accessible; don't destroy it.
@ -249,11 +234,6 @@ RemoteAccessible* DocAccessibleParent::CreateAcc(
    return nullptr;
  }
  if (aAccData.GenericTypes() & eDocument) {
    MOZ_ASSERT_UNREACHABLE("Invalid acc type");
    return nullptr;
  }
  newProxy = new RemoteAccessible(aAccData.ID(), this, aAccData.Role(),
                                  aAccData.Type(), aAccData.GenericTypes(),
                                  aAccData.RoleMapEntryIndex());
@ -266,20 +246,9 @@ RemoteAccessible* DocAccessibleParent::CreateAcc(
  return newProxy;
 }
-bool DocAccessibleParent::AttachChild(RemoteAccessible* aParent,
+void DocAccessibleParent::AttachChild(RemoteAccessible* aParent,
                                      uint32_t aIndex,
                                      RemoteAccessible* aChild) {
  if (aChild->RemoteParent()) {
    MOZ_ASSERT_UNREACHABLE(
        "Attempt to attach child which already has a parent!");
    return false;
  }
  if (aParent == aChild) {
    MOZ_ASSERT_UNREACHABLE("Attempt to make an accessible its own child!");
    return false;
  }
  aParent->AddChildAt(aIndex, aChild);
  aChild->SetParent(aParent);
  // ProxyCreated might have already been called if aChild is being moved.
@ -300,16 +269,11 @@ bool DocAccessibleParent::AttachChild(RemoteAccessible* aParent,
      }
      MOZ_ASSERT(bridge->GetEmbedderAccessibleDoc() == this);
      if (DocAccessibleParent* childDoc = bridge->GetDocAccessibleParent()) {
        MOZ_DIAGNOSTIC_ASSERT(!childDoc->RemoteParent(),
                              "Pending OOP child doc shouldn't have parent "
                              "once new OuterDoc is attached");
        AddChildDoc(childDoc, aChild->ID(), false);
      }
      return true;
    });
  }
  return true;
 }
 void DocAccessibleParent::ShutdownOrPrepareForMove(RemoteAccessible* aAcc) {
@ -322,10 +286,6 @@ void DocAccessibleParent::ShutdownOrPrepareForMove(RemoteAccessible* aAcc) {
    // the show event. For now, clear all of them by moving them to a temporary.
    auto children{std::move(aAcc->mChildren)};
    for (RemoteAccessible* child : children) {
      if (child == aAcc) {
        MOZ_ASSERT_UNREACHABLE(
            "Somehow an accessible got added as a child of itself!");
      }
      ShutdownOrPrepareForMove(child);
    }
  }
@ -643,18 +603,6 @@ mozilla::ipc::IPCResult DocAccessibleParent::RecvMutationEvents(
 mozilla::ipc::IPCResult DocAccessibleParent::RecvRequestAckMutationEvents() {
  if (!mShutdown) {
    if (!mIsInitialTreeDone) {
      // This is the first request for an ACK, which means we now have the
      // initial tree.
      mIsInitialTreeDone = true;
      // If this document is already bound to its embedder, fire a reorder event
      // to notify the client that the embedded document is available. If not,
      // this will be handled when this document is bound in AddChildDoc.
      if (RemoteAccessible* parent = RemoteParent()) {
        parent->Document()->FireEvent(parent,
                                      nsIAccessibleEvent::EVENT_REORDER);
      }
    }
    Unused << SendAckMutationEvents();
  }
  return IPC_OK();
@ -916,10 +864,7 @@ mozilla::ipc::IPCResult DocAccessibleParent::RecvBindChildDoc(
  MOZ_ASSERT(CheckDocTree());
  auto childDoc = static_cast<DocAccessibleParent*>(aChildDoc.get());
-  if (childDoc->IsShutdown()) {
+  childDoc->Unbind();
    return IPC_FAIL(this, "Attempt to bind a shutdown child doc");
  }
  ipc::IPCResult result = AddChildDoc(childDoc, aID, false);
  MOZ_ASSERT(result);
  MOZ_ASSERT(CheckDocTree());
@ -937,15 +882,6 @@ mozilla::ipc::IPCResult DocAccessibleParent::RecvBindChildDoc(
 ipc::IPCResult DocAccessibleParent::AddChildDoc(DocAccessibleParent* aChildDoc,
                                                uint64_t aParentID,
                                                bool aCreating) {
  if (aChildDoc->RemoteParent()) {
    return IPC_FAIL(this,
                    "Attempt to add child doc which already has a parent");
  }
  if (aChildDoc->IsShutdown()) {
    return IPC_FAIL(this, "Attempt to add a shutdown child doc");
  }
  // We do not use GetAccessible here because we want to be sure to not get the
  // document it self.
  ProxyEntry* e = mAccessibles.GetEntry(aParentID);
@ -994,20 +930,11 @@ ipc::IPCResult DocAccessibleParent::AddChildDoc(DocAccessibleParent* aChildDoc,
      aChildDoc->SetEmulatedWindowHandle(mEmulatedWindowHandle);
    }
 #endif  // defined(XP_WIN)
-  }
+    // We need to fire a reorder event on the outer doc accessible.
-  // We need to fire a reorder event on the embedder. We do this here rather
+    // For same-process documents, this is fired by the content process, but
-  // than in the content process for two reasons:
+    // this isn't possible when the document is in a different process to its
-  // 1. It isn't possible for the content process to fire a reorder event on the
+    // embedder.
-  // embedder when the embedded document is in a different process to its
+    // FireEvent fires both OS and XPCOM events.
  // embedder.
  // 2. Doing it here ensures that the event is fired after the child document
  // is bound. Otherwise, there could be a short period where the content
  // process has fired the reorder event, but the child document isn't bound
  // yet.
  // However, if the initial tree hasn't been received yet, we don't want to
  // fire the reorder event yet. That gets handled in
  // RecvRequestAckMutationEvents.
  if (aChildDoc->mIsInitialTreeDone) {
    FireEvent(outerDoc, nsIAccessibleEvent::EVENT_REORDER);
  }
@ -1048,9 +975,6 @@ void DocAccessibleParent::Destroy() {
  // If we are already shutdown that is because our containing tab parent is
  // shutting down in which case we don't need to do anything.
  if (mShutdown) {
    // Just in case there is a cycle in the document heirarchy.
    mParent = nullptr;
    mIndexInParent = -1;
    return;
  }
@ -1088,8 +1012,6 @@ void DocAccessibleParent::Destroy() {
    RemoteAccessible* acc = iter.Get()->mProxy;
    MOZ_ASSERT(acc != this);
    if (acc->IsTable()) {
      // Prevents the invalidation code from trying to walk up the tree.
      acc->SetParent(nullptr);
      CachedTableAccessible::Invalidate(acc);
    }
    ProxyDestroyed(acc);
@ -1135,9 +1057,6 @@ void DocAccessibleParent::ActorDestroy(ActorDestroyReason aWhy) {
  if (!mShutdown) {
    ACQUIRE_ANDROID_LOCK
    Destroy();
  } else if (RemoteParent()) {
    ACQUIRE_ANDROID_LOCK
    Unbind();
  }
 }
--- a/icecat/accessible/ipc/DocAccessibleParent.h
+++ b/icecat/accessible/ipc/DocAccessibleParent.h
@ -325,14 +325,11 @@ class DocAccessibleParent : public RemoteAccessible,
  };
  RemoteAccessible* CreateAcc(const AccessibleData& aAccData);
-  bool AttachChild(RemoteAccessible* aParent, uint32_t aIndex,
+  void AttachChild(RemoteAccessible* aParent, uint32_t aIndex,
                   RemoteAccessible* aChild);
  [[nodiscard]] bool CheckDocTree() const;
  xpcAccessibleGeneric* GetXPCAccessible(RemoteAccessible* aProxy);
  /**
   * Fire an event to both OS and XPCOM consumers.
   */
  void FireEvent(RemoteAccessible* aAcc, const uint32_t& aType);
  /**
@ -368,10 +365,9 @@ class DocAccessibleParent : public RemoteAccessible,
  uint32_t mPendingShowIndex = 0;
  nsTHashSet<uint64_t> mMovingIDs;
  uint64_t mActorID;
-  bool mTopLevel : 1;
+  bool mTopLevel;
-  bool mTopLevelInContentProcess : 1;
+  bool mTopLevelInContentProcess;
-  bool mShutdown : 1;
+  bool mShutdown;
  bool mIsInitialTreeDone : 1;
  RefPtr<dom::CanonicalBrowsingContext> mBrowsingContext;
  nsTHashSet<RefPtr<dom::BrowserBridgeParent>> mPendingOOPChildDocs;
--- a/icecat/accessible/tests/browser/fission/browser.toml
+++ b/icecat/accessible/tests/browser/fission/browser.toml
@ -11,8 +11,6 @@ support-files = [
 ["browser_hidden_iframe.js"]
 https_first_disabled = true
 ["browser_iframe_recreation.js"]
 ["browser_nested_iframe.js"]
 ["browser_reframe_root.js"]
--- a/icecat/accessible/tests/browser/fission/browser_iframe_recreation.js
+++ b/icecat/accessible/tests/browser/fission/browser_iframe_recreation.js
@ -1,29 +0,0 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 "use strict";
 addAccessibleTask(
  `test`,
  async function testRecreation(browser, iframeDocAcc, topDocAcc) {
    let iframe = findAccessibleChildByID(topDocAcc, DEFAULT_IFRAME_ID);
    is(iframeDocAcc.parent, iframe, "iframe doc's parent is iframe");
    // The ARIA role currently causes re-creation. If that ever changes, we'll
    // need to switch to another technique here.
    info("Change iframe's role to recreate it");
    let shown = waitForEvent(EVENT_SHOW, DEFAULT_IFRAME_ID);
    let reordered = waitForEvent(EVENT_REORDER, DEFAULT_IFRAME_ID);
    await SpecialPowers.spawn(
      topDocAcc.browsingContext,
      [DEFAULT_IFRAME_ID],
      id => {
        content.document.getElementById(id).role = "foo";
      }
    );
    iframe = (await shown).accessible;
    await reordered;
    is(iframeDocAcc.parent, iframe, "iframe doc's parent is iframe");
  },
  { chrome: false, topLevel: false, iframe: true, remoteIframe: true }
 );
--- a/icecat/browser/actors/BlockedSiteChild.sys.mjs
+++ b/icecat/browser/actors/BlockedSiteChild.sys.mjs
@ -16,9 +16,25 @@ function getSiteBlockedErrorDetails(docShell) {
      Ci.nsIClassifiedChannel
    );
    if (classifiedChannel) {
      let httpChannel = docShell.failedChannel.QueryInterface(
        Ci.nsIHttpChannel
      );
      let reportUri = httpChannel.URI;
      // Remove the query to avoid leaking sensitive data
      if (reportUri instanceof Ci.nsIURL) {
        reportUri = reportUri.mutate().setQuery("").finalize();
      }
      let triggeringPrincipal = docShell.failedChannel.loadInfo
        ? docShell.failedChannel.loadInfo.triggeringPrincipal
        : null;
      blockedInfo = {
        list: classifiedChannel.matchedList,
        triggeringPrincipal,
        provider: classifiedChannel.matchedProvider,
        uri: reportUri.asciiSpec,
      };
    }
  }
--- a/icecat/browser/actors/BlockedSiteParent.sys.mjs
+++ b/icecat/browser/actors/BlockedSiteParent.sys.mjs
@ -177,11 +177,8 @@ export class BlockedSiteParent extends EscapablePageParent {
    // site, so that they don't lose track after, e.g., tab switching.
    // We can't use browser.contentPrincipal which is principal of about:blocked
    // Create one from uri with current principal origin attributes
    // Remove the query to avoid leaking sensitive data
    let uri = browsingContext.currentURI.mutate().setQuery("").finalize();
    let principal = Services.scriptSecurityManager.createContentPrincipal(
-      uri,
+      Services.io.newURI(blockedInfo.uri),
      browsingContext.currentWindowGlobal.documentPrincipal.originAttributes
    );
    Services.perms.addFromPrincipal(
@ -209,10 +206,10 @@ export class BlockedSiteParent extends EscapablePageParent {
    let title;
    let chromeWin = browsingContext.topChromeWindow;
    if (reason === "malware") {
-      let reportUrl = lazy.SafeBrowsing.getReportURL("MalwareMistake", {
+      let reportUrl = lazy.SafeBrowsing.getReportURL(
-        ...blockedInfo,
+        "MalwareMistake",
-        uri: uri.asciiSpec,
+        blockedInfo
-      });
+      );
      title = lazy.browserBundle.GetStringFromName(
        "safebrowsing.reportedAttackSite"
      );
@ -236,10 +233,10 @@ export class BlockedSiteParent extends EscapablePageParent {
        };
      }
    } else if (reason === "phishing") {
-      let reportUrl = lazy.SafeBrowsing.getReportURL("PhishMistake", {
+      let reportUrl = lazy.SafeBrowsing.getReportURL(
-        ...blockedInfo,
+        "PhishMistake",
-        uri: uri.asciiSpec,
+        blockedInfo
-      });
+      );
      title = lazy.browserBundle.GetStringFromName(
        "safebrowsing.deceptiveSite"
      );
@ -284,15 +281,16 @@ export class BlockedSiteParent extends EscapablePageParent {
      buttons
    );
    let activeSHEntry = browsingContext.activeSessionHistoryEntry;
    if (!activeSHEntry) {
      console.error("No active session history entry found");
      return;
    }
    // Allow users to override and continue through to the site.
-    browsingContext.loadURI(uri, {
+    // Note that we have to use the passed URI info and can't just
-      triggeringPrincipal: activeSHEntry.triggeringPrincipal,
+    // rely on the document URI, because the latter contains
    // additional query parameters that should be stripped.
    let triggeringPrincipal =
      blockedInfo.triggeringPrincipal ||
      Services.scriptSecurityManager.createNullPrincipal({});
    browsingContext.fixupAndLoadURIString(blockedInfo.uri, {
      triggeringPrincipal,
      loadFlags: Ci.nsIWebNavigation.LOAD_FLAGS_BYPASS_CLASSIFIER,
    });
  }
--- a/icecat/browser/actors/DOMFullscreenParent.sys.mjs
+++ b/icecat/browser/actors/DOMFullscreenParent.sys.mjs
@ -142,7 +142,9 @@ export class DOMFullscreenParent extends JSWindowActorParent {
      case "DOMFullscreen:NewOrigin": {
        // Don't show the warning if we've already exited fullscreen.
        if (window.document.fullscreen) {
-          window.PointerlockFsWarning.showFullScreen(topBrowsingContext);
+          window.PointerlockFsWarning.showFullScreen(
            aMessage.data.originNoSuffix
          );
        }
        this.updateFullscreenWindowReference(window);
        break;
@ -220,7 +222,7 @@ export class DOMFullscreenParent extends JSWindowActorParent {
        if (!this.hasBeenDestroyed() && this.requestOrigin) {
          window.PointerlockFsWarning.showFullScreen(
-            this.requestOrigin.browsingContext
+            this.requestOrigin.manager.documentPrincipal.originNoSuffix
          );
        }
        break;
--- a/icecat/browser/app/winlauncher/LauncherProcessWin.cpp
+++ b/icecat/browser/app/winlauncher/LauncherProcessWin.cpp
@ -11,6 +11,7 @@
 #include "mozilla/Attributes.h"
 #include "mozilla/CmdLineAndEnvUtils.h"
 #include "mozilla/DebugOnly.h"
 #include "mozilla/DynamicallyLinkedFunctionPtr.h"
 #include "mozilla/glue/Debug.h"
 #include "mozilla/GeckoArgs.h"
 #include "mozilla/Maybe.h"
@ -18,14 +19,12 @@
 #include "mozilla/SafeMode.h"
 #include "mozilla/UniquePtr.h"
 #include "mozilla/WindowsConsole.h"
 #include "mozilla/WindowsProcessMitigations.h"
 #include "mozilla/WindowsVersion.h"
 #include "mozilla/WinHeaderOnlyUtils.h"
 #include "nsWindowsHelpers.h"
 #include <windows.h>
 #include <processthreadsapi.h>
 #include <shlwapi.h>
 #include "DllBlocklistInit.h"
 #include "ErrorHandler.h"
@ -112,82 +111,16 @@ static nsReturnRef<HANDLE> CreateJobAndAssignProcess(HANDLE aProcess) {
  return job.out();
 }
-enum class VCRuntimeDLLDir : bool {
+#if !defined( \
-  Application,
+    PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_PREFER_SYSTEM32_ALWAYS_ON)
-  System,
+#  define PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_PREFER_SYSTEM32_ALWAYS_ON \
-};
+    (0x00000001ULL << 60)
-static bool GetMSVCP140VersionInfo(VCRuntimeDLLDir aDir,
+#endif  // !defined(PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_PREFER_SYSTEM32_ALWAYS_ON)
                                   uint64_t& aOutVersion) {
  wchar_t dllPath[MAX_PATH];
  if (aDir == VCRuntimeDLLDir::Application) {
    DWORD size = ::GetModuleFileNameW(nullptr, dllPath, MAX_PATH);
    if (!size ||
        (size == MAX_PATH && ::GetLastError() == ERROR_INSUFFICIENT_BUFFER) ||
        !::PathRemoveFileSpecW(dllPath)) {
      return false;
    }
  } else {
    MOZ_ASSERT(aDir == VCRuntimeDLLDir::System);
    UINT size = ::GetSystemDirectoryW(dllPath, MAX_PATH);
    if (!size || size >= MAX_PATH) {
      return false;
    }
  }
-  if (!::PathAppendW(dllPath, L"msvcp140.dll")) {
+#if !defined(PROCESS_CREATION_MITIGATION_POLICY_CONTROL_FLOW_GUARD_ALWAYS_OFF)
-    return false;
+#  define PROCESS_CREATION_MITIGATION_POLICY_CONTROL_FLOW_GUARD_ALWAYS_OFF \
-  }
+    (0x00000002ULL << 40)
-  HMODULE crt =
+#endif  // !defined(PROCESS_CREATION_MITIGATION_POLICY_CONTROL_FLOW_GUARD_ALWAYS_OFF)
      ::LoadLibraryExW(dllPath, nullptr, LOAD_LIBRARY_AS_IMAGE_RESOURCE);
  if (!crt) {
    return false;
  }
  mozilla::nt::PEHeaders headers{crt};
  bool result = headers.GetVersionInfo(aOutVersion);
  ::FreeLibrary(crt);
  return result;
 }
 /**
 * Choose whether we want to favor loading DLLs from the system directory over
 * the application directory. This choice automatically propagates to all child
 * processes. In particular, it determines whether child processes will load
 * Visual C++ runtime DLLs from the system or the application directory at
 * startup.
 *
 * Whenever possible, we want all processes to favor loading DLLs from the
 * system directory. But if old Visual C++ runtime DLLs are installed
 * system-wide, then we must favor loading from the application directory
 * instead to ensure compatibility, at least during startup. So in this case we
 * only apply the delayed variant of the mitigation and only in sandboxed
 * processes, which is the best compromise (see SandboxBroker::LaunchApp).
 *
 * This function is called from the launcher process *and* the browser process.
 * This is because if the launcher process is disabled, we still want the
 * browser process to go through this code so that it enforces the correct
 * choice for itself and for child processes.
 */
 static void EnablePreferLoadFromSystem32IfCompatible() {
  // We may already have the mitigation if we are the browser process and we
  // inherited it from the launcher process.
  if (!mozilla::IsPreferLoadFromSystem32Available() ||
      mozilla::IsPreferLoadFromSystem32Enabled()) {
    return;
  }
  // Only bail out if (1) there is a conflict because the two DLLs exist *and*
  // (2) the version of the system DLL is problematic.
  uint64_t systemDirVersion = 0, appDirVersion = 0;
  if (GetMSVCP140VersionInfo(VCRuntimeDLLDir::System, systemDirVersion) &&
      GetMSVCP140VersionInfo(VCRuntimeDLLDir::Application, appDirVersion) &&
      systemDirVersion < appDirVersion) {
    return;
  }
  mozilla::DebugOnly<bool> setOk = mozilla::EnablePreferLoadFromSystem32();
  MOZ_ASSERT(setOk);
 }
 /**
 * Any mitigation policies that should be set on the browser process should go
@ -195,11 +128,10 @@ static void EnablePreferLoadFromSystem32IfCompatible() {
 */
 static void SetMitigationPolicies(mozilla::ProcThreadAttributes& aAttrs,
                                  const bool aIsSafeMode) {
-  // Note: Do *not* handle IMAGE_LOAD_PREFER_SYSTEM32_ALWAYS_ON here. For this
+  if (mozilla::IsWin10AnniversaryUpdateOrLater()) {
-  //       mitigation we rely on EnablePreferLoadFromSystem32IfCompatible().
+    aAttrs.AddMitigationPolicy(
-  //       The launcher process or the browser process will choose whether we
+        PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_PREFER_SYSTEM32_ALWAYS_ON);
-  //       want to apply the mitigation or not, and child processes will
+  }
  //       automatically inherit that choice.
 #if defined(_M_ARM64)
  // Disable CFG on older versions of ARM64 Windows to avoid a crash in COM.
@ -354,9 +286,6 @@ Maybe<int> LauncherMain(int& argc, wchar_t* argv[],
    return Nothing();
  }
  // Called from the launcher process *and* the browser process.
  EnablePreferLoadFromSystem32IfCompatible();
 #if defined(MOZ_LAUNCHER_PROCESS)
  LauncherRegistryInfo regInfo;
  Maybe<bool> runAsLauncher = RunAsLauncherProcess(regInfo, argc, argv);
@ -380,6 +309,22 @@ Maybe<int> LauncherMain(int& argc, wchar_t* argv[],
    return Nothing();
  }
  // Make sure that the launcher process itself has image load policies set
  if (IsWin10AnniversaryUpdateOrLater()) {
    static const StaticDynamicallyLinkedFunctionPtr<
        decltype(&SetProcessMitigationPolicy)>
        pSetProcessMitigationPolicy(L"kernel32.dll",
                                    "SetProcessMitigationPolicy");
    if (pSetProcessMitigationPolicy) {
      PROCESS_MITIGATION_IMAGE_LOAD_POLICY imgLoadPol = {};
      imgLoadPol.PreferSystem32Images = 1;
      DebugOnly<BOOL> setOk = pSetProcessMitigationPolicy(
          ProcessImageLoadPolicy, &imgLoadPol, sizeof(imgLoadPol));
      MOZ_ASSERT(setOk);
    }
  }
 #if defined(MOZ_SANDBOX)
  // Ensure the relevant mitigations are enforced.
  mozilla::sandboxing::ApplyParentProcessMitigations();
--- a/icecat/browser/app/winlauncher/moz.build
+++ b/icecat/browser/app/winlauncher/moz.build
@ -24,7 +24,6 @@ OS_LIBS += [
    "oleaut32",
    "ole32",
    "rpcrt4",
    "shlwapi",
    "version",
 ]
--- a/icecat/browser/base/content/browser-fullScreenAndPointerLock.js
+++ b/icecat/browser/base/content/browser-fullScreenAndPointerLock.js
@ -49,16 +49,10 @@ var PointerlockFsWarning = {
    }
  },
-  // Show info that top level has entered fullscreen. Ultimately, it is always
+  showFullScreen(aOrigin) {
  // ancestors who are in control and can with various means make the user believe
  // a site has entered fullscreen while displaying it's own content.
  // We try to make it clear to the user that it's the top level that is actually in fullscreen
  showFullScreen(browsingContext) {
    const origin =
      browsingContext.top.currentWindowGlobal.documentPrincipal.originNoSuffix;
    let timeout = Services.prefs.getIntPref("full-screen-api.warning.timeout");
    let delay = Services.prefs.getIntPref("full-screen-api.warning.delay");
-    this.show(origin, "fullscreen-warning", timeout, delay);
+    this.show(aOrigin, "fullscreen-warning", timeout, delay);
  },
  // Shows a warning that the site has entered fullscreen or
@ -109,9 +103,10 @@ var PointerlockFsWarning = {
    } else {
      textElem.removeAttribute("hidden");
      // Document's principal's URI has a host. Display a warning including it.
-      let displayHost = BrowserUtils.formatURIForDisplay(uri, {
+      let { DownloadUtils } = ChromeUtils.importESModule(
-        onlyBaseDomain: true,
+        "resource://gre/modules/DownloadUtils.sys.mjs"
-      });
+      );
      let displayHost = DownloadUtils.getURIHost(uri.spec)[0];
      let l10nString = {
        "fullscreen-warning": "fullscreen-warning-domain",
        "pointerlock-warning": "pointerlock-warning-domain",
--- a/icecat/browser/base/content/browser.js
+++ b/icecat/browser/base/content/browser.js
@ -2230,7 +2230,7 @@ var XULBrowserWindow = {
    // Ensure we close any remaining open locationspecific panels
    if (!isSameDocument) {
-      closeOpenPanels(":is(panel, menupopup)[locationspecific='true']");
+      closeOpenPanels("panel[locationspecific='true']");
    }
    gPermissionPanel.onLocationChange();
--- a/icecat/browser/base/content/test/fullscreen/browser.toml
+++ b/icecat/browser/base/content/test/fullscreen/browser.toml
@ -60,9 +60,6 @@ skip-if = [
  "os == 'linux' && os_version == '18.04' && processor == 'x86_64' && swgl", # Bug 1949995
 ]
 ["browser_fullscreen_toplevel_warning.js"]
 support-files = ["fullscreen.html"]
 ["browser_fullscreen_warning.js"]
 support-files = ["fullscreen.html"]
 skip-if = [
--- a/icecat/browser/base/content/test/fullscreen/browser_fullscreen_toplevel_warning.js
+++ b/icecat/browser/base/content/test/fullscreen/browser_fullscreen_toplevel_warning.js
@ -1,184 +0,0 @@
 /* Any copyright is dedicated to the Public Domain.
   http://creativecommons.org/publicdomain/zero/1.0/ */
 "use strict";
 const FULLSCREEN_PATH =
  "/browser/browser/base/content/test/fullscreen/fullscreen.html";
 function getWarningDomain(warning) {
  let textElem = warning.querySelector(".pointerlockfswarning-domain-text");
  if (textElem.hidden) {
    return null;
  }
  let args = textElem.getAttribute("data-l10n-args");
  return args ? JSON.parse(args).domain : null;
 }
 async function waitForWarningState(aWarningElement, aExpectedState) {
  await BrowserTestUtils.waitForAttribute(aExpectedState, aWarningElement, "");
 }
 add_setup(async function init() {
  await SpecialPowers.pushPrefEnv({
    set: [
      ["test.wait300msAfterTabSwitch", true],
      ["full-screen-api.enabled", true],
      ["full-screen-api.allow-trusted-requests-only", false],
    ],
  });
 });
 // Bug 2021080 - Verify the fullscreen warning always displays the top-level domain,
 // not the origin of the cross-origin frame that requested fullscreen.
 add_task(async function test_fullscreen_warning_cross_origin_shows_toplevel() {
  await BrowserTestUtils.withNewTab("https://example.com", async browser => {
    let warning = document.getElementById("fullscreen-warning");
    await SpecialPowers.spawn(browser, [FULLSCREEN_PATH], async path => {
      let iframe = content.document.createElement("iframe");
      iframe.allow = "fullscreen";
      iframe.src = `https://example.org${path}`;
      let loaded = new Promise(r =>
        iframe.addEventListener("load", r, { once: true })
      );
      content.document.body.appendChild(iframe);
      await loaded;
    });
    let warningShown = waitForWarningState(warning, "onscreen");
    await SpecialPowers.spawn(browser, [], async () => {
      let frame = content.document.querySelector("iframe");
      frame.focus();
      await SpecialPowers.spawn(frame, [], () => {
        content.document.getElementById("request").click();
      });
    });
    await warningShown;
    let activeOrigin = await SpecialPowers.spawn(browser, [], async () => {
      let frame = content.document.querySelector("iframe");
      return SpecialPowers.spawn(frame, [], () => content.location.hostname);
    });
    is(
      activeOrigin,
      "example.org",
      "Cross-origin frame (example.org) is the active fullscreen document"
    );
    is(
      getWarningDomain(warning),
      "example.com",
      "Warning shows top-level domain, not the active fullscreen frame's domain"
    );
    let warningHidden = waitForWarningState(warning, "hidden");
    let exitPromise = BrowserTestUtils.waitForEvent(
      document,
      "fullscreenchange",
      false,
      () => !document.fullscreenElement
    );
    document.getElementById("fullscreen-exit-button").click();
    await Promise.all([exitPromise, warningHidden]);
  });
 });
 // Bug 2021080 - Verify the fullscreen warning shows the top-level domain when each
 // of three nested cross-origin frames (top, middle, inner) requests fullscreen.
 add_task(async function test_fullscreen_warning_three_nested_origins() {
  await BrowserTestUtils.withNewTab("https://example.com", async browser => {
    let warning = document.getElementById("fullscreen-warning");
    // Build a 3-level nested structure:
    // example.com (div > iframe[example.org (div > iframe[example.net])])
    await SpecialPowers.spawn(browser, [FULLSCREEN_PATH], async path => {
      let topDiv = content.document.createElement("div");
      content.document.body.appendChild(topDiv);
      let middleFrame = content.document.createElement("iframe");
      middleFrame.allow = "fullscreen";
      middleFrame.src = `https://example.org${path}`;
      let loaded = new Promise(r =>
        middleFrame.addEventListener("load", r, { once: true })
      );
      topDiv.appendChild(middleFrame);
      await loaded;
      await SpecialPowers.spawn(middleFrame, [path], async innerPath => {
        let middleDiv = content.document.createElement("div");
        content.document.body.appendChild(middleDiv);
        let innerFrame = content.document.createElement("iframe");
        innerFrame.allow = "fullscreen";
        innerFrame.src = `https://example.net${innerPath}`;
        let innerLoaded = new Promise(r =>
          innerFrame.addEventListener("load", r, { once: true })
        );
        middleDiv.appendChild(innerFrame);
        await innerLoaded;
      });
    });
    async function exitFullscreen() {
      let warningHidden = waitForWarningState(warning, "hidden");
      let exitPromise = BrowserTestUtils.waitForEvent(
        document,
        "fullscreenchange",
        false,
        () => !document.fullscreenElement
      );
      document.getElementById("fullscreen-exit-button").click();
      await Promise.all([exitPromise, warningHidden]);
    }
    // Step 1: Top-level (example.com) requests fullscreen on its div.
    let warningShown = waitForWarningState(warning, "onscreen");
    await SpecialPowers.spawn(browser, [], () => {
      content.document.querySelector("div").requestFullscreen();
    });
    await warningShown;
    is(
      getWarningDomain(warning),
      "example.com",
      "Top-level fullscreen: warning shows top-level domain"
    );
    await exitFullscreen();
    // Step 2: Middle frame (example.org) requests fullscreen on its div.
    warningShown = waitForWarningState(warning, "onscreen");
    await SpecialPowers.spawn(browser, [], async () => {
      let middleFrame = content.document.querySelector("iframe");
      middleFrame.focus();
      await SpecialPowers.spawn(middleFrame, [], () => {
        content.document.querySelector("div").requestFullscreen();
      });
    });
    await warningShown;
    is(
      getWarningDomain(warning),
      "example.com",
      "Middle frame fullscreen: warning shows top-level domain"
    );
    await exitFullscreen();
    // Step 3: Inner frame (example.net) requests fullscreen on an element.
    warningShown = waitForWarningState(warning, "onscreen");
    await SpecialPowers.spawn(browser, [], async () => {
      let middleFrame = content.document.querySelector("iframe");
      await SpecialPowers.spawn(middleFrame, [], async () => {
        let innerFrame = content.document.querySelector("iframe");
        innerFrame.focus();
        await SpecialPowers.spawn(innerFrame, [], () => {
          content.document.getElementById("request").click();
        });
      });
    });
    await warningShown;
    is(
      getWarningDomain(warning),
      "example.com",
      "Inner frame fullscreen: warning shows top-level domain"
    );
    await exitFullscreen();
  });
 });
--- a/icecat/browser/components/DesktopActorRegistry.sys.mjs
+++ b/icecat/browser/components/DesktopActorRegistry.sys.mjs
@ -127,9 +127,6 @@ let JSWINDOWACTORS = {
      },
    },
    matches: ["about:messagepreview", "about:messagepreview?*"],
    remoteTypes: ["privilegedabout"],
    enablePreference:
      "browser.newtabpage.activity-stream.asrouter.devtoolsEnabled",
  },
  AboutPocket: {
--- a/icecat/browser/components/about/AboutRedirector.cpp
+++ b/icecat/browser/components/about/AboutRedirector.cpp
@ -110,7 +110,6 @@ static const RedirEntry kRedirMap[] = {
    {"messagepreview",
     "chrome://browser/content/messagepreview/messagepreview.html",
     nsIAboutModule::URI_MUST_LOAD_IN_CHILD |
         nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS |
         nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
         nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT},
    {"pocket-saved", "chrome://pocket/content/panels/saved.html",
--- a/icecat/browser/components/asrouter/modules/ASRouterTargeting.sys.mjs
+++ b/icecat/browser/components/asrouter/modules/ASRouterTargeting.sys.mjs
@ -551,8 +551,11 @@ async function getAutofillRecords(data) {
    // JSActors, but that would import a lot of code for a targeting attribute.
    return 0;
  }
-  let records = await actor?.getRecords(data);
+  let records = await actor?.receiveMessage({
-  return records?.length ?? 0;
+    name: "FormAutofill:GetRecords",
    data,
  });
  return records?.records?.length ?? 0;
 }
 // Attribution data can be encoded multiple times so we need this function to
--- a/icecat/browser/components/asrouter/tests/browser/browser_asrouter_targeting.js
+++ b/icecat/browser/components/asrouter/tests/browser/browser_asrouter_targeting.js
@ -1418,10 +1418,15 @@ add_task(async function test_creditCardsSaved() {
        gBrowser.selectedBrowser.browsingContext.currentWindowGlobal.getActor(
          "FormAutofill"
        ),
-        "getRecords"
+        "receiveMessage"
      )
-      .withArgs(sandbox.match({ collectionName: "creditCards" }))
+      .withArgs(
-      .resolves([creditcard])
+        sandbox.match({
          name: "FormAutofill:GetRecords",
          data: { collectionName: "creditCards" },
        })
      )
      .resolves({ records: [creditcard] })
      .callThrough();
    is(
@ -1430,8 +1435,8 @@ add_task(async function test_creditCardsSaved() {
      "Should return 1 when 1 credit card is saved"
    );
    ok(
-      stub.calledWithMatch({ collectionName: "creditCards" }),
+      stub.calledWithMatch({ name: "FormAutofill:GetRecords" }),
-      "Targeting called getRecords"
+      "Targeting called FormAutofill:GetRecords"
    );
    sandbox.restore();
--- a/icecat/browser/components/downloads/DownloadsViewUI.sys.mjs
+++ b/icecat/browser/components/downloads/DownloadsViewUI.sys.mjs
@ -12,7 +12,6 @@ import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs";
 const lazy = {};
 ChromeUtils.defineESModuleGetters(lazy, {
  BrowserUtils: "resource://gre/modules/BrowserUtils.sys.mjs",
  BrowserWindowTracker: "resource:///modules/BrowserWindowTracker.sys.mjs",
  DownloadUtils: "resource://gre/modules/DownloadUtils.sys.mjs",
  Downloads: "resource://gre/modules/Downloads.sys.mjs",
@ -601,13 +600,7 @@ DownloadsViewUI.DownloadElementShell.prototype = {
      this.showStatus(stateLabel, hoverStatus);
      return;
    }
-    let uri = URL.parse(this.download.source.url)?.URI;
+    let [displayHost] = lazy.DownloadUtils.getURIHost(this.download.source.url);
    let displayHost = uri
      ? lazy.BrowserUtils.formatURIForDisplay(uri, {
          onlyBaseDomain: true,
        })
      : "";
    let [displayDate] = lazy.DownloadUtils.getReadableDates(
      new Date(this.download.endTime)
    );
--- a/icecat/browser/components/icecatview/fxview-tab-list.mjs
+++ b/icecat/browser/components/icecatview/fxview-tab-list.mjs
@ -513,9 +513,7 @@ export class FxviewTabRowBase extends MozLitElement {
  formatURIForDisplay(uriString) {
    return !window.IS_STORYBOOK
-      ? lazy.BrowserUtils.formatURIStringForDisplay(uriString, {
+      ? lazy.BrowserUtils.formatURIStringForDisplay(uriString)
          showFilenameForLocalURIs: true,
        })
      : uriString;
  }
--- a/icecat/browser/components/icecatview/helpers.mjs
+++ b/icecat/browser/components/icecatview/helpers.mjs
@ -24,9 +24,7 @@ export const LOGGING_PREF = "browser.tabs.icecat-view.logLevel";
 export const MAX_TABS_FOR_RECENT_BROWSING = 5;
 export function formatURIForDisplay(uriString) {
-  return lazy.BrowserUtils.formatURIStringForDisplay(uriString, {
+  return lazy.BrowserUtils.formatURIStringForDisplay(uriString);
    showFilenameForLocalURIs: true,
  });
 }
 export function convertTimestamp(
--- a/icecat/browser/components/icecatview/history.mjs
+++ b/icecat/browser/components/icecatview/history.mjs
@ -18,7 +18,6 @@ const lazy = {};
 ChromeUtils.defineESModuleGetters(lazy, {
  HistoryController: "resource:///modules/HistoryController.sys.mjs",
  PrivateBrowsingUtils: "resource://gre/modules/PrivateBrowsingUtils.sys.mjs",
  ProfileAge: "resource://gre/modules/ProfileAge.sys.mjs",
 });
@ -249,7 +248,6 @@ class HistoryInView extends ViewPage {
          @click=${this.openInNewPrivateWindow}
          data-l10n-id="fxviewtabrow-open-in-private-window"
          data-l10n-attrs="accesskey"
          ?hidden=${!lazy.PrivateBrowsingUtils.enabled}
        ></panel-item>
        <hr />
        <panel-item
--- a/icecat/browser/components/profiles/tests/unit/test_fail_recover_storeID.js
+++ b/icecat/browser/components/profiles/tests/unit/test_fail_recover_storeID.js
@ -14,8 +14,8 @@ add_task(async function test_recover_storeID() {
  await SelectableProfileService.init();
  Assert.ok(
-    ProfilesDatastoreService.initialized,
+    !ProfilesDatastoreService.initialized,
-    "Initialized the datastore service"
+    "Didn't initialize the datastore service"
  );
  Assert.ok(
    !SelectableProfileService.initialized,
--- a/icecat/browser/components/shell/Windows11TaskbarPinning.cpp
+++ b/icecat/browser/components/shell/Windows11TaskbarPinning.cpp
@ -15,7 +15,6 @@
 #include "mozilla/Result.h"
 #include "mozilla/ResultVariant.h"
 #include "mozilla/UniquePtr.h"
 #include "mozilla/WindowsVersion.h"
 #include "mozilla/WinHeaderOnlyUtils.h"
 #include "mozilla/widget/WinTaskbar.h"
 #include "WinUtils.h"
@ -187,16 +186,7 @@ Win11PinToTaskBarResult PinCurrentAppToTaskbarWin11(
  Win11PinToTaskBarResult unlockStatus =
      UnlockLimitedAccessFeature(Win11LimitedAccessFeatureType::Taskbar);
  if (unlockStatus.result != Win11PinToTaskBarResultStatus::Success) {
-    // Limited Access Feature no longer necessary for Windows 11 26200 Build
+    return unlockStatus;
    // 7840, and possibly other channels.
    if (!IsWin11OrLater()) {
      return unlockStatus;
    }
    TASKBAR_PINNING_LOG(
        LogLevel::Warning,
        "Limited Access Feature failed to unlock, attempting to use Taskbar "
        "Pinning API assuming LAF is no longer necessary.");
  }
  HRESULT hr;
@ -417,16 +407,7 @@ Win11PinToTaskBarResult IsCurrentAppPinnedToTaskbarWin11(bool aCheckOnly) {
  Win11PinToTaskBarResult unlockStatus =
      UnlockLimitedAccessFeature(Win11LimitedAccessFeatureType::Taskbar);
  if (unlockStatus.result != Win11PinToTaskBarResultStatus::Success) {
-    // Limited Access Feature no longer necessary for Windows 11 26200 Build
+    return unlockStatus;
    // 7840, and possibly other channels.
    if (!IsWin11OrLater()) {
      return unlockStatus;
    }
    TASKBAR_PINNING_LOG(
        LogLevel::Warning,
        "Limited Access Feature failed to unlock, attempting to use Taskbar "
        "Pinning API assuming LAF is no longer necessary.");
  }
  HRESULT hr;
--- a/icecat/browser/components/urlbar/schema/urlbar-persisted-search-terms-schema.json
+++ b/icecat/browser/components/urlbar/schema/urlbar-persisted-search-terms-schema.json
@ -60,5 +60,5 @@
      }
    }
  },
-  "required": ["providerId", "searchPageRegexp"]
+  "required": ["providerId", "searchPageRegexp", "includeParams"]
 }
--- a/icecat/browser/config/version.txt
+++ b/icecat/browser/config/version.txt
@ -1 +1 @@
-140.10.1
+140.6.0
--- a/icecat/browser/config/version_display.txt
+++ b/icecat/browser/config/version_display.txt
@ -1 +1 @@
-140.10.1esr
+140.6.0esr
--- a/icecat/browser/confvars.sh
+++ b/icecat/browser/confvars.sh
@ -13,5 +13,5 @@ MOZ_BRANDING_DIRECTORY=browser/branding/unofficial
 MOZ_OFFICIAL_BRANDING_DIRECTORY=browser/branding/official
 # IceCat settings
 MOZ_APP_BASENAME=IceCat
-MOZ_APP_VERSION=140.10.1
+MOZ_APP_VERSION=140.6.0
 MOZ_DATA_REPORTING=0
--- a/icecat/browser/extensions/formautofill/test/browser/browser_dynamic_form_refill_on_site_clearing_values.js
+++ b/icecat/browser/extensions/formautofill/test/browser/browser_dynamic_form_refill_on_site_clearing_values.js
@ -13,7 +13,6 @@ add_setup(async () => {
  });
  await setStorage(TEST_ADDRESS_1);
  await setStorage(TEST_CREDIT_CARD_1);
  registerCleanupFunction(async () => {
    await removeAllRecords();
@ -102,7 +101,7 @@ add_task(
        /* eslint-disable mozilla/no-arbitrary-setTimeout */
        await new Promise(resolve => {
-          setTimeout(resolve, FormAutofill.refillOnSiteClearingFieldsTimeout);
+          setTimeout(resolve, FormAutofill.refillOnSiteClearingFields);
        });
        return await SpecialPowers.spawn(
@ -117,56 +116,3 @@ add_task(
    Assert.equal(orgaValue, "", "Element was not refilled");
  }
 );
 add_task(async function address_field_not_refilled_after_reformat_by_site() {
  const value = await BrowserTestUtils.withNewTab(
    CREDITCARD_FORM_URL,
    async browser => {
      const selectorToTriggerAutocompletion = "#cc-number";
      const elementValueToVerifyAutofill = TEST_CREDIT_CARD_1["cc-number"];
      info("Triggering autocompletion.");
      await openPopupOn(browser, selectorToTriggerAutocompletion);
      await BrowserTestUtils.synthesizeKey("VK_DOWN", {}, browser);
      await BrowserTestUtils.synthesizeKey("VK_RETURN", {}, browser);
      await waitForAutofill(
        browser,
        selectorToTriggerAutocompletion,
        elementValueToVerifyAutofill
      );
      const formatValue = TEST_CREDIT_CARD_1["cc-number"]
        .replace(/(.{4})/g, "$1 ")
        .trim();
      await SpecialPowers.spawn(
        browser,
        [selectorToTriggerAutocompletion, formatValue],
        async (ccNumberSelector, reformatValue) => {
          const ccNumberInput =
            content.document.querySelector(ccNumberSelector);
          info("Simulating site reformats an input");
          ccNumberInput.value = reformatValue;
        }
      );
      /* eslint-disable mozilla/no-arbitrary-setTimeout */
      await new Promise(resolve => {
        setTimeout(resolve, FormAutofill.refillOnSiteClearingFieldsTimeout);
      });
      return await SpecialPowers.spawn(
        browser,
        [selectorToTriggerAutocompletion],
        async ccNumberSelector => {
          return content.document.querySelector(ccNumberSelector).value;
        }
      );
    }
  );
  const formatValue = TEST_CREDIT_CARD_1["cc-number"]
    .replace(/(.{4})/g, "$1 ")
    .trim();
  Assert.equal(value, formatValue, "Element was not refilled");
 });
--- a/icecat/browser/extensions/formautofill/test/browser/head.js
+++ b/icecat/browser/extensions/formautofill/test/browser/head.js
@ -1473,9 +1473,6 @@ async function triggerCapture(browser, submitButtonSelector, fillSelectors) {
 * @param {object} patterns.captureExpectedRecord
 *        The expected saved record after capturing the form. Keyed by field name. This
 *        parameter is only used when `options.testCapture` is set.
 * @param {boolean} patterns.useTestYear
 *        Set to the current year to assign while running the test, useful for credit
 *        card expiry tests with a manual set of year options in the dropdown.
 * @param {object} patterns.only
 *        This parameter is used solely for debugging purposes. When set to true,
 *        it restricts the execution to only the specified testcase.
@ -1600,32 +1597,16 @@ async function add_heuristic_tests(
      const sleepAfterFocus = contexts.length > 1;
      for (const context of contexts) {
-        await SpecialPowers.spawn(
+        await SpecialPowers.spawn(context, [], async () => {
-          context,
+          const elements = Array.from(
-          [testPattern.useTestYear],
+            content.document.querySelectorAll("input, select")
-          async year => {
+          );
-            let FormAutofillHeuristics;
+          // Focus on each field in the test document to trigger autofill field detection
-            if (year) {
+          // on all the fields.
-              FormAutofillHeuristics = ChromeUtils.importESModule(
+          elements.forEach(element => {
-                "resource://gre/modules/shared/FormAutofillHeuristics.sys.mjs"
+            element.focus();
-              ).FormAutofillHeuristics;
+          });
-              FormAutofillHeuristics.useTestYear = year;
+        });
            }
            const elements = Array.from(
              content.document.querySelectorAll("input, select")
            );
            // Focus on each field in the test document to trigger autofill field detection
            // on all the fields.
            elements.forEach(element => {
              element.focus();
            });
            if (year) {
              FormAutofillHeuristics.useTestYear = null;
            }
          }
        );
        try {
          await BrowserTestUtils.synthesizeKey("VK_ESCAPE", {}, context);
--- a/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser.toml
+++ b/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser.toml
@ -8,6 +8,7 @@ support-files = [
 ["browser_BestBuy.js"]
 ["browser_CDW.js"]
 skip-if = ["true"] # Bug 1939626
 ["browser_CostCo.js"]
--- a/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser_CDW.js
+++ b/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser_CDW.js
@ -30,7 +30,6 @@ add_heuristic_tests(
    },
    {
      fixturePath: "Checkout_BillingPaymentInfo.html",
      useTestYear: 2024,
      expectedResult: [
        {
          default: {
--- a/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser_CostCo.js
+++ b/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser_CostCo.js
@ -74,7 +74,6 @@ add_heuristic_tests(
    },
    {
      fixturePath: "Payment.html",
      useTestYear: 2025,
      expectedResult: [
        {
          default: {
--- a/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser_GlobalDirectAsda.js
+++ b/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser_GlobalDirectAsda.js
@ -6,7 +6,6 @@ add_heuristic_tests(
  [
    {
      fixturePath: "Payment.html",
      useTestYear: 2024,
      expectedResult: [
        {
          default: {
--- a/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser_Lufthansa.js
+++ b/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser_Lufthansa.js
@ -6,7 +6,6 @@ add_heuristic_tests(
  [
    {
      fixturePath: "Checkout_Payment.html",
      useTestYear: 2024,
      expectedResult: [
        {
          default: {
--- a/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser_Lush.js
+++ b/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser_Lush.js
@ -6,7 +6,6 @@ add_heuristic_tests(
  [
    {
      fixturePath: "index.html",
      useTestYear: 2024,
      expectedResult: [
        {
          default: {
--- a/icecat/browser/extensions/webcompat/injections/js/bug1950282-f1tv.formula1.com-unblock-icecat.js
+++ b/icecat/browser/extensions/webcompat/injections/js/bug1950282-f1tv.formula1.com-unblock-icecat.js
@ -120,65 +120,3 @@ window.wrappedJSObject.chrome = cloneInto(
  window,
  { cloneFunctions: true }
 );
 const ua = navigator.userAgent;
 const mobile = ua.includes("Mobile") || ua.includes("Tablet");
 // Very roughly matches Chromium's GetPlatformForUAMetadata()
 let platform = "Linux";
 if (mobile) {
  platform = "Android";
 } else if (navigator.platform.startsWith("Win")) {
  platform = "Windows";
 } else if (navigator.platform.startsWith("Mac")) {
  platform = "macOS";
 }
 const version = (ua.match(/IceCat\/([0-9]+)/) || ["", "58.0"])[1];
 // These match Chrome's output as of version 126.
 const brands = [
  {
    brand: "Not/A)Brand",
    version: "8",
  },
  {
    brand: "Chromium",
    version,
  },
  {
    brand: "Google Chrome",
    version,
  },
 ];
 const userAgentData = cloneInto(
  {
    brands,
    mobile,
    platform,
    getHighEntropyValues() {
      return window.wrappedJSObject.Promise.resolve(
        cloneInto(
          {
            brands,
            mobile,
            platform,
            platformVersion: "19.0.0",
          },
          window
        )
      );
    },
  },
  window,
  { cloneFunctions: true }
 );
 Object.defineProperty(window.navigator.wrappedJSObject, "userAgentData", {
  get: exportFunction(function () {
    return userAgentData;
  }, window),
  set: exportFunction(function () {}, window),
 });
--- a/icecat/browser/extensions/webcompat/manifest.json
+++ b/icecat/browser/extensions/webcompat/manifest.json
@ -2,7 +2,7 @@
  "manifest_version": 2,
  "name": "Web Compatibility Interventions",
  "description": "Urgent post-release fixes for web compatibility.",
-  "version": "140.12.0",
+  "version": "140.11.0",
  "browser_specific_settings": {
    "gecko": {
      "id": "webcompat@mozilla.org",
--- a/icecat/build/pgo/certs/cert9.db
+++ b/icecat/build/pgo/certs/cert9.db
--- a/icecat/build/pgo/certs/key4.db
+++ b/icecat/build/pgo/certs/key4.db
--- a/icecat/build/pgo/certs/mochitest.client
+++ b/icecat/build/pgo/certs/mochitest.client
--- a/icecat/config/milestone.txt
+++ b/icecat/config/milestone.txt
@ -10,4 +10,4 @@
 # hardcoded milestones in the tree from these two files.
 #--------------------------------------------------------
-140.10.1
+140.6.0
--- a/icecat/debian/build/rules.mk
+++ b/icecat/debian/build/rules.mk
@ -157,12 +157,8 @@ ifeq (official, $(MOZ_BRANDING))
 MOZ_DEFINES += -DMOZ_OFFICIAL_BRANDING
 endif
 ifneq (,$(DEB_PARALLEL_JOBS))
 ifneq (,$(filter armhf, $(DEB_HOST_ARCH)))
 MOZ_DEFINES += -DDEB_PARALLEL_JOBS=1
 else
 MOZ_DEFINES += -DDEB_PARALLEL_JOBS=$(DEB_PARALLEL_JOBS)
 endif
 endif
 MOZ_EXECUTABLES_$(MOZ_PKG_NAME) +=	$(MOZ_LIBDIR)/$(MOZ_PKG_BASENAME).sh \
 					$(NULL)
--- a/icecat/debian/changelog
+++ b/icecat/debian/changelog
@ -1,39 +1,3 @@
 icecat (140.10.1-1gnu1+build1-0.12.0) ecne; urgency=medium
  * New upstream stable release (icecat-140.10.1-1gnu1)
 -- Capitulo Mexicano de Software Libre <devel@cmxsl.org>  Mon, 04 May 2026 16:44:54 -0600
 icecat (140.10.0-1gnu1+build1-0.12.0) ecne; urgency=medium
  * New upstream stable release (icecat-140.10.0-1gnu1)
 -- Capitulo Mexicano de Software Libre <devel@cmxsl.org>  Tue, 28 Apr 2026 03:08:30 -0600
 icecat (140.9.0-1gnu1+build1-0.12.0) ecne; urgency=medium
  * New upstream stable release (icecat-140.9.0-1gnu1)
 -- Capitulo Mexicano de Software Libre <devel@cmxsl.org>  Sat, 28 Mar 2026 01:16:35 -0600
 icecat (140.8.0-2gnu1+build1-0.12.0) ecne; urgency=medium
  * New upstream stable release (icecat-140.8.0-2gnu1)
 -- Capitulo Mexicano de Software Libre <devel@cmxsl.org>  Tue, 10 Mar 2026 23:20:02 -0600
 icecat (140.7.1-1gnu1+build1-0.12.0) ecne; urgency=medium
  * New upstream stable release (icecat-140.7.1-1gnu1)
 -- Capitulo Mexicano de Software Libre <devel@cmxsl.org>  Mon, 16 Feb 2026 22:12:00 -0600
 icecat (140.7.0-1gnu1+build1-0.12.0) ecne; urgency=medium
  * New upstream stable release (icecat-140.7.0-1gnu1)
 -- Capitulo Mexicano de Software Libre <devel@cmxsl.org>  Sat, 17 Jan 2026 21:13:41 -0600
 icecat (140.6.0-1gnu1+build1-0.12.0) ecne; urgency=medium
  * New upstream stable release (icecat-140.6.0-1gnu1)
--- a/icecat/debian/config/mozconfig.in
+++ b/icecat/debian/config/mozconfig.in
@ -11,11 +11,7 @@ ac_add_options --disable-updater
 ac_add_options --enable-application=browser
 ac_add_options --with-distribution-id=org.trisquel
 %%if DEB_BUILD_ARCH_BITS == 32
 %%if DEB_HOST_ARCH == armhf
 ac_add_options --disable-debug-symbols
 %%else
 ac_add_options --enable-debug-symbols=-g1
 %%endif
 %%else
 ac_add_options --enable-debug-symbols
 %%endif
--- a/icecat/debian/patches/armhf-rustc-thin-lto.patch
+++ b/icecat/debian/patches/armhf-rustc-thin-lto.patch
@ -1,30 +1,22 @@
-Description: Do not enable LTO for rustc when building on armhf,
+Description: Do not enable LTO for rustc when building on arm64 and armhf,
 to work around OOM failures on Launchpad builders. Note that this alone is not
 sufficient, because by default cargo will also enable full LTO when building
 with a release profile, so the top-level Cargo.toml file needs to be
 conditionally patched (this is done in debian/build/rules.mk).
 Author: Olivier Tilloy <olivier.tilloy@canonical.com>
 Author: Nathan Pratte Teodosio <nteodosio@ubuntu.com>
 Forwarded: not-needed
 --- a/config/makefiles/rust.mk
 +++ b/config/makefiles/rust.mk
-@@ -70,10 +70,18 @@ ifndef MOZ_DEBUG_RUST
+@@ -70,8 +70,10 @@ ifndef MOZ_DEBUG_RUST
 # Never enable when coverage is enabled to work around https://github.com/rust-lang/rust/issues/90045.
 ifndef MOZ_CODE_COVERAGE
 ifeq (,$(findstring gkrust_gtest,$(RUST_LIBRARY_FILE)))
-+ifneq (,$(filter arm,$(TARGET_CPU)))
+ifeq (,$(filter aarch64 arm,$(TARGET_CPU)))
 +cargo_rustc_flags += -Clto=off
 +else
 cargo_rustc_flags += -Clto$(if $(filter full,$(MOZ_LTO_RUST_CROSS)),=fat)
 +endif
 endif
 +endif
 # We need -Cembed-bitcode=yes for all crates when using -Clto.
 +ifneq (,$(filter arm,$(TARGET_CPU)))
 +RUSTFLAGS += -Cembed-bitcode=no
 +else
 RUSTFLAGS += -Cembed-bitcode=yes
 +endif
 endif
 endif
 endif
--- a/icecat/debian/patches/series
+++ b/icecat/debian/patches/series
@ -7,7 +7,7 @@ webrtc-fix-compiler-flags-for-armhf.patch
 s390x-ycbcr.patch
 reduce-rust-debuginfo.patch
 armhf-reduce-linker-memory-use.patch
-armhf-rustc-lto-off.patch
+armhf-rustc-thin-lto.patch
 ppc64el-workaround-bug-1555531.patch
 ppc64el-workaround-gcc-ice.patch
 armhf-clang-no-integrated-as-for-neon.patch
--- a/icecat/devtools/client/aboutdebugging/test/browser/browser.toml
+++ b/icecat/devtools/client/aboutdebugging/test/browser/browser.toml
@ -190,7 +190,6 @@ fail-if = ["a11y_checks"] # Bug 1849028 clicked element may not be focusable and
 ["browser_aboutdebugging_serviceworker_start.js"]
 skip-if = [
  "os == 'linux' && os_version == '18.04' && processor == 'x86_64' && tsan", # Bug 1947358, Bug 2030884
  "os == 'linux' && os_version == '24.04' && processor == 'x86_64' && display == 'x11' && tsan", # Bug 1947358
 ]
--- a/icecat/devtools/client/application/test/browser/browser.toml
+++ b/icecat/devtools/client/application/test/browser/browser.toml
@ -96,11 +96,8 @@ fail-if = ["a11y_checks"] # Bug 1849028 clicked element may not be focusable and
 ["browser_application_panel_start-service-worker.js"]
 fail-if = ["a11y_checks"] # Bug 1849028 clicked element may not be focusable and/or labeled
 skip-if = [
-  "os == 'linux' && processor == 'x86_64' && tsan", # Bug 1608640, Bug 2030884
+  "os == 'linux' && os_version == '18.04' && processor == 'x86_64' && tsan", # Bug 1608640
-  "os == 'linux' && processor == 'x86_64' && asan", # Bug 1781479, Bug 2030884
+  "os == 'linux' && os_version == '24.04' && processor == 'x86_64' && display == 'x11' && tsan", # Bug 1608640
  "os == 'mac' && os_version == '14.70' && processor == 'x86_64'", # Bug 1980084, Bug 2030884
  "os == 'win' && os_version == '11.26100' && processor == 'x86_64' && asan", # Bug 1781479, Bug 2030884
  "os == 'win' && os_version == '11.26200' && processor == 'x86_64' && asan", # Bug 1781479, Bug 2030884
 ]
 ["browser_application_panel_target-switching.js"]
--- a/icecat/devtools/client/debugger/src/.eslintrc.mjs
+++ b/icecat/devtools/client/debugger/src/.eslintrc.mjs
@ -47,8 +47,6 @@ export default [
        process: true,
        global: true,
        L10N: true,
        // TODO: Add this to the main ESlint globals Bug 2025542
        Sanitizer: true,
      },
    },
    rules: {
--- a/icecat/devtools/client/debugger/src/components/QuickOpenModal.js
+++ b/icecat/devtools/client/debugger/src/components/QuickOpenModal.js
@ -2,12 +2,11 @@
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at <http://mozilla.org/MPL/2.0/>. */
-import React, {
+import React, { Component } from "devtools/client/shared/vendor/react";
-  Component,
+import { div } from "devtools/client/shared/vendor/react-dom-factories";
  createRef,
 } from "devtools/client/shared/vendor/react";
 import PropTypes from "devtools/client/shared/vendor/react-prop-types";
 import { connect } from "devtools/client/shared/vendor/react-redux";
 import { basename } from "../utils/path";
 import { createLocation } from "../utils/location";
 const fuzzyAldrin = require("resource://devtools/client/shared/vendor/fuzzaldrin-plus.js");
@ -60,7 +59,6 @@ export class QuickOpenModal extends Component {
  constructor(props) {
    super(props);
    this.state = { results: null, selectedIndex: 0 };
    this.resultListRef = createRef();
  }
  static get propTypes() {
@ -225,14 +223,20 @@ export class QuickOpenModal extends Component {
      if (query == "" && !this.isShortcutQuery()) {
        this.showTopSources();
-      } else if (this.isSymbolSearch()) {
+        return;
        await this.searchSymbols(query);
      } else if (this.isShortcutQuery()) {
        this.searchShortcuts(query);
      } else {
        this.searchSources(query);
      }
-      this.highlightQueryMatches(this.props.query);
+
      if (this.isSymbolSearch()) {
        await this.searchSymbols(query);
        return;
      }
      if (this.isShortcutQuery()) {
        this.searchShortcuts(query);
        return;
      }
      this.searchSources(query);
    } catch (e) {
      // Due to throttling this might get scheduled after the component and the
      // toolbox are destroyed.
@ -390,35 +394,23 @@ export class QuickOpenModal extends Component {
  isSourcesQuery = () => this.props.searchType === "sources";
  isSourceSearch = () => this.isSourcesQuery() || this.isGotoSourceQuery();
-  highlightQueryMatches(query) {
+  /* eslint-disable react/no-danger */
  renderHighlight(candidateString, query) {
    const options = {
      wrap: {
        tagOpen: '<mark class="highlight">',
        tagClose: "</mark>",
      },
    };
-    if (this.resultListRef.current) {
+    const html = fuzzyAldrin.wrap(candidateString, query, options);
-      const domEl = this.resultListRef.current.ref.current;
+    return div({
-      for (const titleNode of domEl.querySelectorAll(".title")) {
+      dangerouslySetInnerHTML: {
-        const htmlString = fuzzyAldrin.wrap(
+        __html: html,
-          titleNode.innerText,
+      },
-          query,
+    });
          options
        );
        // Sanitizer API not supported in ESR 140
        // Should remove at ESR 153
        if ("Sanitizer" in window) {
          const sanitizer = new Sanitizer({
            elements: ["mark"],
            attributes: ["class"],
          });
          titleNode.setHTML(htmlString, { sanitizer });
        }
      }
    }
  }
-  renderResults = (query, results) => {
+  highlightMatching = (query, results) => {
    let newQuery = query;
    if (newQuery === "") {
      return results;
@ -429,7 +421,11 @@ export class QuickOpenModal extends Component {
      if (typeof result.title == "string") {
        return {
          ...result,
-          title: result.title,
+          title: this.renderHighlight(
            result.title,
            basename(newQuery),
            "title"
          ),
        };
      }
      return result;
@ -458,7 +454,7 @@ export class QuickOpenModal extends Component {
    const { query } = this.props;
    const { selectedIndex, results } = this.state;
-    const items = this.renderResults(query, results || []);
+    const items = this.highlightMatching(query, results || []);
    const expanded = !!items && !!items.length;
    return React.createElement(
      Modal,
@ -491,7 +487,7 @@ export class QuickOpenModal extends Component {
          items,
          selected: selectedIndex,
          selectItem: this.selectResultItem,
-          ref: this.resultListRef,
+          ref: "resultList",
          expanded,
          ...(this.isSourceSearch() ? SIZE_BIG : SIZE_DEFAULT),
        })
--- a/icecat/devtools/client/debugger/test/mochitest/browser_aj.toml
+++ b/icecat/devtools/client/debugger/test/mochitest/browser_aj.toml
@ -115,9 +115,6 @@ skip-if = [
 ["browser_dbg-call-stack.js"]
 ["browser_dbg-chrome-create.js"]
 skip-if = [
  "os == 'linux' && os_version == '18.04' && processor == 'x86_64' && asan", # Bug 2030884
 ]
 ["browser_dbg-console-async.js"]
@ -289,7 +286,6 @@ skip-if = [
 ["browser_dbg-javascript-tracer-values-preview.js"]
 skip-if = [
  "os == 'linux' && os_version == '18.04' && processor == 'x86_64' && opt && a11y_checks", # Bug The tracer tree isn't yet accessible
  "os == 'linux' && os_version == '18.04' && processor == 'x86_64' && tsan", # Bug 1959018, Bug 2030884
  "os == 'linux' && os_version == '24.04' && processor == 'x86_64' && display == 'x11' && opt && a11y_checks", # Bug The tracer tree isn't yet accessible
 ]
--- a/icecat/devtools/client/debugger/test/mochitest/browser_dbg-quick-open.js
+++ b/icecat/devtools/client/debugger/test/mochitest/browser_dbg-quick-open.js
@ -94,18 +94,6 @@ add_task(async function () {
  pressKey(dbg, "Escape");
  assertQuickOpenDisabled(dbg);
  info("Test that the highlighted result matches match the query");
  await quickOpen(dbg, "sw");
  await waitForResults(dbg, [
    "script-switching-01.js",
    "script-switching-02.js",
  ]);
  await assertHighlightMatches(dbg, 1, "sw");
  await assertHighlightMatches(dbg, 2, "sw");
  EventUtils.sendString("i");
  await assertHighlightMatches(dbg, 1, "swi");
  pressKey(dbg, "Escape");
  info("Testing goto line:column");
  assertLine(dbg, 0);
  assertColumn(dbg, 1);
@ -182,19 +170,3 @@ async function assertResultIsTab(dbg, index) {
    "Result should be a tab"
  );
 }
 async function assertHighlightMatches(dbg, resultIndex, expectedMatchText) {
  // Sanitizer API not supported in ESR 140
  // Should remove at ESR 153
  if ("Sanitizer" in dbg.win) {
    const el = await findResultEl(dbg, resultIndex);
    const highlight = await waitForElementWithSelector(dbg, "mark.highlight");
    ok(el && !!highlight, "The query match is highlighted");
    await waitUntil(
      () => el.querySelector("mark.highlight").innerText == expectedMatchText
    );
    ok(true, "The highlighted text matches the query text");
  } else {
    ok(true, "The text is not highlighted");
  }
 }
--- a/icecat/devtools/client/framework/test/browser.toml
+++ b/icecat/devtools/client/framework/test/browser.toml
@ -112,12 +112,6 @@ skip-if = [
 ["browser_tab_commands_factory.js"]
 ["browser_tab_descriptor_fission.js"]
 skip-if = [
  "os == 'linux' && processor == 'x86_64' && asan", # Bug 1966872, Bug 2030884
  "os == 'linux' && processor == 'x86_64' && tsan", # Bug 1966872, Bug 2030884
  "os == 'win' && os_version == '11.26100' && processor == 'x86_64' && asan", # Bug 1966872, Bug 2030884
  "os == 'win' && os_version == '11.26200' && processor == 'x86_64' && asan", # Bug 1966872, Bug 2030884
 ]
 ["browser_target_cached-front.js"]
@ -297,9 +291,6 @@ fail-if = ["a11y_checks"] # Bug 1849028 clicked element may not be focusable and
 ["browser_toolbox_watchedByDevTools.js"]
 ["browser_toolbox_window_global_debugging.js"]
 skip-if = [
  "os == 'linux' && processor == 'x86_64' && tsan", # Bug 1950845, Bug 2030884
 ]
 ["browser_toolbox_window_reload_target.js"]
--- a/icecat/devtools/client/inspector/animation/test/browser.toml
+++ b/icecat/devtools/client/inspector/animation/test/browser.toml
@ -150,11 +150,8 @@ fail-if = ["a11y_checks"] # Bug 1849028 clicked element may not be focusable and
 ["browser_animation_logic_mutations_fast.js"]
 skip-if = [
-  "os == 'linux' && processor == 'x86_64' && asan", # Bug 1980142, Bug 2030884
+  "os == 'linux' && os_version == '18.04' && processor == 'x86_64' && debug", # Bug 1567800
-  "os == 'linux' && processor == 'x86_64' && debug", # Bug 1567800, Bug 2030884
+  "os == 'linux' && os_version == '24.04' && processor == 'x86_64' && display == 'x11' && debug", # Bug 1567800
  "os == 'linux' && processor == 'x86_64' && tsan", # Bug 1980142, Bug 2030884
  "os == 'win' && os_version == '11.26100' && processor == 'x86_64' && debug", # Bug 1980142, Bug 2030884
  "os == 'win' && os_version == '11.26200' && processor == 'x86_64' && debug", # Bug 1980142, Bug 2030884
 ]
 ["browser_animation_logic_mutations_properties.js"]
--- a/icecat/devtools/client/netmonitor/src/components/request-details/RequestPanel.js
+++ b/icecat/devtools/client/netmonitor/src/components/request-details/RequestPanel.js
@ -124,34 +124,30 @@ class RequestPanel extends Component {
  }
  /**
-   * This maps an array to a dictionary for TreeView usage,
+   * Mapping array to dict for TreeView usage.
-   * sincs the treeView only supports the Object(dict) format.
+   * Since TreeView only support Object(dict) format.
   * This function also deal with duplicate key case
   * (for multiple selection and query params with same keys)
   *
-   * This function also deals with the duplicate key scenario
+   * This function is not sorting result properties since it can
-   * (i.e multiple selections and query params with same keys)
+   * results in unexpected order of params. See bug 1469533
   *
-   * Note: This is not sorting the result properties since it can
+   * @param {Object[]} arr - key-value pair array or form params
-   * result in an unexpected order of parameters. See bug 1469533
+   * @returns {Object} Rep compatible object
   *
   * @param {object[]} arrOfKeyValuePairs - An array of key-value pairs or form params.
   * @param {string} arrOfKeyValuePairs[].name
   * @param {string|Array} arrOfKeyValuePairs[].value
   *
   * @returns {object} Rep compatible object
   */
-  getProperties(arrOfKeyValuePairs) {
+  getProperties(arr) {
-    return arrOfKeyValuePairs.reduce((dict, { name, value }) => {
+    return arr.reduce((map, obj) => {
-      if (name in dict) {
+      const value = map[obj.name];
-        const dictValue = dict[name];
+      if (value || value === "") {
-        if (!Array.isArray(dictValue)) {
+        if (typeof value !== "object") {
-          dict[name] = [dictValue];
+          map[obj.name] = [value];
        }
-        dict[name].push(value);
+        map[obj.name].push(obj.value);
      } else {
-        dict[name] = value;
+        map[obj.name] = obj.value;
      }
-      return dict;
+      return map;
-    }, Object.create(null));
+    }, {});
  }
  toggleRawRequestPayload() {
@ -209,9 +205,10 @@ class RequestPanel extends Component {
    // Form Data section
    if (formDataSections && formDataSections.length) {
      const sections = formDataSections.filter(str => /\S/.test(str)).join("&");
      component = PropertiesView;
      componentProps = {
-        object: this.getProperties(parseFormData(formDataSections)),
+        object: this.getProperties(parseFormData(sections)),
        filterText,
        targetSearchResult,
        defaultSelectFirstNode: false,
--- a/icecat/devtools/client/netmonitor/src/utils/request-utils.js
+++ b/icecat/devtools/client/netmonitor/src/utils/request-utils.js
@ -83,6 +83,7 @@ async function getFormDataSections(
      }
    }
  }
  return formDataSections;
 }
@ -417,29 +418,28 @@ function parseQueryString(query) {
 /**
 * Parse a string of formdata sections into its components
 *
- * @param {Array<string>} sections Array of sections of formdata
+ * @param {string} sections - sections of formdata joined by &
- *                                 e.g ["", "a=x&b=y", "c=z"]
+ * @return {array} array of formdata params { name, value }
 * @return {Array<object>}  Array of formdata params
 *                          e.g [{ name: 'a', value: 'x' }, { name: 'b', value: 'y'}, { name: 'c', value: 'z'}]
 */
 function parseFormData(sections) {
-  if (!sections || !sections.length) {
+  if (!sections) {
    return [];
  }
  const formDataParams = [];
  const searchStr = sections
    // Filter out empty sections
    .filter(str => /\S/.test(str))
    .join("&");
-  const params = new URLSearchParams(searchStr);
+  return sections
-  for (const [key, value] of params) {
+    .replace(/^&/, "")
-    formDataParams.push({
+    .split("&")
-      name: getUnicodeUrlPath(key),
+    .map(e => {
-      value: getUnicodeUrlPath(value),
+      const firstEqualSignIndex = e.indexOf("=");
      const paramName =
        firstEqualSignIndex !== -1 ? e.slice(0, firstEqualSignIndex) : e;
      const paramValue =
        firstEqualSignIndex !== -1 ? e.slice(firstEqualSignIndex + 1) : "";
      return {
        name: paramName ? getUnicodeUrlPath(paramName) : "",
        value: paramValue ? getUnicodeUrlPath(paramValue) : "",
      };
    });
  }
  return formDataParams;
 }
 /**
--- a/icecat/devtools/client/netmonitor/src/widgets/RequestListContextMenu.js
+++ b/icecat/devtools/client/netmonitor/src/widgets/RequestListContextMenu.js
@ -746,7 +746,7 @@ class RequestListContextMenu {
    };
    const options = JSON.stringify(fetchOptions, null, 4);
-    const fetchString = `await fetch(${JSON.stringify(url)}, ${options});`;
+    const fetchString = `await fetch("${url}", ${options});`;
    return fetchString;
  }
--- a/icecat/devtools/client/netmonitor/test/browser_net_columns_time.js
+++ b/icecat/devtools/client/netmonitor/test/browser_net_columns_time.js
@ -50,11 +50,10 @@ add_task(async function () {
  const types = ["end", "response", "duration", "latency"];
  for (const t of types) {
    info("Check the timing column for type: " + t);
    await waitUntil(() => {
      const node = item.querySelector(".requests-list-" + t + "-time");
      const value = parseInt(node.textContent, 10);
-      return value >= 0;
+      return value > 0;
    });
  }
--- a/icecat/devtools/client/netmonitor/test/browser_net_complex-params.js
+++ b/icecat/devtools/client/netmonitor/test/browser_net_complex-params.js
@ -20,7 +20,7 @@ add_task(async function () {
  store.dispatch(Actions.batchEnable(false));
  // Execute requests.
-  await performRequests(monitor, tab, 13);
+  await performRequests(monitor, tab, 12);
  const requestListItems = document.querySelectorAll(
    ".network-monitor .request-list-item"
@ -49,7 +49,7 @@ add_task(async function () {
  await testRequestWithFormattedView(
    monitor,
    requestListItems[2],
-    "foo",
+    "?foo",
    "bar=123=xyz",
    "?foo=bar=123=xyz",
    1
@ -92,14 +92,6 @@ add_task(async function () {
    '{ "foo": "bar" }',
    1
  );
  await testRequestWithFormattedView(
    monitor,
    requestListItems[12],
    "__proto__",
    "evil_value",
    "__proto__=evil_value",
    1
  );
  await teardown(monitor);
 });
--- a/icecat/devtools/client/netmonitor/test/browser_net_copy_as_fetch.js
+++ b/icecat/devtools/client/netmonitor/test/browser_net_copy_as_fetch.js
@ -7,7 +7,7 @@
 * Tests if Copy as Fetch works.
 */
-add_task(async function testBasicCopyAsFetch() {
+add_task(async function () {
  const { tab, monitor } = await initNetMonitor(HTTPS_CURL_URL, {
    requestCount: 1,
  });
@ -15,9 +15,7 @@ add_task(async function testBasicCopyAsFetch() {
  // GET request, no cookies (first request)
  await performRequest("GET");
-  await testClipboardContent(
+  await testClipboardContent(`await fetch("https://example.com/browser/devtools/client/netmonitor/test/sjs_simple-test-server.sjs", {
    monitor,
    `await fetch("https://example.com/browser/devtools/client/netmonitor/test/sjs_simple-test-server.sjs", {
    "credentials": "omit",
    "headers": {
        "User-Agent": "${navigator.userAgent}",
@ -35,8 +33,7 @@ add_task(async function testBasicCopyAsFetch() {
    "referrer": "https://example.com/browser/devtools/client/netmonitor/test/html_copy-as-curl.html",
    "method": "GET",
    "mode": "cors"
-});`
+});`);
  );
  await teardown(monitor);
@ -57,71 +54,39 @@ add_task(async function testBasicCopyAsFetch() {
    );
    await waitRequest;
  }
 });
-/**
+  async function testClipboardContent(expectedResult) {
- * Tests for Url escaping of copy as Fetch
+    const { document } = monitor.panelWin;
 */
 add_task(async function testUrlEscapeOfCopyAsFetch() {
  const { monitor } = await initNetMonitor(HTTPS_CURL_URL, {
    requestCount: 1,
  });
  info("Starting test... ");
-  const waitRequest = waitForNetworkEvents(monitor, 1);
+    const items = document.querySelectorAll(".request-list-item");
-  await SpecialPowers.spawn(
+    EventUtils.sendMouseEvent({ type: "mousedown" }, items[items.length - 1]);
-    gBrowser.selectedBrowser,
+    EventUtils.sendMouseEvent(
-    ['data:text/html,"+alert(document.domain)+"'],
+      { type: "contextmenu" },
-    url => {
+      document.querySelectorAll(".request-list-item")[0]
-      content.fetch(url);
+    );
    }
  );
  await waitRequest;
-  await testClipboardContent(
+    /* Ensure that the copy as fetch option is always visible */
-    monitor,
+    is(
-    `await fetch("data:text/html,\\"+alert(document.domain)+\\"", {
+      !!getContextMenuItem(monitor, "request-list-context-copy-as-fetch"),
-    "credentials": "omit",
+      true,
-    "headers": {},
+      'The "Copy as Fetch" context menu item should not be hidden.'
-    "method": "GET",
+    );
    "mode": "cors"
 });`
  );
-  await teardown(monitor);
+    await waitForClipboardPromise(
-});
+      async function setup() {
-
+        await selectContextMenuItem(
-async function testClipboardContent(monitor, expectedResult) {
+          monitor,
-  const { document } = monitor.panelWin;
+          "request-list-context-copy-as-fetch"
-
+        );
-  const items = document.querySelectorAll(".request-list-item");
+      },
-  EventUtils.sendMouseEvent({ type: "mousedown" }, items[items.length - 1]);
+      function validate(result) {
-  EventUtils.sendMouseEvent(
+        if (typeof result !== "string") {
-    { type: "contextmenu" },
+          return false;
-    document.querySelectorAll(".request-list-item")[0]
+        }
-  );
+        return expectedResult === result;
  /* Ensure that the copy as fetch option is always visible */
  is(
    !!getContextMenuItem(monitor, "request-list-context-copy-as-fetch"),
    true,
    'The "Copy as Fetch" context menu item should not be hidden.'
  );
  await waitForClipboardPromise(
    async function setup() {
      await selectContextMenuItem(
        monitor,
        "request-list-context-copy-as-fetch"
      );
    },
    function validate(result) {
      if (typeof result !== "string") {
        return false;
      }
-      return expectedResult === result;
+    );
    }
  );
-  info("Clipboard contains a fetch command for item " + (items.length - 1));
+    info("Clipboard contains a fetch command for item " + (items.length - 1));
-}
+  }
 });
--- a/icecat/devtools/client/netmonitor/test/browser_net_curl-utils.js
+++ b/icecat/devtools/client/netmonitor/test/browser_net_curl-utils.js
@ -326,10 +326,10 @@ function testEscapeStringWin() {
    "Percent signs should be escaped."
  );
-  const backslashes = " - \\A simple string\\ - ";
+  const backslashes = "\\A simple string\\";
  is(
    CurlUtils.escapeStringWin(backslashes),
-    '^\" - ^\\^\\A simple string^\\^\\ - ^\"',
+    '^\"^\\A simple string^\\^\"',
    "Backslashes should be escaped."
  );
--- a/icecat/devtools/client/netmonitor/test/html_params-test-page.html
+++ b/icecat/devtools/client/netmonitor/test/html_params-test-page.html
@ -71,7 +71,6 @@
        await get("baz", "?species=in=(52,60)");
        await get("baz", "?a=&a=b");
        await get("baz", "?a=b&a=c&d=1");
        await post("baz", "", urlencoded, "__proto__=evil_value");
      }
    </script>
  </body>
--- a/icecat/devtools/client/responsive/test/browser/browser_device_state_restore.js
+++ b/icecat/devtools/client/responsive/test/browser/browser_device_state_restore.js
@ -10,13 +10,15 @@ const DEFAULT_DPPX = window.devicePixelRatio;
 /* eslint-disable max-len */
 const TEST_DEVICE = {
-  name: "iPhone 17 / 17 Pro",
+  name: "iPhone 6/7/8",
-  width: 402,
+  width: 375,
-  height: 874,
+  height: 667,
-  pixelRatio: 3,
+  pixelRatio: 2,
  userAgent:
-    "Mozilla/5.0 (iPhone; CPU iPhone OS 18_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.0 Mobile/15E148 Safari/604.1",
+    "Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1",
  touch: true,
  icecatOS: false,
  os: "iOS",
  featured: true,
 };
 /* eslint-enable max-len */
--- a/icecat/devtools/client/shared/curl.js
+++ b/icecat/devtools/client/shared/curl.js
@ -458,9 +458,6 @@ const CurlUtils = {
    return (
      encapsChars +
      str
        // Replace all the \ (used as the escape character in the next replace) with \\
        .replace(/\\/g, "\\\\")
        // Replace all " with \" to ensure the first parser does not remove it.
        .replace(/"/g, '\\"')
--- a/icecat/devtools/client/webconsole/test/browser/_webconsole.toml
+++ b/icecat/devtools/client/webconsole/test/browser/_webconsole.toml
@ -587,9 +587,7 @@ support-files = ["browser_webconsole_object_inspector_entries.snapshot.mjs"]
 https_first_disabled = true # JS HttpServer doesn't support https
 skip-if = [
  "http3", # JS HttpServer doesn't support http3
  "os == 'linux' && os_version == '18.04' && processor == 'x86_64' && opt", # Bug 1965340, Bug 2030884
  "os == 'linux' && os_version == '24.04' && processor == 'x86_64' && display == 'x11' && opt", # Bug 1965340
  "os == 'mac' && os_version == '14.70' && processor == 'x86_64'", # Bug 1965340, Bug 2030884
 ]
 ["browser_webconsole_object_inspector_getters.js"]
--- a/icecat/devtools/client/webconsole/test/browser/stub-generator-helpers.js
+++ b/icecat/devtools/client/webconsole/test/browser/stub-generator-helpers.js
@ -179,17 +179,17 @@ function getCleanedPacket(key, packet) {
    res.startedDateTime = existingPacket.startedDateTime;
  }
  if (res.totalTime && existingPacket.totalTime) {
    res.totalTime = existingPacket.totalTime;
  }
  if (res.securityState && existingPacket.securityState) {
    res.securityState = existingPacket.securityState;
  }
-  // totalTime and waitingTime can be very small and rounded to 0. However this
+  // waitingTime can be very small and rounded to 0. However this is still a
-  // is still a valid time value, so check isNaN instead of a simple truthy check.
+  // valid waiting time, so check isNaN instead of a simple truthy check.
-  if (!isNaN(res.totalTime) && !isNaN(existingPacket.totalTime)) {
+  if (!isNaN(res.waitingTime) && existingPacket.waitingTime) {
    res.totalTime = existingPacket.totalTime;
  }
  if (!isNaN(res.waitingTime) && !isNaN(existingPacket.waitingTime)) {
    res.waitingTime = existingPacket.waitingTime;
  }
--- a/icecat/docshell/base/BrowsingContext.cpp
+++ b/icecat/docshell/base/BrowsingContext.cpp
@ -1937,19 +1937,6 @@ NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_THIS_BEGIN(BrowsingContext)
  return IsCertainlyAliveForCC(tmp);
 NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_THIS_END
 /* static */
 void BrowsingContext::SweepWindowProxies(JSTracer* aTrc) {
  if (!sBrowsingContexts) {
    return;
  }
  for (BrowsingContext* bc : sBrowsingContexts->Values()) {
    if (bc->mWindowProxy) {
      JS_UpdateWeakPointerAfterGC(aTrc, &bc->mWindowProxy);
    }
  }
 }
 class RemoteLocationProxy
    : public RemoteObjectProxy<BrowsingContext::LocationProxy,
                               Location_Binding::sCrossOriginProperties> {
@ -2799,11 +2786,6 @@ void BrowsingContext::DidSet(FieldIndex<IDX_ExplicitActive>,
  });
 }
 bool BrowsingContext::CanSet(FieldIndex<IDX_InRDMPane>, const bool&,
                             ContentParent* aSource) {
  return XRE_IsParentProcess() && IsTop() && !aSource;
 }
 void BrowsingContext::DidSet(FieldIndex<IDX_InRDMPane>, bool aOldValue) {
  MOZ_ASSERT(IsTop(),
             "Should only set InRDMPane in the top-level browsing context");
@ -4067,10 +4049,6 @@ bool IPDLParamTraits<dom::MaybeDiscarded<dom::BrowsingContext>>::Read(
  if (id == 0) {
    *aResult = nullptr;
  } else if (RefPtr<dom::BrowsingContext> bc = dom::BrowsingContext::Get(id)) {
    if (!bc->Group()->IsKnownForMessageReader(aReader)) {
      return false;
    }
    *aResult = std::move(bc);
  } else {
    aResult->SetDiscarded(id);
--- a/icecat/docshell/base/BrowsingContext.h
+++ b/icecat/docshell/base/BrowsingContext.h
@ -734,9 +734,6 @@ class BrowsingContext : public nsILoadContext, public nsWrapperCache {
    mWindowProxy = aWindowProxy;
  }
  // Since mWindowProxy is a weak pointer it has to be updated during sweeping.
  static void SweepWindowProxies(JSTracer* aTrc);
  Nullable<WindowProxyHolder> GetWindow();
  NS_DECL_CYCLE_COLLECTING_ISUPPORTS
@ -1139,7 +1136,6 @@ class BrowsingContext : public nsILoadContext, public nsWrapperCache {
    return IsTop();
  }
  bool CanSet(FieldIndex<IDX_InRDMPane>, const bool&, ContentParent* aSource);
  void DidSet(FieldIndex<IDX_InRDMPane>, bool aOldValue);
  MOZ_CAN_RUN_SCRIPT_BOUNDARY void DidSet(FieldIndex<IDX_ForceDesktopViewport>,
                                          bool aOldValue);
@ -1381,8 +1377,10 @@ class BrowsingContext : public nsILoadContext, public nsWrapperCache {
  RefPtr<nsGeolocationService> mGeolocationServiceOverride;
-  // This is a weak reference. It will be updated automatically during sweeping
+  // This is not a strong reference, but using a JS::Heap for that should be
-  // by SweepWindowProxies.
+  // fine. The JSObject stored in here should be a proxy with a
  // nsOuterWindowProxy handler, which will update the pointer from its
  // objectMoved hook and clear it from its finalize hook.
  JS::Heap<JSObject*> mWindowProxy;
  LocationProxy mLocation;
--- a/icecat/docshell/base/BrowsingContextGroup.cpp
+++ b/icecat/docshell/base/BrowsingContextGroup.cpp
@ -251,42 +251,6 @@ ContentParent* BrowsingContextGroup::GetHostProcess(
  return mHosts.GetWeak(aRemoteType);
 }
 bool BrowsingContextGroup::IsKnownForMessageReader(
    IPC::MessageReader* aReader) {
  if (!aReader->GetActor()) {
    aReader->FatalError(
        "No actor for BrowsingContextGroup::IsKnownForMessageReader");
    return false;
  }
  mozilla::ipc::IToplevelProtocol* topActor =
      aReader->GetActor()->ToplevelProtocol();
  switch (topActor->GetProtocolId()) {
    case PInProcessMsgStart:
      // PInProcess always exists only within a single process, so we don't need
      // to do any validation on it.
      return true;
    case PContentMsgStart:
      // The process should only be able to name this BCG if it is
      // subscribed, or if the BCG has been destroyed (and has therefore
      // stopped tracking subscribers).
      if (topActor->GetSide() == mozilla::ipc::ParentSide && !mDestroyed &&
          !mSubscribers.Contains(static_cast<ContentParent*>(topActor))) {
        aReader->FatalError(
            "Process is not subscribed to this BrowsingContextGroup");
        return false;
      }
      return true;
    default:
      aReader->FatalError(
          "Unsupported toplevel actor for "
          "BrowsingContextGroup::IsKnownForMessageReader");
      return false;
  }
 }
 void BrowsingContextGroup::UpdateToplevelsSuspendedIfNeeded() {
  if (!StaticPrefs::dom_suspend_inactive_enabled()) {
    return;
@ -332,8 +296,8 @@ void BrowsingContextGroup::Destroy() {
                             !sBrowsingContextGroups->Contains(Id()) ||
                                 *sBrowsingContextGroups->Lookup(Id()) != this);
  }
 #endif
  mDestroyed = true;
 #endif
  // Make sure to call `RemoveBrowsingContextGroup` for every entry in both
  // `mHosts` and `mSubscribers`. This will visit most entries twice, but
--- a/icecat/docshell/base/BrowsingContextGroup.h
+++ b/icecat/docshell/base/BrowsingContextGroup.h
@ -87,12 +87,6 @@ class BrowsingContextGroup final : public nsWrapperCache {
  // BrowsingContextGroup, if possible.
  ContentParent* GetHostProcess(const nsACString& aRemoteType);
  // Check if the process which sent the message being read from aReader is
  // aware of this BrowsingContextGroup's existence.
  // If this returns false, it will first set a fatal error on aReader with more
  // details.
  bool IsKnownForMessageReader(IPC::MessageReader* aReader);
  // When a BrowsingContext is being discarded, we may want to keep the
  // corresponding BrowsingContextGroup alive until the other process
  // acknowledges that the BrowsingContext has been discarded. A `KeepAlive`
@ -266,7 +260,9 @@ class BrowsingContextGroup final : public nsWrapperCache {
  uint32_t mKeepAliveCount = 0;
 #ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
  bool mDestroyed = false;
 #endif
  // A BrowsingContextGroup contains a series of {Browsing,Window}Context
  // objects. They are addressed using a hashtable to avoid linear lookup when
--- a/icecat/docshell/base/ChildProcessChannelListener.h
+++ b/icecat/docshell/base/ChildProcessChannelListener.h
@ -45,8 +45,8 @@ class ChildProcessChannelListener final {
  };
  // TODO Backtrack.
-  nsTHashMap<NoMemMoveKey<nsUint64HashKey>, Callback> mCallbacks;
+  nsTHashMap<nsUint64HashKey, Callback> mCallbacks;
-  nsTHashMap<NoMemMoveKey<nsUint64HashKey>, CallbackArgs> mChannelArgs;
+  nsTHashMap<nsUint64HashKey, CallbackArgs> mChannelArgs;
 };
 }  // namespace mozilla::dom
--- a/icecat/docshell/base/WindowContext.cpp
+++ b/icecat/docshell/base/WindowContext.cpp
@ -764,10 +764,6 @@ bool IPDLParamTraits<dom::MaybeDiscarded<dom::WindowContext>>::Read(
  if (id == 0) {
    *aResult = nullptr;
  } else if (RefPtr<dom::WindowContext> wc = dom::WindowContext::GetById(id)) {
    if (!wc->Group()->IsKnownForMessageReader(aReader)) {
      return false;
    }
    *aResult = std::move(wc);
  } else {
    aResult->SetDiscarded(id);
--- a/icecat/dom/abort/AbortSignal.cpp
+++ b/icecat/dom/abort/AbortSignal.cpp
@ -38,11 +38,6 @@ void AbortSignalImpl::GetReason(JSContext* aCx,
  }
  MaybeAssignAbortError(aCx);
  aReason.set(mReason);
  if (NS_WARN_IF(!JS_WrapValue(aCx, aReason))) {
    aReason.setUndefined();
    // TODO(Bug 2026137) - AbortSignalImpl::GetReason should be made fallible
    JS_ClearPendingException(aCx);
  }
 }
 JS::Value AbortSignalImpl::RawReason() const { return mReason.get(); }
@ -80,7 +75,7 @@ void AbortSignalImpl::RunAbortSteps() {
  // https://dom.spec.whatwg.org/#abortsignal-remove could be invoked in an
  // earlier algorithm to remove a later algorithm, so |mFollowers| must be a
  // |nsTObserverArray| to defend against mutation.
-  for (RefPtr<AbortFollower> follower : mFollowers.ForwardRange()) {
+  for (RefPtr<AbortFollower>& follower : mFollowers.ForwardRange()) {
    MOZ_ASSERT(follower->mFollowingSignal == this);
    follower->RunAbortAlgorithm();
  }
--- a/icecat/dom/animation/Animation.cpp
+++ b/icecat/dom/animation/Animation.cpp
@ -386,9 +386,11 @@ void Animation::SetStartTime(const Nullable<TimeDuration>& aNewStartTime) {
  }
  CancelPendingTasks();
-  // We may have already resolved mReady, but in that case calling
+  if (mReady) {
-  // MaybeResolve is a no-op, so that's okay.
+    // We may have already resolved mReady, but in that case calling
-  MaybeResolvePromiseWithThis(mReady);
+    // MaybeResolve is a no-op, so that's okay.
    mReady->MaybeResolve(this);
  }
  UpdateTiming(SeekFlag::DidSeek, SyncNotifyFlag::Async);
  if (IsRelevant()) {
@ -447,7 +449,9 @@ void Animation::SetCurrentTimeNoUpdate(const TimeDuration& aSeekTime) {
    ApplyPendingPlaybackRate();
    mStartTime.SetNull();
-    MaybeResolvePromiseWithThis(mReady);
+    if (mReady) {
      mReady->MaybeResolve(this);
    }
    CancelPendingTasks();
  }
@ -604,25 +608,11 @@ Promise* Animation::GetReady(ErrorResult& aRv) {
    return nullptr;
  }
  if (!Pending()) {
-    MaybeResolvePromiseWithThis(mReady);
+    mReady->MaybeResolve(this);
  }
  return mReady;
 }
 void Animation::MaybeResolvePromiseWithThis(Promise* aPromise) {
  if (!aPromise) {
    return;
  }
  if (!nsContentUtils::IsSafeToRunScript()) {
    nsContentUtils::AddScriptRunner(NewRunnableMethod<RefPtr<Promise>>(
        "MaybeResolvePromiseWithThis", this,
        &Animation::MaybeResolvePromiseWithThis, aPromise));
    return;
  }
  RefPtr promise = aPromise;
  promise->MaybeResolve(this);
 }
 Promise* Animation::GetFinished(ErrorResult& aRv) {
  nsCOMPtr<nsIGlobalObject> global = GetOwnerGlobal();
  if (!mFinished && global) {
@ -724,7 +714,9 @@ void Animation::Finish(ErrorResult& aRv) {
    }
    CancelPendingTasks();
    didChange = true;
-    MaybeResolvePromiseWithThis(mReady);
+    if (mReady) {
      mReady->MaybeResolve(this);
    }
  }
  UpdateTiming(SeekFlag::DidSeek, SyncNotifyFlag::Sync);
  if (didChange && IsRelevant()) {
@ -1615,7 +1607,9 @@ void Animation::ResumeAt(const TimeDuration& aReadyTime) {
    MutationObservers::NotifyAnimationChanged(this);
  }
-  MaybeResolvePromiseWithThis(mReady);
+  if (mReady) {
    mReady->MaybeResolve(this);
  }
 }
 void Animation::PauseAt(const TimeDuration& aReadyTime) {
@ -1632,7 +1626,9 @@ void Animation::PauseAt(const TimeDuration& aReadyTime) {
  UpdateTiming(SeekFlag::NoSeek, SyncNotifyFlag::Async);
-  MaybeResolvePromiseWithThis(mReady);
+  if (mReady) {
    mReady->MaybeResolve(this);
  }
 }
 void Animation::UpdateTiming(SeekFlag aSeekFlag,
@ -1881,8 +1877,10 @@ void Animation::ResetFinishedPromise() {
 }
 void Animation::MaybeResolveFinishedPromise() {
  if (mFinished) {
    mFinished->MaybeResolve(this);
  }
  mFinishedIsResolved = true;
  MaybeResolvePromiseWithThis(mFinished);
 }
 void Animation::DoFinishNotificationImmediately(MicroTaskRunnable* aAsync) {
--- a/icecat/dom/animation/Animation.h
+++ b/icecat/dom/animation/Animation.h
@ -466,7 +466,6 @@ class Animation : public DOMEventTargetHelper,
  friend class AsyncFinishNotification;
  void DoFinishNotificationImmediately(MicroTaskRunnable* aAsync = nullptr);
  void QueuePlaybackEvent(nsAtom* aOnEvent, TimeStamp&& aScheduledEventTime);
  void MaybeResolvePromiseWithThis(Promise*);
  /**
   * Remove this animation from the pending animation tracker and reset
--- a/icecat/dom/base/Document.cpp
+++ b/icecat/dom/base/Document.cpp
@ -687,10 +687,7 @@ class SimpleHTMLCollection final : public nsSimpleContentList,
  }
  virtual uint32_t Length() override { return nsSimpleContentList::Length(); }
  virtual Element* GetElementAt(uint32_t aIndex) override {
-    if (nsIContent* content = mElements.SafeElementAt(aIndex)) {
+    return mElements.SafeElementAt(aIndex)->AsElement();
      return content->AsElement();
    }
    return nullptr;
  }
  virtual Element* GetFirstNamedElement(const nsAString& aName,
@ -10664,25 +10661,23 @@ void nsDOMAttributeMap::BlastSubtreeToPieces(nsINode* aNode) {
        mozilla::DebugOnly<nsresult> rv =
            element->UnsetAttr(attr->NodeInfo()->NamespaceID(),
-                               attr->NodeInfo()->NameAtom(), true);
+                               attr->NodeInfo()->NameAtom(), false);
        // XXX Should we abort here?
        NS_ASSERTION(NS_SUCCEEDED(rv), "Uh-oh, UnsetAttr shouldn't fail!");
      }
    }
-    // Hold the strong reference to be sure, since we may notify
+    if (mozilla::dom::ShadowRoot* shadow = element->GetShadowRoot()) {
    if (RefPtr<mozilla::dom::ShadowRoot> shadow = element->GetShadowRoot()) {
      BlastSubtreeToPieces(shadow);
      element->UnattachShadow();
    }
  }
  while (aNode->HasChildren()) {
-    // Hold the strong reference to be sure, since we are notifying.
+    nsIContent* node = aNode->GetFirstChild();
    nsCOMPtr<nsIContent> node = aNode->GetFirstChild();
    BlastSubtreeToPieces(node);
-    aNode->RemoveChildNode(node, true);
+    aNode->RemoveChildNode(node, false);
  }
 }
@ -16277,16 +16272,11 @@ void Document::RequestFullscreenInParentProcess(
 /* static */
 bool Document::HandlePendingFullscreenRequests(Document* aDoc) {
  AutoTArray<UniquePtr<FullscreenRequest>, 1> requests;
  {
    PendingFullscreenChangeList::Iterator<FullscreenRequest> iter(
        aDoc, PendingFullscreenChangeList::eDocumentsWithSameRoot);
    while (!iter.AtEnd()) {
      requests.AppendElement(iter.TakeAndNext());
    }
  }
  bool handled = false;
-  for (UniquePtr<FullscreenRequest>& request : requests) {
+  PendingFullscreenChangeList::Iterator<FullscreenRequest> iter(
      aDoc, PendingFullscreenChangeList::eDocumentsWithSameRoot);
  while (!iter.AtEnd()) {
    UniquePtr<FullscreenRequest> request = iter.TakeAndNext();
    Document* doc = request->Document();
    if (doc->ApplyFullscreen(std::move(request))) {
      handled = true;
--- a/icecat/dom/base/Document.h
+++ b/icecat/dom/base/Document.h
@ -5732,7 +5732,7 @@ class MOZ_RAII IgnoreOpensDuringUnload final {
  }
 private:
-  RefPtr<Document> mDoc;
+  Document* mDoc;
 };
 bool IsInFocusedTab(Document* aDoc);
--- a/icecat/dom/base/DocumentOrShadowRoot.cpp
+++ b/icecat/dom/base/DocumentOrShadowRoot.cpp
@ -7,7 +7,6 @@
 #include "DocumentOrShadowRoot.h"
 #include "mozilla/AnimationComparator.h"
 #include "mozilla/EventStateManager.h"
 #include "mozilla/Likely.h"
 #include "mozilla/PointerLockManager.h"
 #include "mozilla/PresShell.h"
 #include "mozilla/StyleSheet.h"
@ -113,10 +112,6 @@ void DocumentOrShadowRoot::RemoveSheetFromStylesIfApplicable(
 void DocumentOrShadowRoot::OnSetAdoptedStyleSheets(StyleSheet& aSheet,
                                                   uint32_t aIndex,
                                                   ErrorResult& aRv) {
  if (MOZ_UNLIKELY(aIndex > mAdoptedStyleSheets.Length())) {
    MOZ_ASSERT_UNREACHABLE("Out of sync proxy");
    return;
  }
  Document& doc = *AsNode().OwnerDoc();
  // 1. If value’s constructed flag is not set, or its constructor document is
  // not equal to this DocumentOrShadowRoot's node document, throw a
@ -169,10 +164,7 @@ void DocumentOrShadowRoot::OnSetAdoptedStyleSheets(StyleSheet& aSheet,
 void DocumentOrShadowRoot::OnDeleteAdoptedStyleSheets(StyleSheet& aSheet,
                                                      uint32_t aIndex,
                                                      ErrorResult&) {
-  if (MOZ_UNLIKELY(mAdoptedStyleSheets.ElementAt(aIndex) != &aSheet)) {
+  MOZ_ASSERT(mAdoptedStyleSheets.ElementAt(aIndex) == &aSheet);
    MOZ_ASSERT_UNREACHABLE("Out of sync proxy");
    return;
  }
  mAdoptedStyleSheets.RemoveElementAt(aIndex);
  auto existingIndex = mAdoptedStyleSheets.LastIndexOf(&aSheet);
  if (existingIndex != mAdoptedStyleSheets.NoIndex && existingIndex >= aIndex) {
--- a/icecat/dom/base/Element.cpp
+++ b/icecat/dom/base/Element.cpp
@ -279,9 +279,8 @@ nsIFrame* nsIContent::GetPrimaryFrame(mozilla::FlushType aType) {
    return nullptr;
  }
  RefPtr<mozilla::PresShell> presShell = frame->PresShell();
  if (aType == mozilla::FlushType::Layout) {
-    presShell->EnsureReflowIfFrameHasHiddenContent(frame);
+    frame->PresShell()->EnsureReflowIfFrameHasHiddenContent(frame);
    frame = GetPrimaryFrame();
  }
@ -2808,7 +2807,6 @@ bool Element::OnlyNotifySameValueSet(int32_t aNamespaceID, nsAtom* aName,
  }
  nsAutoScriptBlocker scriptBlocker;
  OnAttrSetButNotChanged(aNamespaceID, aName, aValue, aNotify);
  MutationObservers::NotifyAttributeSetToCurrentValue(this, aNamespaceID,
                                                      aName);
  return true;
@ -2858,6 +2856,7 @@ nsresult Element::SetAttr(int32_t aNamespaceID, nsAtom* aName, nsAtom* aPrefix,
    if (OnlyNotifySameValueSet(aNamespaceID, aName, aPrefix, value, aNotify,
                               oldValue, &modType, &hasListeners,
                               &oldValueSet)) {
      OnAttrSetButNotChanged(aNamespaceID, aName, value, aNotify);
      return NS_OK;
    }
  }
@ -2907,6 +2906,7 @@ nsresult Element::SetParsedAttr(int32_t aNamespaceID, nsAtom* aName,
    if (OnlyNotifySameValueSet(aNamespaceID, aName, aPrefix, value, aNotify,
                               oldValue, &modType, &hasListeners,
                               &oldValueSet)) {
      OnAttrSetButNotChanged(aNamespaceID, aName, value, aNotify);
      return NS_OK;
    }
  }
--- a/icecat/dom/base/ImageEncoder.cpp
+++ b/icecat/dom/base/ImageEncoder.cpp
@ -341,8 +341,8 @@ nsresult ImageEncoder::ExtractDataInternal(
        return NS_ERROR_INVALID_ARG;
      }
      auto size = data->GetSize();
-      rv = aEncoder->InitFromData(map.mData, map.mStride * size.height,
+      rv = aEncoder->InitFromData(map.mData, size.width * size.height * 4,
-                                  size.width, size.height, map.mStride,
+                                  size.width, size.height, size.width * 4,
                                  imgIEncoder::INPUT_FORMAT_HOSTARGB, aOptions);
      data->Unmap();
    }
@ -374,8 +374,8 @@ nsresult ImageEncoder::ExtractDataInternal(
      }
      rv = aEncoder->InitFromData(data.Elements(),
-                                  length, aSize.width,
+                                  aSize.width * aSize.height * 4, aSize.width,
-                                  aSize.height, stride,
+                                  aSize.height, aSize.width * 4,
                                  imgIEncoder::INPUT_FORMAT_HOSTARGB, aOptions);
    } else {
      if (BufferSizeFromDimensions(aSize.width, aSize.height, 4) == 0) {
@ -391,8 +391,8 @@ nsresult ImageEncoder::ExtractDataInternal(
        return NS_ERROR_INVALID_ARG;
      }
      auto size = dataSurface->GetSize();
-      rv = aEncoder->InitFromData(map.mData, map.mStride * size.height,
+      rv = aEncoder->InitFromData(map.mData, size.width * size.height * 4,
-                                  size.width, size.height, map.mStride,
+                                  size.width, size.height, size.width * 4,
                                  imgIEncoder::INPUT_FORMAT_HOSTARGB, aOptions);
      dataSurface->Unmap();
    }
@ -421,13 +421,13 @@ nsresult ImageEncoder::ExtractDataInternal(
    if (!emptyCanvas->Map(DataSourceSurface::MapType::WRITE, &map)) {
      return NS_ERROR_INVALID_ARG;
    }
    auto size = map.mStride * aSize.height;
    if (aUsePlaceholder) {
      auto size = 4 * aSize.width * aSize.height;
      auto* data = map.mData;
      GeneratePlaceholderCanvasData(size, data);
    }
-    rv = aEncoder->InitFromData(map.mData, size, aSize.width, aSize.height,
+    rv = aEncoder->InitFromData(map.mData, aSize.width * aSize.height * 4,
-                                map.mStride,
+                                aSize.width, aSize.height, aSize.width * 4,
                                imgIEncoder::INPUT_FORMAT_HOSTARGB, aOptions);
    emptyCanvas->Unmap();
    if (NS_SUCCEEDED(rv)) {
--- a/icecat/dom/base/MimeType.cpp
+++ b/icecat/dom/base/MimeType.cpp
@ -271,7 +271,6 @@ template <typename char_type>
    const nsTSubstring<char_type>& aMimeType,
    nsTSubstring<char_type>& aOutEssence,
    nsTSubstring<char_type>& aOutCharset) {
  // https://fetch.spec.whatwg.org/#concept-header-extract-mime-type
  static char_type kCHARSET[] = {'c', 'h', 'a', 'r', 's', 'e', 't'};
  static nsTDependentSubstring<char_type> kCharset(kCHARSET, 7);
@ -279,8 +278,8 @@ template <typename char_type>
  nsTAutoString<char_type> prevContentType;
  nsTAutoString<char_type> prevCharset;
-  aOutEssence.Truncate();
+  prevContentType.Assign(aOutEssence);
-  aOutCharset.Truncate();
+  prevCharset.Assign(aOutCharset);
  nsTArray<nsTDependentSubstring<char_type>> mimeTypeParts =
      SplitMimetype(aMimeType);
@ -293,7 +292,9 @@ template <typename char_type>
    parsed = Parse(mimeTypeString);
    if (!parsed) {
-      continue;
+      aOutEssence.Truncate();
      aOutCharset.Truncate();
      return false;
    }
    parsed->GetEssence(aOutEssence);
@ -321,10 +322,6 @@ template <typename char_type>
    }
  }
  if (aOutEssence.IsEmpty()) {
    return false;
  }
  return true;
 }
--- a/icecat/dom/base/ScreenOrientation.cpp
+++ b/icecat/dom/base/ScreenOrientation.cpp
@ -70,24 +70,15 @@ ScreenOrientation::ScreenOrientation(nsPIDOMWindowInner* aWindow,
    : DOMEventTargetHelper(aWindow), mScreen(aScreen) {
  MOZ_ASSERT(aWindow);
  MOZ_ASSERT(aScreen);
 }
-/* static */ already_AddRefed<ScreenOrientation> ScreenOrientation::Create(
+  mAngle = aScreen->GetOrientationAngle();
-    nsPIDOMWindowInner* aWindow, nsScreen* aScreen) {
+  mType = InternalOrientationToType(aScreen->GetOrientationType());
  RefPtr screenOrientation = new ScreenOrientation(aWindow, aScreen);
-  screenOrientation->mAngle = aScreen->GetOrientationAngle();
+  Document* doc = GetResponsibleDocument();
  screenOrientation->mType =
      InternalOrientationToType(aScreen->GetOrientationType());
  Document* doc = screenOrientation->GetResponsibleDocument();
  BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr;
  if (bc && !bc->IsDiscarded() && !bc->InRDMPane()) {
-    MOZ_ALWAYS_SUCCEEDS(bc->SetCurrentOrientation(screenOrientation->mType,
+    MOZ_ALWAYS_SUCCEEDS(bc->SetCurrentOrientation(mType, mAngle));
                                                  screenOrientation->mAngle));
  }
  return screenOrientation.forget();
 }
 ScreenOrientation::~ScreenOrientation() {
--- a/icecat/dom/base/ScreenOrientation.h
+++ b/icecat/dom/base/ScreenOrientation.h
@ -33,13 +33,8 @@ class ScreenOrientation final : public DOMEventTargetHelper {
  // Called when the orientation may have changed.
  void MaybeChanged();
 private:
  ScreenOrientation(nsPIDOMWindowInner* aWindow, nsScreen* aScreen);
 public:
  static already_AddRefed<ScreenOrientation> Create(nsPIDOMWindowInner* aWindow,
                                                    nsScreen* aScreen);
  already_AddRefed<Promise> Lock(OrientationLockType aOrientation,
                                 ErrorResult& aRv);
@ -112,8 +107,8 @@ class ScreenOrientation final : public DOMEventTargetHelper {
  RefPtr<nsScreen> mScreen;
  RefPtr<FullscreenEventListener> mFullscreenListener;
  RefPtr<VisibleEventListener> mVisibleListener;
-  OrientationType mType{};
+  OrientationType mType;
-  uint16_t mAngle{};
+  uint16_t mAngle;
  // Whether we've tried to call into hal to lock the device orientation. This
  // is needed because you don't want calling UnlockDeviceOrientation() during
  // shutdown to initialize PHal if it hasn't been initialized earlier. Also,
--- a/icecat/dom/base/ShadowRoot.cpp
+++ b/icecat/dom/base/ShadowRoot.cpp
@ -213,7 +213,7 @@ void ShadowRoot::Unattach() {
 void ShadowRoot::InvalidateStyleAndLayoutOnSubtree(Element* aElement) {
  MOZ_ASSERT(aElement);
-  Document* doc = aElement->GetComposedDoc();
+  Document* doc = GetComposedDoc();
  if (!doc) {
    return;
  }
--- a/icecat/dom/base/ShadowRoot.h
+++ b/icecat/dom/base/ShadowRoot.h
@ -136,7 +136,7 @@ class ShadowRoot final : public DocumentFragment, public DocumentOrShadowRoot {
   * It is important that this runs _before_ actually shuffling the flat tree
   * around, so that layout knows the actual tree that it needs to invalidate.
   */
-  static void InvalidateStyleAndLayoutOnSubtree(Element*);
+  void InvalidateStyleAndLayoutOnSubtree(Element*);
 private:
  void InsertSheetIntoAuthorData(size_t aIndex, StyleSheet&,
--- a/icecat/dom/base/StructuredCloneBlob.cpp
+++ b/icecat/dom/base/StructuredCloneBlob.cpp
@ -15,10 +15,8 @@
 #include "js/Wrapper.h"
 #include "jsapi.h"
 #include "mozilla/Assertions.h"
 #include "mozilla/CheckedInt.h"
 #include "mozilla/ErrorResult.h"
 #include "mozilla/Maybe.h"
 #include "mozilla/Span.h"
 #include "mozilla/UniquePtr.h"
 #include "mozilla/dom/BindingDeclarations.h"
 #include "mozilla/dom/BlobImpl.h"
@ -175,8 +173,7 @@ bool StructuredCloneBlob::Holder::ReadStructuredCloneInternal(
      return false;
    }
 #endif
-    BlobImpls().AppendElements(
+    BlobImpls().AppendElements(&aHolder->BlobImpls()[blobOffset], blobCount);
        Span(aHolder->BlobImpls()).Subspan(blobOffset, blobCount));
  }
  JSStructuredCloneData data(mStructuredCloneScope);
@ -215,13 +212,8 @@ bool StructuredCloneBlob::WriteStructuredClone(JSContext* aCx,
 bool StructuredCloneBlob::Holder::WriteStructuredClone(
    JSContext* aCx, JSStructuredCloneWriter* aWriter,
    StructuredCloneHolder* aHolder) {
-  const auto& data = mBuffer->data();
+  auto& data = mBuffer->data();
-  CheckedUint32 dataSize(data.Size());
+  if (!JS_WriteUint32Pair(aWriter, data.Size(), JS_STRUCTURED_CLONE_VERSION) ||
  if (!dataSize.isValid()) {
    return false;
  }
  if (!JS_WriteUint32Pair(aWriter, dataSize.value(),
                          JS_STRUCTURED_CLONE_VERSION) ||
      !JS_WriteUint32Pair(aWriter, aHolder->BlobImpls().Length(),
                          BlobImpls().Length())) {
    return false;
--- a/icecat/dom/base/TextInputProcessor.cpp
+++ b/icecat/dom/base/TextInputProcessor.cpp
@ -938,8 +938,9 @@ TextInputProcessor::NotifyIME(TextEventDispatcher* aTextEventDispatcher,
 NS_IMETHODIMP_(IMENotificationRequests)
 TextInputProcessor::GetIMENotificationRequests() {
  // TextInputProcessor should support all change notifications.
-  return {IMENotificationRequest::TextChange,
+  return IMENotificationRequests(
-          IMENotificationRequest::PositionChange};
+      IMENotificationRequests::NOTIFY_TEXT_CHANGE |
      IMENotificationRequests::NOTIFY_POSITION_CHANGE);
 }
 NS_IMETHODIMP_(void)
--- a/Show more
+++ b/Show more