747 changed files with 33460 additions and 44102 deletions
--- a/icecat/.cargo/config.toml.in
+++ b/icecat/.cargo/config.toml.in
@ -100,9 +100,9 @@ git = "https://github.com/mozilla/midir.git"
 rev = "85156e360a37d851734118104619f86bd18e94c6"
 replace-with = "vendored-sources"
-[source."git+https://github.com/mozilla/mp4parse-rust?rev=25ebfa59a21dc0d223052d73a2fafdd55307c2d7"]
+[source."git+https://github.com/mozilla/mp4parse-rust?rev=e64650a686e5c5732395cd059e17cfd3b1e5b63b"]
 git = "https://github.com/mozilla/mp4parse-rust"
-rev = "25ebfa59a21dc0d223052d73a2fafdd55307c2d7"
+rev = "e64650a686e5c5732395cd059e17cfd3b1e5b63b"
 replace-with = "vendored-sources"
 [source."git+https://github.com/mozilla/neqo?tag=v0.13.4"]
--- a/icecat/.gitignore
+++ b/icecat/.gitignore
@ -37,10 +37,6 @@ ID
 # third-party packages is dealt with by the script vendoring them.
 *.egg-info/
 # Ignore pywebsocket3 intermediate files.
 testing/web-platform/tests/tools/third_party/pywebsocket3/pywebsocket3.egg-info
 testing/web-platform/tests/tools/third_party/pywebsocket3/build
 # Vim swap files.
 .*.sw[a-z]
 .sw[a-z]
--- a/icecat/.taskcluster.yml
+++ b/icecat/.taskcluster.yml
@ -101,7 +101,7 @@ tasks:
                                description: 'Created by a [cron task](https://icecat-ci-tc.services.mozilla.com/tasks/${cron.task_id}) (${treeherder_link})'
              provisionerId: "${trustDomain}-${repository.level}"
-              workerType: "decision"
+              workerType: "decision-gcp"
              tags:
                  $if: 'tasks_for == "hg-push"'
--- a/icecat/CLOBBER
+++ b/icecat/CLOBBER
@ -22,4 +22,4 @@
 # changes to stick? As of bug 928195, this shouldn't be necessary! Please
 # don't change CLOBBER for WebIDL changes any more.
-Merge day clobber 2026-01-12
+Merge day clobber 2025-11-10
--- a/icecat/Cargo.lock
+++ b/icecat/Cargo.lock
@ -1166,7 +1166,6 @@ dependencies = [
 name = "crash_helper_common"
 version = "0.1.0"
 dependencies = [
 "getrandom 0.3.3",
 "minidump-writer",
 "nix 0.30.1",
 "num-derive",
@ -4607,7 +4606,7 @@ dependencies = [
 [[package]]
 name = "mp4parse"
 version = "0.17.0"
-source = "git+https://github.com/mozilla/mp4parse-rust?rev=25ebfa59a21dc0d223052d73a2fafdd55307c2d7#25ebfa59a21dc0d223052d73a2fafdd55307c2d7"
+source = "git+https://github.com/mozilla/mp4parse-rust?rev=e64650a686e5c5732395cd059e17cfd3b1e5b63b#e64650a686e5c5732395cd059e17cfd3b1e5b63b"
 dependencies = [
 "bitreader",
 "byteorder",
@ -4624,7 +4623,7 @@ version = "0.1.0"
 [[package]]
 name = "mp4parse_capi"
 version = "0.17.0"
-source = "git+https://github.com/mozilla/mp4parse-rust?rev=25ebfa59a21dc0d223052d73a2fafdd55307c2d7#25ebfa59a21dc0d223052d73a2fafdd55307c2d7"
+source = "git+https://github.com/mozilla/mp4parse-rust?rev=e64650a686e5c5732395cd059e17cfd3b1e5b63b#e64650a686e5c5732395cd059e17cfd3b1e5b63b"
 dependencies = [
 "byteorder",
 "fallible_collections",
--- a/icecat/browser/app/winlauncher/LauncherProcessWin.cpp
+++ b/icecat/browser/app/winlauncher/LauncherProcessWin.cpp
@ -11,6 +11,7 @@
 #include "mozilla/Attributes.h"
 #include "mozilla/CmdLineAndEnvUtils.h"
 #include "mozilla/DebugOnly.h"
 #include "mozilla/DynamicallyLinkedFunctionPtr.h"
 #include "mozilla/glue/Debug.h"
 #include "mozilla/GeckoArgs.h"
 #include "mozilla/Maybe.h"
@ -18,14 +19,12 @@
 #include "mozilla/SafeMode.h"
 #include "mozilla/UniquePtr.h"
 #include "mozilla/WindowsConsole.h"
 #include "mozilla/WindowsProcessMitigations.h"
 #include "mozilla/WindowsVersion.h"
 #include "mozilla/WinHeaderOnlyUtils.h"
 #include "nsWindowsHelpers.h"
 #include <windows.h>
 #include <processthreadsapi.h>
 #include <shlwapi.h>
 #include "DllBlocklistInit.h"
 #include "ErrorHandler.h"
@ -112,82 +111,16 @@ static nsReturnRef<HANDLE> CreateJobAndAssignProcess(HANDLE aProcess) {
  return job.out();
 }
-enum class VCRuntimeDLLDir : bool {
+#if !defined( \
-  Application,
+    PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_PREFER_SYSTEM32_ALWAYS_ON)
-  System,
+#  define PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_PREFER_SYSTEM32_ALWAYS_ON \
-};
+    (0x00000001ULL << 60)
-static bool GetMSVCP140VersionInfo(VCRuntimeDLLDir aDir,
+#endif  // !defined(PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_PREFER_SYSTEM32_ALWAYS_ON)
                                   uint64_t& aOutVersion) {
  wchar_t dllPath[MAX_PATH];
  if (aDir == VCRuntimeDLLDir::Application) {
    DWORD size = ::GetModuleFileNameW(nullptr, dllPath, MAX_PATH);
    if (!size ||
        (size == MAX_PATH && ::GetLastError() == ERROR_INSUFFICIENT_BUFFER) ||
        !::PathRemoveFileSpecW(dllPath)) {
      return false;
    }
  } else {
    MOZ_ASSERT(aDir == VCRuntimeDLLDir::System);
    UINT size = ::GetSystemDirectoryW(dllPath, MAX_PATH);
    if (!size || size >= MAX_PATH) {
      return false;
    }
  }
-  if (!::PathAppendW(dllPath, L"msvcp140.dll")) {
+#if !defined(PROCESS_CREATION_MITIGATION_POLICY_CONTROL_FLOW_GUARD_ALWAYS_OFF)
-    return false;
+#  define PROCESS_CREATION_MITIGATION_POLICY_CONTROL_FLOW_GUARD_ALWAYS_OFF \
-  }
+    (0x00000002ULL << 40)
-  HMODULE crt =
+#endif  // !defined(PROCESS_CREATION_MITIGATION_POLICY_CONTROL_FLOW_GUARD_ALWAYS_OFF)
      ::LoadLibraryExW(dllPath, nullptr, LOAD_LIBRARY_AS_IMAGE_RESOURCE);
  if (!crt) {
    return false;
  }
  mozilla::nt::PEHeaders headers{crt};
  bool result = headers.GetVersionInfo(aOutVersion);
  ::FreeLibrary(crt);
  return result;
 }
 /**
 * Choose whether we want to favor loading DLLs from the system directory over
 * the application directory. This choice automatically propagates to all child
 * processes. In particular, it determines whether child processes will load
 * Visual C++ runtime DLLs from the system or the application directory at
 * startup.
 *
 * Whenever possible, we want all processes to favor loading DLLs from the
 * system directory. But if old Visual C++ runtime DLLs are installed
 * system-wide, then we must favor loading from the application directory
 * instead to ensure compatibility, at least during startup. So in this case we
 * only apply the delayed variant of the mitigation and only in sandboxed
 * processes, which is the best compromise (see SandboxBroker::LaunchApp).
 *
 * This function is called from the launcher process *and* the browser process.
 * This is because if the launcher process is disabled, we still want the
 * browser process to go through this code so that it enforces the correct
 * choice for itself and for child processes.
 */
 static void EnablePreferLoadFromSystem32IfCompatible() {
  // We may already have the mitigation if we are the browser process and we
  // inherited it from the launcher process.
  if (!mozilla::IsPreferLoadFromSystem32Available() ||
      mozilla::IsPreferLoadFromSystem32Enabled()) {
    return;
  }
  // Only bail out if (1) there is a conflict because the two DLLs exist *and*
  // (2) the version of the system DLL is problematic.
  uint64_t systemDirVersion = 0, appDirVersion = 0;
  if (GetMSVCP140VersionInfo(VCRuntimeDLLDir::System, systemDirVersion) &&
      GetMSVCP140VersionInfo(VCRuntimeDLLDir::Application, appDirVersion) &&
      systemDirVersion < appDirVersion) {
    return;
  }
  mozilla::DebugOnly<bool> setOk = mozilla::EnablePreferLoadFromSystem32();
  MOZ_ASSERT(setOk);
 }
 /**
 * Any mitigation policies that should be set on the browser process should go
@ -195,11 +128,10 @@ static void EnablePreferLoadFromSystem32IfCompatible() {
 */
 static void SetMitigationPolicies(mozilla::ProcThreadAttributes& aAttrs,
                                  const bool aIsSafeMode) {
-  // Note: Do *not* handle IMAGE_LOAD_PREFER_SYSTEM32_ALWAYS_ON here. For this
+  if (mozilla::IsWin10AnniversaryUpdateOrLater()) {
-  //       mitigation we rely on EnablePreferLoadFromSystem32IfCompatible().
+    aAttrs.AddMitigationPolicy(
-  //       The launcher process or the browser process will choose whether we
+        PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_PREFER_SYSTEM32_ALWAYS_ON);
-  //       want to apply the mitigation or not, and child processes will
+  }
  //       automatically inherit that choice.
 #if defined(_M_ARM64)
  // Disable CFG on older versions of ARM64 Windows to avoid a crash in COM.
@ -354,9 +286,6 @@ Maybe<int> LauncherMain(int& argc, wchar_t* argv[],
    return Nothing();
  }
  // Called from the launcher process *and* the browser process.
  EnablePreferLoadFromSystem32IfCompatible();
 #if defined(MOZ_LAUNCHER_PROCESS)
  LauncherRegistryInfo regInfo;
  Maybe<bool> runAsLauncher = RunAsLauncherProcess(regInfo, argc, argv);
@ -380,6 +309,22 @@ Maybe<int> LauncherMain(int& argc, wchar_t* argv[],
    return Nothing();
  }
  // Make sure that the launcher process itself has image load policies set
  if (IsWin10AnniversaryUpdateOrLater()) {
    static const StaticDynamicallyLinkedFunctionPtr<
        decltype(&SetProcessMitigationPolicy)>
        pSetProcessMitigationPolicy(L"kernel32.dll",
                                    "SetProcessMitigationPolicy");
    if (pSetProcessMitigationPolicy) {
      PROCESS_MITIGATION_IMAGE_LOAD_POLICY imgLoadPol = {};
      imgLoadPol.PreferSystem32Images = 1;
      DebugOnly<BOOL> setOk = pSetProcessMitigationPolicy(
          ProcessImageLoadPolicy, &imgLoadPol, sizeof(imgLoadPol));
      MOZ_ASSERT(setOk);
    }
  }
 #if defined(MOZ_SANDBOX)
  // Ensure the relevant mitigations are enforced.
  mozilla::sandboxing::ApplyParentProcessMitigations();
--- a/icecat/browser/app/winlauncher/moz.build
+++ b/icecat/browser/app/winlauncher/moz.build
@ -24,7 +24,6 @@ OS_LIBS += [
    "oleaut32",
    "ole32",
    "rpcrt4",
    "shlwapi",
    "version",
 ]
--- a/icecat/browser/base/content/browser-fullScreenAndPointerLock.js
+++ b/icecat/browser/base/content/browser-fullScreenAndPointerLock.js
@ -103,9 +103,10 @@ var PointerlockFsWarning = {
    } else {
      textElem.removeAttribute("hidden");
      // Document's principal's URI has a host. Display a warning including it.
-      let displayHost = BrowserUtils.formatURIForDisplay(uri, {
+      let { DownloadUtils } = ChromeUtils.importESModule(
-        onlyBaseDomain: true,
+        "resource://gre/modules/DownloadUtils.sys.mjs"
-      });
+      );
      let displayHost = DownloadUtils.getURIHost(uri.spec)[0];
      let l10nString = {
        "fullscreen-warning": "fullscreen-warning-domain",
        "pointerlock-warning": "pointerlock-warning-domain",
--- a/icecat/browser/base/content/browser.js
+++ b/icecat/browser/base/content/browser.js
@ -2230,7 +2230,7 @@ var XULBrowserWindow = {
    // Ensure we close any remaining open locationspecific panels
    if (!isSameDocument) {
-      closeOpenPanels(":is(panel, menupopup)[locationspecific='true']");
+      closeOpenPanels("panel[locationspecific='true']");
    }
    gPermissionPanel.onLocationChange();
--- a/icecat/browser/components/DesktopActorRegistry.sys.mjs
+++ b/icecat/browser/components/DesktopActorRegistry.sys.mjs
@ -127,9 +127,6 @@ let JSWINDOWACTORS = {
      },
    },
    matches: ["about:messagepreview", "about:messagepreview?*"],
    remoteTypes: ["privilegedabout"],
    enablePreference:
      "browser.newtabpage.activity-stream.asrouter.devtoolsEnabled",
  },
  AboutPocket: {
--- a/icecat/browser/components/about/AboutRedirector.cpp
+++ b/icecat/browser/components/about/AboutRedirector.cpp
@ -110,7 +110,6 @@ static const RedirEntry kRedirMap[] = {
    {"messagepreview",
     "chrome://browser/content/messagepreview/messagepreview.html",
     nsIAboutModule::URI_MUST_LOAD_IN_CHILD |
         nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS |
         nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
         nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT},
    {"pocket-saved", "chrome://pocket/content/panels/saved.html",
--- a/icecat/browser/components/downloads/DownloadsViewUI.sys.mjs
+++ b/icecat/browser/components/downloads/DownloadsViewUI.sys.mjs
@ -12,7 +12,6 @@ import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs";
 const lazy = {};
 ChromeUtils.defineESModuleGetters(lazy, {
  BrowserUtils: "resource://gre/modules/BrowserUtils.sys.mjs",
  BrowserWindowTracker: "resource:///modules/BrowserWindowTracker.sys.mjs",
  DownloadUtils: "resource://gre/modules/DownloadUtils.sys.mjs",
  Downloads: "resource://gre/modules/Downloads.sys.mjs",
@ -601,13 +600,7 @@ DownloadsViewUI.DownloadElementShell.prototype = {
      this.showStatus(stateLabel, hoverStatus);
      return;
    }
-    let uri = URL.parse(this.download.source.url)?.URI;
+    let [displayHost] = lazy.DownloadUtils.getURIHost(this.download.source.url);
    let displayHost = uri
      ? lazy.BrowserUtils.formatURIForDisplay(uri, {
          onlyBaseDomain: true,
        })
      : "";
    let [displayDate] = lazy.DownloadUtils.getReadableDates(
      new Date(this.download.endTime)
    );
--- a/icecat/browser/components/icecatview/fxview-tab-list.mjs
+++ b/icecat/browser/components/icecatview/fxview-tab-list.mjs
@ -513,9 +513,7 @@ export class FxviewTabRowBase extends MozLitElement {
  formatURIForDisplay(uriString) {
    return !window.IS_STORYBOOK
-      ? lazy.BrowserUtils.formatURIStringForDisplay(uriString, {
+      ? lazy.BrowserUtils.formatURIStringForDisplay(uriString)
          showFilenameForLocalURIs: true,
        })
      : uriString;
  }
--- a/icecat/browser/components/icecatview/helpers.mjs
+++ b/icecat/browser/components/icecatview/helpers.mjs
@ -24,9 +24,7 @@ export const LOGGING_PREF = "browser.tabs.icecat-view.logLevel";
 export const MAX_TABS_FOR_RECENT_BROWSING = 5;
 export function formatURIForDisplay(uriString) {
-  return lazy.BrowserUtils.formatURIStringForDisplay(uriString, {
+  return lazy.BrowserUtils.formatURIStringForDisplay(uriString);
    showFilenameForLocalURIs: true,
  });
 }
 export function convertTimestamp(
--- a/icecat/browser/components/icecatview/history.mjs
+++ b/icecat/browser/components/icecatview/history.mjs
@ -18,7 +18,6 @@ const lazy = {};
 ChromeUtils.defineESModuleGetters(lazy, {
  HistoryController: "resource:///modules/HistoryController.sys.mjs",
  PrivateBrowsingUtils: "resource://gre/modules/PrivateBrowsingUtils.sys.mjs",
  ProfileAge: "resource://gre/modules/ProfileAge.sys.mjs",
 });
@ -249,7 +248,6 @@ class HistoryInView extends ViewPage {
          @click=${this.openInNewPrivateWindow}
          data-l10n-id="fxviewtabrow-open-in-private-window"
          data-l10n-attrs="accesskey"
          ?hidden=${!lazy.PrivateBrowsingUtils.enabled}
        ></panel-item>
        <hr />
        <panel-item
--- a/icecat/browser/components/profiles/tests/unit/test_fail_recover_storeID.js
+++ b/icecat/browser/components/profiles/tests/unit/test_fail_recover_storeID.js
@ -14,8 +14,8 @@ add_task(async function test_recover_storeID() {
  await SelectableProfileService.init();
  Assert.ok(
-    ProfilesDatastoreService.initialized,
+    !ProfilesDatastoreService.initialized,
-    "Initialized the datastore service"
+    "Didn't initialize the datastore service"
  );
  Assert.ok(
    !SelectableProfileService.initialized,
--- a/icecat/browser/components/shell/Windows11TaskbarPinning.cpp
+++ b/icecat/browser/components/shell/Windows11TaskbarPinning.cpp
@ -15,7 +15,6 @@
 #include "mozilla/Result.h"
 #include "mozilla/ResultVariant.h"
 #include "mozilla/UniquePtr.h"
 #include "mozilla/WindowsVersion.h"
 #include "mozilla/WinHeaderOnlyUtils.h"
 #include "mozilla/widget/WinTaskbar.h"
 #include "WinUtils.h"
@ -187,16 +186,7 @@ Win11PinToTaskBarResult PinCurrentAppToTaskbarWin11(
  Win11PinToTaskBarResult unlockStatus =
      UnlockLimitedAccessFeature(Win11LimitedAccessFeatureType::Taskbar);
  if (unlockStatus.result != Win11PinToTaskBarResultStatus::Success) {
-    // Limited Access Feature no longer necessary for Windows 11 26200 Build
+    return unlockStatus;
    // 7840, and possibly other channels.
    if (!IsWin11OrLater()) {
      return unlockStatus;
    }
    TASKBAR_PINNING_LOG(
        LogLevel::Warning,
        "Limited Access Feature failed to unlock, attempting to use Taskbar "
        "Pinning API assuming LAF is no longer necessary.");
  }
  HRESULT hr;
@ -417,16 +407,7 @@ Win11PinToTaskBarResult IsCurrentAppPinnedToTaskbarWin11(bool aCheckOnly) {
  Win11PinToTaskBarResult unlockStatus =
      UnlockLimitedAccessFeature(Win11LimitedAccessFeatureType::Taskbar);
  if (unlockStatus.result != Win11PinToTaskBarResultStatus::Success) {
-    // Limited Access Feature no longer necessary for Windows 11 26200 Build
+    return unlockStatus;
    // 7840, and possibly other channels.
    if (!IsWin11OrLater()) {
      return unlockStatus;
    }
    TASKBAR_PINNING_LOG(
        LogLevel::Warning,
        "Limited Access Feature failed to unlock, attempting to use Taskbar "
        "Pinning API assuming LAF is no longer necessary.");
  }
  HRESULT hr;
--- a/icecat/browser/config/version.txt
+++ b/icecat/browser/config/version.txt
@ -1 +1 @@
-140.8.0
+140.6.0
--- a/icecat/browser/config/version_display.txt
+++ b/icecat/browser/config/version_display.txt
@ -1 +1 @@
-140.8.0esr
+140.6.0esr
--- a/icecat/browser/confvars.sh
+++ b/icecat/browser/confvars.sh
@ -13,5 +13,5 @@ MOZ_BRANDING_DIRECTORY=browser/branding/unofficial
 MOZ_OFFICIAL_BRANDING_DIRECTORY=browser/branding/official
 # IceCat settings
 MOZ_APP_BASENAME=IceCat
-MOZ_APP_VERSION=140.8.0
+MOZ_APP_VERSION=140.6.0
 MOZ_DATA_REPORTING=0
--- a/icecat/browser/extensions/formautofill/test/browser/browser_dynamic_form_refill_on_site_clearing_values.js
+++ b/icecat/browser/extensions/formautofill/test/browser/browser_dynamic_form_refill_on_site_clearing_values.js
@ -13,7 +13,6 @@ add_setup(async () => {
  });
  await setStorage(TEST_ADDRESS_1);
  await setStorage(TEST_CREDIT_CARD_1);
  registerCleanupFunction(async () => {
    await removeAllRecords();
@ -102,7 +101,7 @@ add_task(
        /* eslint-disable mozilla/no-arbitrary-setTimeout */
        await new Promise(resolve => {
-          setTimeout(resolve, FormAutofill.refillOnSiteClearingFieldsTimeout);
+          setTimeout(resolve, FormAutofill.refillOnSiteClearingFields);
        });
        return await SpecialPowers.spawn(
@ -117,56 +116,3 @@ add_task(
    Assert.equal(orgaValue, "", "Element was not refilled");
  }
 );
 add_task(async function address_field_not_refilled_after_reformat_by_site() {
  const value = await BrowserTestUtils.withNewTab(
    CREDITCARD_FORM_URL,
    async browser => {
      const selectorToTriggerAutocompletion = "#cc-number";
      const elementValueToVerifyAutofill = TEST_CREDIT_CARD_1["cc-number"];
      info("Triggering autocompletion.");
      await openPopupOn(browser, selectorToTriggerAutocompletion);
      await BrowserTestUtils.synthesizeKey("VK_DOWN", {}, browser);
      await BrowserTestUtils.synthesizeKey("VK_RETURN", {}, browser);
      await waitForAutofill(
        browser,
        selectorToTriggerAutocompletion,
        elementValueToVerifyAutofill
      );
      const formatValue = TEST_CREDIT_CARD_1["cc-number"]
        .replace(/(.{4})/g, "$1 ")
        .trim();
      await SpecialPowers.spawn(
        browser,
        [selectorToTriggerAutocompletion, formatValue],
        async (ccNumberSelector, reformatValue) => {
          const ccNumberInput =
            content.document.querySelector(ccNumberSelector);
          info("Simulating site reformats an input");
          ccNumberInput.value = reformatValue;
        }
      );
      /* eslint-disable mozilla/no-arbitrary-setTimeout */
      await new Promise(resolve => {
        setTimeout(resolve, FormAutofill.refillOnSiteClearingFieldsTimeout);
      });
      return await SpecialPowers.spawn(
        browser,
        [selectorToTriggerAutocompletion],
        async ccNumberSelector => {
          return content.document.querySelector(ccNumberSelector).value;
        }
      );
    }
  );
  const formatValue = TEST_CREDIT_CARD_1["cc-number"]
    .replace(/(.{4})/g, "$1 ")
    .trim();
  Assert.equal(value, formatValue, "Element was not refilled");
 });
--- a/icecat/browser/extensions/formautofill/test/browser/head.js
+++ b/icecat/browser/extensions/formautofill/test/browser/head.js
@ -1473,9 +1473,6 @@ async function triggerCapture(browser, submitButtonSelector, fillSelectors) {
 * @param {object} patterns.captureExpectedRecord
 *        The expected saved record after capturing the form. Keyed by field name. This
 *        parameter is only used when `options.testCapture` is set.
 * @param {boolean} patterns.useTestYear
 *        Set to the current year to assign while running the test, useful for credit
 *        card expiry tests with a manual set of year options in the dropdown.
 * @param {object} patterns.only
 *        This parameter is used solely for debugging purposes. When set to true,
 *        it restricts the execution to only the specified testcase.
@ -1600,32 +1597,16 @@ async function add_heuristic_tests(
      const sleepAfterFocus = contexts.length > 1;
      for (const context of contexts) {
-        await SpecialPowers.spawn(
+        await SpecialPowers.spawn(context, [], async () => {
-          context,
+          const elements = Array.from(
-          [testPattern.useTestYear],
+            content.document.querySelectorAll("input, select")
-          async year => {
+          );
-            let FormAutofillHeuristics;
+          // Focus on each field in the test document to trigger autofill field detection
-            if (year) {
+          // on all the fields.
-              FormAutofillHeuristics = ChromeUtils.importESModule(
+          elements.forEach(element => {
-                "resource://gre/modules/shared/FormAutofillHeuristics.sys.mjs"
+            element.focus();
-              ).FormAutofillHeuristics;
+          });
-              FormAutofillHeuristics.useTestYear = year;
+        });
            }
            const elements = Array.from(
              content.document.querySelectorAll("input, select")
            );
            // Focus on each field in the test document to trigger autofill field detection
            // on all the fields.
            elements.forEach(element => {
              element.focus();
            });
            if (year) {
              FormAutofillHeuristics.useTestYear = null;
            }
          }
        );
        try {
          await BrowserTestUtils.synthesizeKey("VK_ESCAPE", {}, context);
--- a/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser.toml
+++ b/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser.toml
@ -8,6 +8,7 @@ support-files = [
 ["browser_BestBuy.js"]
 ["browser_CDW.js"]
 skip-if = ["true"] # Bug 1939626
 ["browser_CostCo.js"]
--- a/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser_CDW.js
+++ b/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser_CDW.js
@ -30,7 +30,6 @@ add_heuristic_tests(
    },
    {
      fixturePath: "Checkout_BillingPaymentInfo.html",
      useTestYear: 2024,
      expectedResult: [
        {
          default: {
--- a/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser_CostCo.js
+++ b/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser_CostCo.js
@ -74,7 +74,6 @@ add_heuristic_tests(
    },
    {
      fixturePath: "Payment.html",
      useTestYear: 2025,
      expectedResult: [
        {
          default: {
--- a/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser_GlobalDirectAsda.js
+++ b/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser_GlobalDirectAsda.js
@ -6,7 +6,6 @@ add_heuristic_tests(
  [
    {
      fixturePath: "Payment.html",
      useTestYear: 2024,
      expectedResult: [
        {
          default: {
--- a/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser_Lufthansa.js
+++ b/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser_Lufthansa.js
@ -6,7 +6,6 @@ add_heuristic_tests(
  [
    {
      fixturePath: "Checkout_Payment.html",
      useTestYear: 2024,
      expectedResult: [
        {
          default: {
--- a/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser_Lush.js
+++ b/icecat/browser/extensions/formautofill/test/browser/heuristics/third_party/browser_Lush.js
@ -6,7 +6,6 @@ add_heuristic_tests(
  [
    {
      fixturePath: "index.html",
      useTestYear: 2024,
      expectedResult: [
        {
          default: {
--- a/icecat/browser/extensions/webcompat/injections/js/bug1950282-f1tv.formula1.com-unblock-icecat.js
+++ b/icecat/browser/extensions/webcompat/injections/js/bug1950282-f1tv.formula1.com-unblock-icecat.js
@ -120,65 +120,3 @@ window.wrappedJSObject.chrome = cloneInto(
  window,
  { cloneFunctions: true }
 );
 const ua = navigator.userAgent;
 const mobile = ua.includes("Mobile") || ua.includes("Tablet");
 // Very roughly matches Chromium's GetPlatformForUAMetadata()
 let platform = "Linux";
 if (mobile) {
  platform = "Android";
 } else if (navigator.platform.startsWith("Win")) {
  platform = "Windows";
 } else if (navigator.platform.startsWith("Mac")) {
  platform = "macOS";
 }
 const version = (ua.match(/IceCat\/([0-9]+)/) || ["", "58.0"])[1];
 // These match Chrome's output as of version 126.
 const brands = [
  {
    brand: "Not/A)Brand",
    version: "8",
  },
  {
    brand: "Chromium",
    version,
  },
  {
    brand: "Google Chrome",
    version,
  },
 ];
 const userAgentData = cloneInto(
  {
    brands,
    mobile,
    platform,
    getHighEntropyValues() {
      return window.wrappedJSObject.Promise.resolve(
        cloneInto(
          {
            brands,
            mobile,
            platform,
            platformVersion: "19.0.0",
          },
          window
        )
      );
    },
  },
  window,
  { cloneFunctions: true }
 );
 Object.defineProperty(window.navigator.wrappedJSObject, "userAgentData", {
  get: exportFunction(function () {
    return userAgentData;
  }, window),
  set: exportFunction(function () {}, window),
 });
--- a/icecat/browser/extensions/webcompat/manifest.json
+++ b/icecat/browser/extensions/webcompat/manifest.json
@ -2,7 +2,7 @@
  "manifest_version": 2,
  "name": "Web Compatibility Interventions",
  "description": "Urgent post-release fixes for web compatibility.",
-  "version": "140.12.0",
+  "version": "140.11.0",
  "browser_specific_settings": {
    "gecko": {
      "id": "webcompat@mozilla.org",
--- a/icecat/build/pgo/certs/cert9.db
+++ b/icecat/build/pgo/certs/cert9.db
--- a/icecat/build/pgo/certs/key4.db
+++ b/icecat/build/pgo/certs/key4.db
--- a/icecat/build/pgo/certs/mochitest.client
+++ b/icecat/build/pgo/certs/mochitest.client
--- a/icecat/config/milestone.txt
+++ b/icecat/config/milestone.txt
@ -10,4 +10,4 @@
 # hardcoded milestones in the tree from these two files.
 #--------------------------------------------------------
-140.8.0
+140.6.0
--- a/icecat/debian/build/rules.mk
+++ b/icecat/debian/build/rules.mk
@ -157,12 +157,8 @@ ifeq (official, $(MOZ_BRANDING))
 MOZ_DEFINES += -DMOZ_OFFICIAL_BRANDING
 endif
 ifneq (,$(DEB_PARALLEL_JOBS))
 ifneq (,$(filter armhf, $(DEB_HOST_ARCH)))
 MOZ_DEFINES += -DDEB_PARALLEL_JOBS=1
 else
 MOZ_DEFINES += -DDEB_PARALLEL_JOBS=$(DEB_PARALLEL_JOBS)
 endif
 endif
 MOZ_EXECUTABLES_$(MOZ_PKG_NAME) +=	$(MOZ_LIBDIR)/$(MOZ_PKG_BASENAME).sh \
 					$(NULL)
--- a/icecat/debian/changelog
+++ b/icecat/debian/changelog
@ -1,21 +1,3 @@
 icecat (140.8.0-2gnu1+build1-0.12.0) ecne; urgency=medium
  * New upstream stable release (icecat-140.8.0-2gnu1)
 -- Capitulo Mexicano de Software Libre <devel@cmxsl.org>  Tue, 10 Mar 2026 23:20:02 -0600
 icecat (140.7.1-1gnu1+build1-0.12.0) ecne; urgency=medium
  * New upstream stable release (icecat-140.7.1-1gnu1)
 -- Capitulo Mexicano de Software Libre <devel@cmxsl.org>  Mon, 16 Feb 2026 22:12:00 -0600
 icecat (140.7.0-1gnu1+build1-0.12.0) ecne; urgency=medium
  * New upstream stable release (icecat-140.7.0-1gnu1)
 -- Capitulo Mexicano de Software Libre <devel@cmxsl.org>  Sat, 17 Jan 2026 21:13:41 -0600
 icecat (140.6.0-1gnu1+build1-0.12.0) ecne; urgency=medium
  * New upstream stable release (icecat-140.6.0-1gnu1)
--- a/icecat/debian/config/mozconfig.in
+++ b/icecat/debian/config/mozconfig.in
@ -11,11 +11,7 @@ ac_add_options --disable-updater
 ac_add_options --enable-application=browser
 ac_add_options --with-distribution-id=org.trisquel
 %%if DEB_BUILD_ARCH_BITS == 32
 %%if DEB_HOST_ARCH == armhf
 ac_add_options --disable-debug-symbols
 %%else
 ac_add_options --enable-debug-symbols=-g1
 %%endif
 %%else
 ac_add_options --enable-debug-symbols
 %%endif
--- a/icecat/debian/patches/armhf-rustc-thin-lto.patch
+++ b/icecat/debian/patches/armhf-rustc-thin-lto.patch
@ -1,30 +1,22 @@
-Description: Do not enable LTO for rustc when building on armhf,
+Description: Do not enable LTO for rustc when building on arm64 and armhf,
 to work around OOM failures on Launchpad builders. Note that this alone is not
 sufficient, because by default cargo will also enable full LTO when building
 with a release profile, so the top-level Cargo.toml file needs to be
 conditionally patched (this is done in debian/build/rules.mk).
 Author: Olivier Tilloy <olivier.tilloy@canonical.com>
 Author: Nathan Pratte Teodosio <nteodosio@ubuntu.com>
 Forwarded: not-needed
 --- a/config/makefiles/rust.mk
 +++ b/config/makefiles/rust.mk
-@@ -70,10 +70,18 @@ ifndef MOZ_DEBUG_RUST
+@@ -70,8 +70,10 @@ ifndef MOZ_DEBUG_RUST
 # Never enable when coverage is enabled to work around https://github.com/rust-lang/rust/issues/90045.
 ifndef MOZ_CODE_COVERAGE
 ifeq (,$(findstring gkrust_gtest,$(RUST_LIBRARY_FILE)))
-+ifneq (,$(filter arm,$(TARGET_CPU)))
+ifeq (,$(filter aarch64 arm,$(TARGET_CPU)))
 +cargo_rustc_flags += -Clto=off
 +else
 cargo_rustc_flags += -Clto$(if $(filter full,$(MOZ_LTO_RUST_CROSS)),=fat)
 +endif
 endif
 +endif
 # We need -Cembed-bitcode=yes for all crates when using -Clto.
 +ifneq (,$(filter arm,$(TARGET_CPU)))
 +RUSTFLAGS += -Cembed-bitcode=no
 +else
 RUSTFLAGS += -Cembed-bitcode=yes
 +endif
 endif
 endif
 endif
--- a/icecat/debian/patches/series
+++ b/icecat/debian/patches/series
@ -7,7 +7,7 @@ webrtc-fix-compiler-flags-for-armhf.patch
 s390x-ycbcr.patch
 reduce-rust-debuginfo.patch
 armhf-reduce-linker-memory-use.patch
-armhf-rustc-lto-off.patch
+armhf-rustc-thin-lto.patch
 ppc64el-workaround-bug-1555531.patch
 ppc64el-workaround-gcc-ice.patch
 armhf-clang-no-integrated-as-for-neon.patch
--- a/icecat/devtools/client/netmonitor/src/components/request-details/RequestPanel.js
+++ b/icecat/devtools/client/netmonitor/src/components/request-details/RequestPanel.js
@ -124,34 +124,30 @@ class RequestPanel extends Component {
  }
  /**
-   * This maps an array to a dictionary for TreeView usage,
+   * Mapping array to dict for TreeView usage.
-   * sincs the treeView only supports the Object(dict) format.
+   * Since TreeView only support Object(dict) format.
   * This function also deal with duplicate key case
   * (for multiple selection and query params with same keys)
   *
-   * This function also deals with the duplicate key scenario
+   * This function is not sorting result properties since it can
-   * (i.e multiple selections and query params with same keys)
+   * results in unexpected order of params. See bug 1469533
   *
-   * Note: This is not sorting the result properties since it can
+   * @param {Object[]} arr - key-value pair array or form params
-   * result in an unexpected order of parameters. See bug 1469533
+   * @returns {Object} Rep compatible object
   *
   * @param {object[]} arrOfKeyValuePairs - An array of key-value pairs or form params.
   * @param {string} arrOfKeyValuePairs[].name
   * @param {string|Array} arrOfKeyValuePairs[].value
   *
   * @returns {object} Rep compatible object
   */
-  getProperties(arrOfKeyValuePairs) {
+  getProperties(arr) {
-    return arrOfKeyValuePairs.reduce((dict, { name, value }) => {
+    return arr.reduce((map, obj) => {
-      if (name in dict) {
+      const value = map[obj.name];
-        const dictValue = dict[name];
+      if (value || value === "") {
-        if (!Array.isArray(dictValue)) {
+        if (typeof value !== "object") {
-          dict[name] = [dictValue];
+          map[obj.name] = [value];
        }
-        dict[name].push(value);
+        map[obj.name].push(obj.value);
      } else {
-        dict[name] = value;
+        map[obj.name] = obj.value;
      }
-      return dict;
+      return map;
-    }, Object.create(null));
+    }, {});
  }
  toggleRawRequestPayload() {
@ -209,9 +205,10 @@ class RequestPanel extends Component {
    // Form Data section
    if (formDataSections && formDataSections.length) {
      const sections = formDataSections.filter(str => /\S/.test(str)).join("&");
      component = PropertiesView;
      componentProps = {
-        object: this.getProperties(parseFormData(formDataSections)),
+        object: this.getProperties(parseFormData(sections)),
        filterText,
        targetSearchResult,
        defaultSelectFirstNode: false,
--- a/icecat/devtools/client/netmonitor/src/utils/request-utils.js
+++ b/icecat/devtools/client/netmonitor/src/utils/request-utils.js
@ -83,6 +83,7 @@ async function getFormDataSections(
      }
    }
  }
  return formDataSections;
 }
@ -417,29 +418,28 @@ function parseQueryString(query) {
 /**
 * Parse a string of formdata sections into its components
 *
- * @param {Array<string>} sections Array of sections of formdata
+ * @param {string} sections - sections of formdata joined by &
- *                                 e.g ["", "a=x&b=y", "c=z"]
+ * @return {array} array of formdata params { name, value }
 * @return {Array<object>}  Array of formdata params
 *                          e.g [{ name: 'a', value: 'x' }, { name: 'b', value: 'y'}, { name: 'c', value: 'z'}]
 */
 function parseFormData(sections) {
-  if (!sections || !sections.length) {
+  if (!sections) {
    return [];
  }
  const formDataParams = [];
  const searchStr = sections
    // Filter out empty sections
    .filter(str => /\S/.test(str))
    .join("&");
-  const params = new URLSearchParams(searchStr);
+  return sections
-  for (const [key, value] of params) {
+    .replace(/^&/, "")
-    formDataParams.push({
+    .split("&")
-      name: getUnicodeUrlPath(key),
+    .map(e => {
-      value: getUnicodeUrlPath(value),
+      const firstEqualSignIndex = e.indexOf("=");
      const paramName =
        firstEqualSignIndex !== -1 ? e.slice(0, firstEqualSignIndex) : e;
      const paramValue =
        firstEqualSignIndex !== -1 ? e.slice(firstEqualSignIndex + 1) : "";
      return {
        name: paramName ? getUnicodeUrlPath(paramName) : "",
        value: paramValue ? getUnicodeUrlPath(paramValue) : "",
      };
    });
  }
  return formDataParams;
 }
 /**
--- a/icecat/devtools/client/netmonitor/test/browser_net_complex-params.js
+++ b/icecat/devtools/client/netmonitor/test/browser_net_complex-params.js
@ -20,7 +20,7 @@ add_task(async function () {
  store.dispatch(Actions.batchEnable(false));
  // Execute requests.
-  await performRequests(monitor, tab, 13);
+  await performRequests(monitor, tab, 12);
  const requestListItems = document.querySelectorAll(
    ".network-monitor .request-list-item"
@ -49,7 +49,7 @@ add_task(async function () {
  await testRequestWithFormattedView(
    monitor,
    requestListItems[2],
-    "foo",
+    "?foo",
    "bar=123=xyz",
    "?foo=bar=123=xyz",
    1
@ -92,14 +92,6 @@ add_task(async function () {
    '{ "foo": "bar" }',
    1
  );
  await testRequestWithFormattedView(
    monitor,
    requestListItems[12],
    "__proto__",
    "evil_value",
    "__proto__=evil_value",
    1
  );
  await teardown(monitor);
 });
--- a/icecat/devtools/client/netmonitor/test/browser_net_curl-utils.js
+++ b/icecat/devtools/client/netmonitor/test/browser_net_curl-utils.js
@ -326,10 +326,10 @@ function testEscapeStringWin() {
    "Percent signs should be escaped."
  );
-  const backslashes = " - \\A simple string\\ - ";
+  const backslashes = "\\A simple string\\";
  is(
    CurlUtils.escapeStringWin(backslashes),
-    '^\" - ^\\^\\A simple string^\\^\\ - ^\"',
+    '^\"^\\A simple string^\\^\"',
    "Backslashes should be escaped."
  );
--- a/icecat/devtools/client/netmonitor/test/html_params-test-page.html
+++ b/icecat/devtools/client/netmonitor/test/html_params-test-page.html
@ -71,7 +71,6 @@
        await get("baz", "?species=in=(52,60)");
        await get("baz", "?a=&a=b");
        await get("baz", "?a=b&a=c&d=1");
        await post("baz", "", urlencoded, "__proto__=evil_value");
      }
    </script>
  </body>
--- a/icecat/devtools/client/shared/curl.js
+++ b/icecat/devtools/client/shared/curl.js
@ -458,9 +458,6 @@ const CurlUtils = {
    return (
      encapsChars +
      str
        // Replace all the \ (used as the escape character in the next replace) with \\
        .replace(/\\/g, "\\\\")
        // Replace all " with \" to ensure the first parser does not remove it.
        .replace(/"/g, '\\"')
--- a/icecat/docshell/base/BrowsingContext.cpp
+++ b/icecat/docshell/base/BrowsingContext.cpp
@ -4049,10 +4049,6 @@ bool IPDLParamTraits<dom::MaybeDiscarded<dom::BrowsingContext>>::Read(
  if (id == 0) {
    *aResult = nullptr;
  } else if (RefPtr<dom::BrowsingContext> bc = dom::BrowsingContext::Get(id)) {
    if (!bc->Group()->IsKnownForMessageReader(aReader)) {
      return false;
    }
    *aResult = std::move(bc);
  } else {
    aResult->SetDiscarded(id);
--- a/icecat/docshell/base/BrowsingContextGroup.cpp
+++ b/icecat/docshell/base/BrowsingContextGroup.cpp
@ -251,42 +251,6 @@ ContentParent* BrowsingContextGroup::GetHostProcess(
  return mHosts.GetWeak(aRemoteType);
 }
 bool BrowsingContextGroup::IsKnownForMessageReader(
    IPC::MessageReader* aReader) {
  if (!aReader->GetActor()) {
    aReader->FatalError(
        "No actor for BrowsingContextGroup::IsKnownForMessageReader");
    return false;
  }
  mozilla::ipc::IToplevelProtocol* topActor =
      aReader->GetActor()->ToplevelProtocol();
  switch (topActor->GetProtocolId()) {
    case PInProcessMsgStart:
      // PInProcess always exists only within a single process, so we don't need
      // to do any validation on it.
      return true;
    case PContentMsgStart:
      // The process should only be able to name this BCG if it is
      // subscribed, or if the BCG has been destroyed (and has therefore
      // stopped tracking subscribers).
      if (topActor->GetSide() == mozilla::ipc::ParentSide && !mDestroyed &&
          !mSubscribers.Contains(static_cast<ContentParent*>(topActor))) {
        aReader->FatalError(
            "Process is not subscribed to this BrowsingContextGroup");
        return false;
      }
      return true;
    default:
      aReader->FatalError(
          "Unsupported toplevel actor for "
          "BrowsingContextGroup::IsKnownForMessageReader");
      return false;
  }
 }
 void BrowsingContextGroup::UpdateToplevelsSuspendedIfNeeded() {
  if (!StaticPrefs::dom_suspend_inactive_enabled()) {
    return;
@ -332,8 +296,8 @@ void BrowsingContextGroup::Destroy() {
                             !sBrowsingContextGroups->Contains(Id()) ||
                                 *sBrowsingContextGroups->Lookup(Id()) != this);
  }
 #endif
  mDestroyed = true;
 #endif
  // Make sure to call `RemoveBrowsingContextGroup` for every entry in both
  // `mHosts` and `mSubscribers`. This will visit most entries twice, but
--- a/icecat/docshell/base/BrowsingContextGroup.h
+++ b/icecat/docshell/base/BrowsingContextGroup.h
@ -87,12 +87,6 @@ class BrowsingContextGroup final : public nsWrapperCache {
  // BrowsingContextGroup, if possible.
  ContentParent* GetHostProcess(const nsACString& aRemoteType);
  // Check if the process which sent the message being read from aReader is
  // aware of this BrowsingContextGroup's existence.
  // If this returns false, it will first set a fatal error on aReader with more
  // details.
  bool IsKnownForMessageReader(IPC::MessageReader* aReader);
  // When a BrowsingContext is being discarded, we may want to keep the
  // corresponding BrowsingContextGroup alive until the other process
  // acknowledges that the BrowsingContext has been discarded. A `KeepAlive`
@ -266,7 +260,9 @@ class BrowsingContextGroup final : public nsWrapperCache {
  uint32_t mKeepAliveCount = 0;
 #ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
  bool mDestroyed = false;
 #endif
  // A BrowsingContextGroup contains a series of {Browsing,Window}Context
  // objects. They are addressed using a hashtable to avoid linear lookup when
--- a/icecat/docshell/base/ChildProcessChannelListener.h
+++ b/icecat/docshell/base/ChildProcessChannelListener.h
@ -45,8 +45,8 @@ class ChildProcessChannelListener final {
  };
  // TODO Backtrack.
-  nsTHashMap<NoMemMoveKey<nsUint64HashKey>, Callback> mCallbacks;
+  nsTHashMap<nsUint64HashKey, Callback> mCallbacks;
-  nsTHashMap<NoMemMoveKey<nsUint64HashKey>, CallbackArgs> mChannelArgs;
+  nsTHashMap<nsUint64HashKey, CallbackArgs> mChannelArgs;
 };
 }  // namespace mozilla::dom
--- a/icecat/docshell/base/WindowContext.cpp
+++ b/icecat/docshell/base/WindowContext.cpp
@ -764,10 +764,6 @@ bool IPDLParamTraits<dom::MaybeDiscarded<dom::WindowContext>>::Read(
  if (id == 0) {
    *aResult = nullptr;
  } else if (RefPtr<dom::WindowContext> wc = dom::WindowContext::GetById(id)) {
    if (!wc->Group()->IsKnownForMessageReader(aReader)) {
      return false;
    }
    *aResult = std::move(wc);
  } else {
    aResult->SetDiscarded(id);
--- a/icecat/dom/base/Document.cpp
+++ b/icecat/dom/base/Document.cpp
@ -687,10 +687,7 @@ class SimpleHTMLCollection final : public nsSimpleContentList,
  }
  virtual uint32_t Length() override { return nsSimpleContentList::Length(); }
  virtual Element* GetElementAt(uint32_t aIndex) override {
-    if (nsIContent* content = mElements.SafeElementAt(aIndex)) {
+    return mElements.SafeElementAt(aIndex)->AsElement();
      return content->AsElement();
    }
    return nullptr;
  }
  virtual Element* GetFirstNamedElement(const nsAString& aName,
--- a/icecat/dom/base/StructuredCloneBlob.cpp
+++ b/icecat/dom/base/StructuredCloneBlob.cpp
@ -17,7 +17,6 @@
 #include "mozilla/Assertions.h"
 #include "mozilla/ErrorResult.h"
 #include "mozilla/Maybe.h"
 #include "mozilla/Span.h"
 #include "mozilla/UniquePtr.h"
 #include "mozilla/dom/BindingDeclarations.h"
 #include "mozilla/dom/BlobImpl.h"
@ -174,8 +173,7 @@ bool StructuredCloneBlob::Holder::ReadStructuredCloneInternal(
      return false;
    }
 #endif
-    BlobImpls().AppendElements(
+    BlobImpls().AppendElements(&aHolder->BlobImpls()[blobOffset], blobCount);
        Span(aHolder->BlobImpls()).Subspan(blobOffset, blobCount));
  }
  JSStructuredCloneData data(mStructuredCloneScope);
--- a/icecat/dom/base/TimeoutManager.cpp
+++ b/icecat/dom/base/TimeoutManager.cpp
@ -104,10 +104,6 @@ bool TimeoutManager::IsActive() const {
    return true;
  }
  if (mIsChromeWorker) {
    return true;
  }
  // Check if we're playing audio
  if (mGlobalObject.IsPlayingAudio()) {
    return true;
@ -326,7 +322,7 @@ TimeDuration TimeoutManager::CalculateDelay(Timeout* aTimeout) const {
  TimeDuration result = aTimeout->mInterval;
  if (aTimeout->mNestingLevel >=
-      StaticPrefs::dom_clamp_timeout_nesting_level() && !mIsChromeWorker) {
+      StaticPrefs::dom_clamp_timeout_nesting_level()) {
    uint32_t minTimeoutValue = StaticPrefs::dom_min_timeout_value();
    result = TimeDuration::Max(result,
                               TimeDuration::FromMilliseconds(minTimeoutValue));
@ -408,7 +404,7 @@ uint32_t TimeoutManager::sNestingLevel = 0;
 TimeoutManager::TimeoutManager(nsIGlobalObject& aHandle,
                               uint32_t aMaxIdleDeferMS,
-                               nsISerialEventTarget* aEventTarget, bool aIsChromeWorker)
+                               nsISerialEventTarget* aEventTarget)
    : mGlobalObject(aHandle),
      mExecutor(new TimeoutExecutor(this, false, 0)),
      mIdleExecutor(new TimeoutExecutor(this, true, aMaxIdleDeferMS)),
@ -429,8 +425,7 @@ TimeoutManager::TimeoutManager(nsIGlobalObject& aHandle,
      mBudgetThrottleTimeouts(false),
      mIsLoading(false),
      mEventTarget(aEventTarget),
-      mIsWindow(aHandle.GetAsInnerWindow()),
+      mIsWindow(aHandle.GetAsInnerWindow()) {
      mIsChromeWorker(aIsChromeWorker) {
  MOZ_LOG(gTimeoutLog, LogLevel::Debug,
          ("TimeoutManager %p created, tracking bucketing %s\n", this,
           StaticPrefs::privacy_trackingprotection_annotate_channels()
--- a/icecat/dom/base/TimeoutManager.h
+++ b/icecat/dom/base/TimeoutManager.h
@ -30,8 +30,7 @@ class TimeoutManager final {
 public:
  TimeoutManager(nsIGlobalObject& aHandle, uint32_t aMaxIdleDeferMS,
-                 nsISerialEventTarget* aEventTarget,
+                 nsISerialEventTarget* aEventTarget);
                 bool aIsChromeWorker = false);
  ~TimeoutManager();
  TimeoutManager(const TimeoutManager& rhs) = delete;
  void operator=(const TimeoutManager& rhs) = delete;
@ -271,8 +270,6 @@ class TimeoutManager final {
  const bool mIsWindow;
  const bool mIsChromeWorker;
  uint32_t mNestingLevel{0};
  static uint32_t sNestingLevel;
--- a/icecat/dom/base/nsRange.cpp
+++ b/icecat/dom/base/nsRange.cpp
@ -3583,7 +3583,6 @@ void nsRange::CreateOrUpdateCrossShadowBoundaryRangeIfNeeded(
  // Nodes at least needs to be in the same document.
  if (startNode && endNode &&
      startNode->GetComposedDoc() != endNode->GetComposedDoc()) {
    ResetCrossShadowBoundaryRange();
    return;
  }
@ -3598,13 +3597,6 @@ void nsRange::CreateOrUpdateCrossShadowBoundaryRangeIfNeeded(
      return false;
    }
    // We don't allow ranges to span different NAC subtrees (because we don't
    // notify when unbinding NAC roots historically). nsRange can already deal
    // with the "same anonymous subtree" case.
    if (aContainer->IsInNativeAnonymousSubtree()) {
      return false;
    }
    // AbstractRange::GetClosestCommonInclusiveAncestor only supports
    // Document and Content nodes.
    return aContainer->IsDocument() || aContainer->IsContent();
--- a/icecat/dom/bindings/BindingUtils.cpp
+++ b/icecat/dom/bindings/BindingUtils.cpp
@ -14,7 +14,6 @@
 #include "mozilla/DebugOnly.h"
 #include "mozilla/Encoding.h"
 #include "mozilla/FloatingPoint.h"
 #include "mozilla/Maybe.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/ScopeExit.h"
 #include "mozilla/StaticPrefs_dom.h"
@ -3801,7 +3800,7 @@ bool HTMLConstructor(JSContext* aCx, unsigned aArgc, JS::Value* aVp,
  // Technically, per spec, a window always has a document.  In Gecko, a
  // sufficiently torn-down window might not, so check for that case.  We're
  // going to need a document to create an element.
-  RefPtr<Document> doc = window->GetExtantDoc();
+  Document* doc = window->GetExtantDoc();
  if (!doc) {
    rv.Throw(NS_ERROR_UNEXPECTED);
    return false;
@ -3844,7 +3843,7 @@ bool HTMLConstructor(JSContext* aCx, unsigned aArgc, JS::Value* aVp,
  }
  // Step 3.
-  RefPtr<CustomElementDefinition> definition =
+  CustomElementDefinition* definition =
      registry->LookupCustomElementDefinition(aCx, newTarget);
  if (!definition) {
    rv.ThrowTypeError<MSG_ILLEGAL_CONSTRUCTOR>();
@ -3944,21 +3943,6 @@ bool HTMLConstructor(JSContext* aCx, unsigned aArgc, JS::Value* aVp,
  // Steps 7 and 8.
  JS::Rooted<JSObject*> desiredProto(aCx);
  // Check which construction path we're taking before running any JS.
  // This determines whether we need AutoConstructionDepth protection.
  nsTArray<RefPtr<Element>>& constructionStack = definition->mConstructionStack;
  const bool isDirectConstruction = constructionStack.IsEmpty();
  // For direct construction (not upgrade), create AutoConstructionDepth before
  // GetDesiredProto. This ensures mConstructionDepth is incremented before any
  // re-entrant JS can run via Proxy traps, preventing desynchronization with
  // mPrefixStack which may be pushed by nsContentUtils::NewXULOrHTMLElement.
  mozilla::Maybe<AutoConstructionDepth> autoDepth;
  if (isDirectConstruction) {
    autoDepth.emplace(definition);
  }
  if (!GetDesiredProto(aCx, args, aProtoId, aCreator, &desiredProto)) {
    return false;
  }
@ -3969,12 +3953,14 @@ bool HTMLConstructor(JSContext* aCx, unsigned aArgc, JS::Value* aVp,
  // one branch and steps 9-12 on another branch, then common up the "return
  // element" work.
  RefPtr<Element> element;
-  if (isDirectConstruction) {
+  nsTArray<RefPtr<Element>>& constructionStack = definition->mConstructionStack;
  if (constructionStack.IsEmpty()) {
    // Step 8.
    // Now we go to construct an element.  We want to do this in global's
    // realm, not caller realm (the normal constructor behavior),
    // just in case those elements create JS things.
    JSAutoRealm ar(aCx, global.Get());
    AutoConstructionDepth acd(definition);
    RefPtr<NodeInfo> nodeInfo = doc->NodeInfoManager()->GetNodeInfo(
        definition->mLocalName, definition->mPrefixStack.LastElement(), ns,
--- a/icecat/dom/canvas/TexUnpackBlob.cpp
+++ b/icecat/dom/canvas/TexUnpackBlob.cpp
@ -580,7 +580,7 @@ bool TexUnpackBytes::TexOrSubImage(bool isSubImage, bool needsRespec,
    const auto& unpacking = unpackingRes.inspect();
    const auto stride = unpacking.metrics.bytesPerRowStride;
    // clang-format off
-    if (!ConvertIfNeeded(webgl, unpacking.metrics.usedPixelsPerRow,
+    if (!ConvertIfNeeded(webgl, unpacking.state.rowLength,
                         unpacking.metrics.totalRows,
                         format, uploadPtr, AutoAssertCast(stride),
                         format, AutoAssertCast(stride), &uploadPtr, &tempBuffer)) {
@ -1109,12 +1109,6 @@ bool TexUnpackSurface::TexOrSubImage(bool isSubImage, bool needsRespec,
  ////
  const auto surfSize = surf->GetSize();
  if (uint32_t(surfSize.width) < size.x || uint32_t(surfSize.height) < size.y) {
    gfxCriticalError() << "Source surface size too small for upload.";
    return false;
  }
  WebGLTexelFormat srcFormat;
  uint8_t srcBPP;
  if (!GetFormatForSurf(surf, &srcFormat, &srcBPP)) {
@ -1139,7 +1133,7 @@ bool TexUnpackSurface::TexOrSubImage(bool isSubImage, bool needsRespec,
  const auto dstFormat = FormatForPackingInfo(dstPI);
  const size_t dstBpp = BytesPerPixel(dstPI);
-  const size_t dstUsedBytesPerRow = dstBpp * surfSize.width;
+  const size_t dstUsedBytesPerRow = dstBpp * surf->GetSize().width;
  size_t dstStride = dstFormat == srcFormat ? srcStride  // Try To match
                                            : dstUsedBytesPerRow;
@ -1170,7 +1164,7 @@ bool TexUnpackSurface::TexOrSubImage(bool isSubImage, bool needsRespec,
  const uint8_t* dstBegin = srcBegin;
  UniqueBuffer tempBuffer;
  // clang-format off
-  if (!ConvertIfNeeded(webgl, surfSize.width, surfSize.height,
+  if (!ConvertIfNeeded(webgl, surf->GetSize().width, surf->GetSize().height,
                       srcFormat, srcBegin, AutoAssertCast(srcStride),
                       dstFormat, AutoAssertCast(dstUnpacking.metrics.bytesPerRowStride), &dstBegin,
                       &tempBuffer)) {
--- a/icecat/dom/canvas/WebGLContext.cpp
+++ b/icecat/dom/canvas/WebGLContext.cpp
@ -2885,7 +2885,6 @@ webgl::ExplicitPixelPackingState::ForUseWith(
  auto metrics = Metrics{};
  metrics.usedSize = subrectSize;
  metrics.usedPixelsPerRow = usedPixelsPerRow.value();
  metrics.bytesPerPixel = BytesPerPixel(pi);
  // -
--- a/icecat/dom/canvas/WebGLTypes.h
+++ b/icecat/dom/canvas/WebGLTypes.h
@ -1142,9 +1142,6 @@ struct ExplicitPixelPackingState final {
    // ...aligned to ALIGNMENT.
    size_t bytesPerRowStride = 0;
    // SKIP_PIXELS+size.x
    size_t usedPixelsPerRow = 0;
    // structuredSrcSize.y, otherwise IMAGE_HEIGHT*(SKIP_IMAGES+size.z)
    size_t totalRows = 0;
--- a/icecat/dom/clients/manager/ClientChannelHelper.cpp
+++ b/icecat/dom/clients/manager/ClientChannelHelper.cpp
@ -9,9 +9,6 @@
 #include "ClientManager.h"
 #include "ClientSource.h"
 #include "MainThreadUtils.h"
 #include "mozilla/AntiTrackingUtils.h"
 #include "mozilla/StaticPrefs_privacy.h"
 #include "mozilla/StoragePrincipalHelper.h"
 #include "mozilla/dom/ClientsBinding.h"
 #include "mozilla/dom/ServiceWorkerDescriptor.h"
 #include "mozilla/ipc/BackgroundUtils.h"
@ -136,13 +133,6 @@ class ClientChannelHelper : public nsIInterfaceRequestor,
    // If it's a cross-origin redirect then we discard the old reserved client
    // and create a new one.
    else {
      // The partition-key, and in particular the foreign bit, can change on a
      // cross-origin redirect so it is essential to update the anti-tracking
      // info for the channel.  This will happen in nsHttpChannel::AsyncOpen but
      // that happens strictly after now, whereas we are sampling the principal
      // now.
      AntiTrackingUtils::UpdateAntiTrackingInfoForChannel(aNewChannel);
      nsCOMPtr<nsIPrincipal> foreignPartitionedPrincipal;
      rv = StoragePrincipalHelper::GetPrincipal(
          aNewChannel,
--- a/icecat/dom/credentialmanagement/CredentialsContainer.cpp
+++ b/icecat/dom/credentialmanagement/CredentialsContainer.cpp
@ -194,12 +194,6 @@ already_AddRefed<Promise> CredentialsContainer::Get(
      return promise.forget();
    }
    if (aOptions.mMediation != CredentialMediationRequirement::Conditional &&
        aOptions.mMediation != CredentialMediationRequirement::Optional &&
        aOptions.mMediation != CredentialMediationRequirement::Required) {
      return CreateAndRejectWithNotSupported(mParent, aRv);
    }
    EnsureWebAuthnHandler();
    return mWebAuthnHandler->GetAssertion(aOptions.mPublicKey.Value(),
                                          conditionallyMediated,
@ -275,11 +269,6 @@ already_AddRefed<Promise> CredentialsContainer::Create(
      return CreateAndRejectWithNotAllowed(mParent, aRv);
    }
    if (aOptions.mMediation != CredentialMediationRequirement::Optional &&
        aOptions.mMediation != CredentialMediationRequirement::Required) {
      return CreateAndRejectWithNotSupported(mParent, aRv);
    }
    EnsureWebAuthnHandler();
    return mWebAuthnHandler->MakeCredential(aOptions.mPublicKey.Value(),
                                            aOptions.mSignal, aRv);
--- a/icecat/dom/events/test/clipboard/browser.toml
+++ b/icecat/dom/events/test/clipboard/browser.toml
@ -10,12 +10,6 @@ support-files = ["simple_navigator_clipboard_keydown.html"]
 run-if = ["os != 'win'"] # The popupmenus dismiss when access keys for disabled items are pressed on windows
 skip-if = ["os == 'mac' && verify"]
 ["browser_navigator_clipboard_contextmenu_dismiss.js"]
 support-files = [
  "file_toplevel.html",
  "file_iframe.html",
 ]
 ["browser_navigator_clipboard_contextmenu_suppression.js"]
 support-files = [
  "file_toplevel.html",
--- a/icecat/dom/events/test/clipboard/browser_navigator_clipboard_contextmenu_dismiss.js
+++ b/icecat/dom/events/test/clipboard/browser_navigator_clipboard_contextmenu_dismiss.js
@ -1,64 +0,0 @@
 /* -*- Mode: JavaScript; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 "use strict";
 const kBaseUrlForContent = getRootDirectory(gTestPath).replace(
  "chrome://mochitests/content",
  "https://example.com"
 );
 const kContentFileUrl = kBaseUrlForContent + "file_toplevel.html";
 Services.scriptloader.loadSubScript(
  "chrome://mochitests/content/browser/gfx/layers/apz/test/mochitest/apz_test_native_event_utils.js",
  this
 );
 async function readText(aBrowser) {
  return SpecialPowers.spawn(aBrowser, [], () => {
    content.document.notifyUserGestureActivation();
    content.eval(`navigator.clipboard.readText();`);
  });
 }
 add_task(async function test_context_menu_dimiss_tab_navigate() {
  await BrowserTestUtils.withNewTab(kContentFileUrl, async aBrowser => {
    info(`Randomized text to avoid overlappings with other tests`);
    await promiseWritingRandomTextToClipboard();
    info(`Wait for paste context menu is shown`);
    let pasteButtonIsShown = promisePasteButtonIsShown();
    await readText(aBrowser);
    await pasteButtonIsShown;
    info("Navigate tab");
    let pasteButtonIsHidden = promisePasteButtonIsHidden();
    aBrowser.loadURI(Services.io.newURI("https://example.com/"), {
      triggeringPrincipal: Services.scriptSecurityManager.getSystemPrincipal(),
    });
    info(`Wait for paste context menu is hidden`);
    await pasteButtonIsHidden;
  });
 });
 add_task(async function test_context_menu_dimiss_tab_reload() {
  await BrowserTestUtils.withNewTab(kContentFileUrl, async aBrowser => {
    info(`Randomized text to avoid overlappings with other tests`);
    await promiseWritingRandomTextToClipboard();
    info(`Wait for paste context menu is shown`);
    let pasteButtonIsShown = promisePasteButtonIsShown();
    await readText(aBrowser);
    await pasteButtonIsShown;
    info("Reload tab");
    let pasteButtonIsHidden = promisePasteButtonIsHidden();
    await BrowserTestUtils.reloadTab(gBrowser.selectedTab);
    info(`Wait for paste context menu is hidden`);
    await pasteButtonIsHidden;
  });
 });
--- a/icecat/dom/fetch/FetchParent.cpp
+++ b/icecat/dom/fetch/FetchParent.cpp
@ -176,7 +176,7 @@ IPCResult FetchParent::RecvFetchOp(FetchOpArgs&& aArgs) {
      self->mResponsePromises =
          fetchService->Fetch(AsVariant(FetchService::WorkerFetchArgs(
              {self->mRequest.clonePtr(), self->mPrincipalInfo,
-               self->mWorkerScript, *self->mClientInfo, self->mController,
+               self->mWorkerScript, self->mClientInfo, self->mController,
               self->mCookieJarSettings, self->mNeedOnDataAvailable,
               self->mCSPEventListener, self->mAssociatedBrowsingContextID,
               self->mBackgroundEventTarget, self->mID,
@ -189,7 +189,6 @@ IPCResult FetchParent::RecvFetchOp(FetchOpArgs&& aArgs) {
          fetchService->Fetch(AsVariant(FetchService::MainThreadFetchArgs({
              self->mRequest.clonePtr(),
              self->mPrincipalInfo,
              *self->mClientInfo,
              self->mCookieJarSettings,
              self->mNeedOnDataAvailable,
              self->mCSPEventListener,
--- a/icecat/dom/fetch/FetchService.cpp
+++ b/icecat/dom/fetch/FetchService.cpp
@ -271,7 +271,8 @@ RefPtr<FetchServicePromises> FetchService::FetchInstance::Fetch() {
  if (mArgsType == FetchArgsType::WorkerFetch) {
    auto& args = mArgs.as<WorkerFetchArgs>();
    mFetchDriver->SetWorkerScript(args.mWorkerScript);
-    mFetchDriver->SetClientInfo(args.mClientInfo);
+    MOZ_ASSERT(args.mClientInfo.isSome());
    mFetchDriver->SetClientInfo(args.mClientInfo.ref());
    mFetchDriver->SetController(args.mController);
    if (args.mCSPEventListener) {
      mFetchDriver->SetCSPEventListener(args.mCSPEventListener);
@ -284,7 +285,6 @@ RefPtr<FetchServicePromises> FetchService::FetchInstance::Fetch() {
  if (mArgsType == FetchArgsType::MainThreadFetch) {
    auto& args = mArgs.as<MainThreadFetchArgs>();
    mFetchDriver->SetClientInfo(args.mClientInfo);
    mFetchDriver->SetIsThirdPartyContext(Some(args.mIsThirdPartyContext));
  }
--- a/icecat/dom/fetch/FetchService.h
+++ b/icecat/dom/fetch/FetchService.h
@ -108,7 +108,7 @@ class FetchService final : public nsIObserver {
    SafeRefPtr<InternalRequest> mRequest;
    mozilla::ipc::PrincipalInfo mPrincipalInfo;
    nsCString mWorkerScript;
-    ClientInfo mClientInfo;
+    Maybe<ClientInfo> mClientInfo;
    Maybe<ServiceWorkerDescriptor> mController;
    Maybe<net::CookieJarSettingsArgs> mCookieJarSettings;
    bool mNeedOnDataAvailable;
@ -131,7 +131,6 @@ class FetchService final : public nsIObserver {
  struct MainThreadFetchArgs {
    SafeRefPtr<InternalRequest> mRequest;
    mozilla::ipc::PrincipalInfo mPrincipalInfo;
    ClientInfo mClientInfo;
    Maybe<net::CookieJarSettingsArgs> mCookieJarSettings;
    bool mNeedOnDataAvailable;
    nsCOMPtr<nsICSPEventListener> mCSPEventListener;
--- a/icecat/dom/html/nsHTMLDocument.cpp
+++ b/icecat/dom/html/nsHTMLDocument.cpp
@ -596,10 +596,6 @@ void nsHTMLDocument::NamedGetter(JSContext* aCx, const nsAString& aName,
        aRv.NoteJSContextException(aCx);
        return;
      }
      if (v.isNullOrUndefined()) {
        return;
      }
    } else {
      // Step 3. Otherwise, if elements has only one element, return that
      // element.
--- a/icecat/dom/indexedDB/ActorsParent.cpp
+++ b/icecat/dom/indexedDB/ActorsParent.cpp
@ -1316,7 +1316,6 @@ class DatabaseConnection::UpdateRefcountFunction::FileInfoEntry final {
    }
  }
  void DecBySavepointDelta() { mDelta -= mSavepointDelta; }
  void ResetSavepointDelta() { mSavepointDelta = 0; }
  SafeRefPtr<DatabaseFileInfo> ReleaseFileInfo() {
    return std::move(mFileInfo);
  }
@ -7584,7 +7583,6 @@ void DatabaseConnection::UpdateRefcountFunction::RollbackSavepoint() {
  for (const auto& entry : mSavepointEntriesIndex.Values()) {
    entry->DecBySavepointDelta();
    entry->ResetSavepointDelta();
  }
  mInSavepoint = false;
@ -10550,8 +10548,8 @@ already_AddRefed<PBackgroundIDBCursorParent> TransactionBase::AllocCursor(
  if (NS_AUUF_OR_WARN_IF(!objectStoreMetadata)) {
    return nullptr;
  }
-  if (!aTrustParams && NS_AUUF_OR_WARN_IF(!VerifyRequestParams(
+  if (aTrustParams && NS_AUUF_OR_WARN_IF(!VerifyRequestParams(
-                           commonParams.optionalKeyRange()))) {
+                          commonParams.optionalKeyRange()))) {
    return nullptr;
  }
  direction = commonParams.direction();
@ -18976,8 +18974,7 @@ nsresult ObjectStoreAddOrPutRequestOp::DoDatabaseWork(
        // Update index keys if primary key is preserved in child.
        for (auto& updateInfo : mParams.indexUpdateInfos()) {
-          QM_TRY(
+          updateInfo.value().MaybeUpdateAutoIncrementKey(autoIncrementNum);
              updateInfo.value().MaybeUpdateAutoIncrementKey(autoIncrementNum));
        }
      } else if (key.IsFloat()) {
        double numericKey = key.ToFloat();
--- a/icecat/dom/indexedDB/Key.cpp
+++ b/icecat/dom/indexedDB/Key.cpp
@ -585,34 +585,19 @@ void Key::ReserveAutoIncrementKey(bool aFirstOfArray) {
  mozilla::BigEndian::writeUint64(buffer, UINT64_MAX);
 }
-Result<Ok, nsresult> Key::MaybeUpdateAutoIncrementKey(int64_t aKey) {
+void Key::MaybeUpdateAutoIncrementKey(int64_t aKey) {
  if (mAutoIncrementKeyOffsets.IsEmpty()) {
-    return Ok{};
+    return;
  }
  static constexpr auto maxOffset =
      KEY_MAXIMUM_BUFFER_LENGTH - sizeof(double) - 1;
  for (uint32_t offset : mAutoIncrementKeyOffsets) {
    if (offset > maxOffset) {
      return Err(NS_ERROR_DOM_INDEXEDDB_KEY_ERR);
    }
    char* buffer;
-    const auto capacity = mBuffer.GetMutableData(&buffer);
+    MOZ_ALWAYS_TRUE(mBuffer.GetMutableData(&buffer));
    MOZ_ALWAYS_TRUE(capacity);
    if (offset + sizeof(double) > capacity) {
      return Err(NS_ERROR_DOM_INDEXEDDB_KEY_ERR);
    }
    buffer += offset;
    WriteDoubleToUint64(buffer, double(aKey));
  }
  TrimBuffer();
  return Ok{};
 }
 void Key::WriteDoubleToUint64(char* aBuffer, double aValue) {
--- a/icecat/dom/indexedDB/Key.h
+++ b/icecat/dom/indexedDB/Key.h
@ -185,7 +185,7 @@ class Key {
  void ReserveAutoIncrementKey(bool aFirstOfArray);
-  Result<Ok, nsresult> MaybeUpdateAutoIncrementKey(int64_t aKey);
+  void MaybeUpdateAutoIncrementKey(int64_t aKey);
 private:
  class MOZ_STACK_CLASS ArrayValueEncoder;
--- a/icecat/dom/media/eme/MediaKeys.cpp
+++ b/icecat/dom/media/eme/MediaKeys.cpp
@ -325,7 +325,6 @@ void MediaKeys::RejectPromise(PromiseId aId, ErrorResult&& aException,
            this, aId, errorCodeAsInt);
    return;
  }
  RefPtr<MediaKeys> keys(this);
  // This promise could be a createSession or loadSession promise,
  // so we might have a pending session waiting to be resolved into
@ -380,7 +379,6 @@ void MediaKeys::ResolvePromise(PromiseId aId) {
  if (!promise) {
    return;
  }
  RefPtr<MediaKeys> keys(this);
  uint32_t token = 0;
  if (!mPromiseIdToken.Get(aId, &token)) {
--- a/icecat/dom/media/eme/clearkey/ClearKeyUtils.cpp
+++ b/icecat/dom/media/eme/clearkey/ClearKeyUtils.cpp
@ -189,10 +189,8 @@ bool ClearKeyUtils::DecryptCbcs(const vector<uint8_t>& aKey,
 /* static */
 bool ClearKeyUtils::DecryptAES(const vector<uint8_t>& aKey,
                               vector<uint8_t>& aData, vector<uint8_t>& aIV) {
-  if (aKey.size() != CENC_KEY_LEN || aIV.size() != CENC_KEY_LEN) {
+  assert(aIV.size() == CENC_KEY_LEN);
-    CK_LOGE("Key and IV size should be 16!");
+  assert(aKey.size() == CENC_KEY_LEN);
    return false;
  }
  PK11SlotInfo* slot = PK11_GetInternalKeySlot();
  if (!slot) {
--- a/icecat/dom/media/gmp/GMPParent.cpp
+++ b/icecat/dom/media/gmp/GMPParent.cpp
@ -657,11 +657,13 @@ void GMPParent::DeleteProcess() {
            self->DeleteProcess();
          },
          [self](const ipc::ResponseRejectReason&) {
            // We crashed during shutdown, ActorDestroy will perform cleanup.
            GMP_LOG_DEBUG(
                "GMPParent[%p|childPid=%d] DeleteProcess: Shutdown handshake "
                "error.",
                self.get(), self->mChildPid);
            self->mState = GMPState::Closed;
            self->Close();
            self->DeleteProcess();
          });
      return;
    }
--- a/icecat/dom/media/platforms/wrappers/MediaChangeMonitor.cpp
+++ b/icecat/dom/media/platforms/wrappers/MediaChangeMonitor.cpp
@ -1200,7 +1200,7 @@ MediaResult MediaChangeMonitor::CreateDecoderAndInit(MediaRawData* aSample) {
                        return;
                      }
-                      mDecodePromise.RejectIfExists(
+                      mDecodePromise.Reject(
                          MediaResult(
                              aError.Code(),
                              RESULT_DETAIL("Unable to initialize decoder")),
@ -1215,7 +1215,7 @@ MediaResult MediaChangeMonitor::CreateDecoderAndInit(MediaRawData* aSample) {
              mFlushPromise.Reject(aError, __func__);
              return;
            }
-            mDecodePromise.RejectIfExists(
+            mDecodePromise.Reject(
                MediaResult(NS_ERROR_DOM_MEDIA_FATAL_ERR,
                            RESULT_DETAIL("Unable to create decoder")),
                __func__);
@ -1259,12 +1259,12 @@ void MediaChangeMonitor::DecodeFirstSample(MediaRawData* aSample) {
          [self, this](MediaDataDecoder::DecodedData&& aResults) {
            mDecodePromiseRequest.Complete();
            mPendingFrames.AppendElements(std::move(aResults));
-            mDecodePromise.ResolveIfExists(std::move(mPendingFrames), __func__);
+            mDecodePromise.Resolve(std::move(mPendingFrames), __func__);
            mPendingFrames = DecodedData();
          },
          [self, this](const MediaResult& aError) {
            mDecodePromiseRequest.Complete();
-            mDecodePromise.RejectIfExists(aError, __func__);
+            mDecodePromise.Reject(aError, __func__);
          })
      ->Track(mDecodePromiseRequest);
 }
@ -1323,7 +1323,7 @@ void MediaChangeMonitor::DrainThenFlushDecoder(MediaRawData* aPendingSample) {
              mFlushPromise.Reject(aError, __func__);
              return;
            }
-            mDecodePromise.RejectIfExists(aError, __func__);
+            mDecodePromise.Reject(aError, __func__);
          })
      ->Track(mDrainRequest);
 }
@ -1367,7 +1367,7 @@ void MediaChangeMonitor::FlushThenShutdownDecoder(
                        return;
                      }
                      MOZ_ASSERT(NS_FAILED(rv));
-                      mDecodePromise.RejectIfExists(rv, __func__);
+                      mDecodePromise.Reject(rv, __func__);
                      return;
                    },
                    [] { MOZ_CRASH("Can't reach here'"); })
@ -1380,7 +1380,7 @@ void MediaChangeMonitor::FlushThenShutdownDecoder(
              mFlushPromise.Reject(aError, __func__);
              return;
            }
-            mDecodePromise.RejectIfExists(aError, __func__);
+            mDecodePromise.Reject(aError, __func__);
          })
      ->Track(mFlushRequest);
 }
--- a/icecat/dom/media/test/crashtests/2014824.html
+++ b/icecat/dom/media/test/crashtests/2014824.html
--- a/icecat/dom/media/test/crashtests/crashtests.list
+++ b/icecat/dom/media/test/crashtests/crashtests.list
@ -187,4 +187,3 @@ load 1905234.html
 load 1905231.webm
 load 1917627.mp4
 skip-if(Android) load audioworkletprocessor-recursion.html
 load 2014824.html
--- a/icecat/dom/media/webaudio/MediaBufferDecoder.cpp
+++ b/icecat/dom/media/webaudio/MediaBufferDecoder.cpp
@ -229,12 +229,7 @@ class AutoResampler final {
    MOZ_ASSERT(mResampler);
    return mResampler;
  }
-  void operator=(SpeexResamplerState* aResampler) {
+  void operator=(SpeexResamplerState* aResampler) { mResampler = aResampler; }
    if (mResampler) {
      speex_resampler_destroy(mResampler);
    }
    mResampler = aResampler;
  }
 private:
  SpeexResamplerState* mResampler;
@ -569,13 +564,6 @@ void MediaDecodeTask::FinishDecode() {
      }
      mDecodeJob.mBuffer.mBuffer = std::move(newBuffers);
      channelCount = audioData->mChannels;
      // Don't bother draining the previous resampler for unexpected edge case.
      if (sampleRate != destSampleRate) {
        resampler = speex_resampler_init(channelCount, sampleRate, destSampleRate,
                                         SPEEX_RESAMPLER_QUALITY_DEFAULT, nullptr);
        speex_resampler_skip_zeros(resampler);
      }
    }
    const AudioDataValue* bufferData =
--- a/icecat/dom/media/webm/WebMDemuxer.cpp
+++ b/icecat/dom/media/webm/WebMDemuxer.cpp
@ -900,12 +900,6 @@ nsresult WebMDemuxer::GetNextPacket(TrackInfo::TrackType aType,
          for (uint8_t i = 0; i < numPartitions; i++) {
            uint32_t partition = partitions[i];
            if (partition > length || partition < lastOffset) {
              WEBM_DEBUG(
                  "Invalid partition offset: %u (length: %zu, lastOffset: %u)",
                  partition, length, lastOffset);
              return NS_ERROR_DOM_MEDIA_DEMUXER_ERR;
            }
            uint32_t currentLength = partition - lastOffset;
            if (encrypted) {
@ -916,6 +910,8 @@ nsresult WebMDemuxer::GetNextPacket(TrackInfo::TrackType aType,
            encrypted = !encrypted;
            lastOffset = partition;
            MOZ_ASSERT(lastOffset <= length);
          }
          // Add the data between the last offset and the end of the data.
--- a/icecat/dom/media/webrtc/libwebrtcglue/VideoConduit.cpp
+++ b/icecat/dom/media/webrtc/libwebrtcglue/VideoConduit.cpp
@ -780,17 +780,6 @@ void WebrtcVideoConduit::OnControlConfigChange() {
                .valueOr(-1);
          })());
          // Set each layer's max-bitrate explicitly or libwebrtc may ignore all
          // stream-specific max-bitrate settings later on, as provided by the
          // VideoStreamFactory. Default to our max of 10Mbps, overriden by
          // SDP/JS.
          int maxBps = KBPS(10000);
          maxBps = MinIgnoreZero(maxBps, mPrefMaxBitrate);
          maxBps = MinIgnoreZero(maxBps, mNegotiatedMaxBitrate);
          maxBps = MinIgnoreZero(maxBps,
                                 static_cast<int>(encodingConstraints.maxBr));
          video_stream.max_bitrate_bps = maxBps;
          // At this time, other values are not used until after
          // CreateEncoderStreams(). We fill these in directly from the codec
          // config in VideoStreamFactory.
@ -951,14 +940,6 @@ void WebrtcVideoConduit::OnControlConfigChange() {
              mEncoderConfig.number_of_streams,
          "Each video substream must have a corresponding ssrc.");
      mEncoderConfig.video_stream_factory = CreateVideoStreamFactory();
      for (const auto& stream : mEncoderConfig.simulcast_layers) {
        CSFLogDebug(
            LOGTAG,
            "%s Reconfigure with simulcast stream maxFps=%d, "
            "bitrate=[%dkbps, %dkbps, %dkbps]",
            __FUNCTION__, stream.max_framerate, stream.min_bitrate_bps / 1000,
            stream.target_bitrate_bps / 1000, stream.max_bitrate_bps / 1000);
      }
      mSendStream->ReconfigureVideoEncoder(mEncoderConfig.Copy());
    }
    if (sendSourceUpdateNeeded && mTrackSource) {
--- a/icecat/dom/media/webrtc/libwebrtcglue/VideoStreamFactory.cpp
+++ b/icecat/dom/media/webrtc/libwebrtcglue/VideoStreamFactory.cpp
@ -223,20 +223,15 @@ std::vector<webrtc::VideoStream> VideoStreamFactory::CreateEncoderStreams(
                 __FUNCTION__, encoding.rid.c_str());
    }
    CSFLogInfo(LOGTAG, "%s Stream with RID %s maxFps=%d (global max fps = %u)",
               __FUNCTION__, encoding.rid.c_str(), video_stream.max_framerate,
               (unsigned)mMaxFramerateForAllStreams);
    SelectBitrates({video_stream.width, video_stream.height}, mMinBitrate,
                   mStartBitrate,
                   SaturatingCast<int>(encoding.constraints.maxBr),
                   mPrefMaxBitrate, mNegotiatedMaxBitrate, video_stream);
    CSFLogInfo(LOGTAG,
               "%s Stream with RID %s maxFps=%d (global max fps = %u), "
               "bitrate=[%dkbps, %dkbps, %dkbps]",
               __FUNCTION__, encoding.rid.c_str(), video_stream.max_framerate,
               (unsigned)mMaxFramerateForAllStreams,
               video_stream.min_bitrate_bps / 1000,
               video_stream.target_bitrate_bps / 1000,
               video_stream.max_bitrate_bps / 1000);
    video_stream.bitrate_priority = aConfig.bitrate_priority;
    video_stream.max_qp = kQpMax;
--- a/icecat/dom/media/webrtc/libwebrtcglue/WebrtcGmpVideoCodec.cpp
+++ b/icecat/dom/media/webrtc/libwebrtcglue/WebrtcGmpVideoCodec.cpp
@ -491,8 +491,6 @@ int32_t WebrtcGmpVideoEncoder::SetRates_g(uint32_t aOldBitRateKbps,
    return WEBRTC_VIDEO_CODEC_ERROR;
  }
  GMP_LOG_DEBUG("GMP Encoder %p setting rate %ukbps", this, aNewBitRateKbps);
  mNeedKeyframe |= (aOldBitRateKbps == 0 && aNewBitRateKbps != 0);
  GMPErr err = mGMP->SetRates(
@ -855,15 +853,6 @@ int32_t WebrtcGmpVideoDecoder::Decode(const webrtc::EncodedImage& aInputImage,
 }
 void WebrtcGmpVideoDecoder::Decode_g(UniquePtr<GMPDecodeData>&& aDecodeData) {
  CheckedInt<uint32_t> dataSize(aDecodeData->mImage.size());
  dataSize -= 4;
  if (!dataSize.isValid()) {
    GMP_LOG_ERROR("%s: bad input size (%zu)!", __PRETTY_FUNCTION__,
                  aDecodeData->mImage.size());
    mDecoderStatus = GMPInvalidArgErr;
    return;
  }
  if (!mGMP) {
    if (mInitting) {
      // InitDone hasn't been called yet (race)
--- a/icecat/dom/media/webrtc/transport/ipc/WebrtcTCPSocket.cpp
+++ b/icecat/dom/media/webrtc/transport/ipc/WebrtcTCPSocket.cpp
@ -685,52 +685,44 @@ WebrtcTCPSocket::OnInputStreamReady(nsIAsyncInputStream* in) {
  MOZ_ASSERT(mTransport, "webrtc TCP socket not connected");
  MOZ_ASSERT(mSocketIn == in, "wrong input stream");
-  while (true) {
+  char buffer[9216];
-    char buffer[9216];
+  uint32_t remainingCapacity = sizeof(buffer);
-    uint32_t remainingCapacity = sizeof(buffer);
+  uint32_t read = 0;
    uint32_t read = 0;
-    while (remainingCapacity > 0) {
+  while (remainingCapacity > 0) {
-      uint32_t count = 0;
+    uint32_t count = 0;
-      nsresult rv = mSocketIn->Read(buffer + read, remainingCapacity, &count);
+    nsresult rv = mSocketIn->Read(buffer + read, remainingCapacity, &count);
-      if (rv == NS_BASE_STREAM_WOULD_BLOCK) {
+    if (rv == NS_BASE_STREAM_WOULD_BLOCK) {
        break;
      }
      if (NS_FAILED(rv)) {
        LOG(("WebrtcTCPSocket::OnInputStreamReady %p failed %u\n", this,
             static_cast<uint32_t>(rv)));
        CloseWithReason(rv);
        return rv;
      }
      // base stream closed
      if (count == 0) {
        LOG(("WebrtcTCPSocket::OnInputStreamReady %p connection closed\n",
             this));
        CloseWithReason(NS_ERROR_FAILURE);
        return NS_OK;
      }
      remainingCapacity -= count;
      read += count;
    }
    if (read > 0) {
      nsTArray<uint8_t> array(read);
      array.AppendElements(buffer, read);
      InvokeOnRead(std::move(array));
    }
    if (remainingCapacity != 0) {
      // Loop exited above, but not because we ran out of space. We're actually
      // done, break out of the while(true) loop.
      break;
    }
    if (NS_FAILED(rv)) {
      LOG(("WebrtcTCPSocket::OnInputStreamReady %p failed %u\n", this,
           static_cast<uint32_t>(rv)));
      CloseWithReason(rv);
      return rv;
    }
    // base stream closed
    if (count == 0) {
      LOG(("WebrtcTCPSocket::OnInputStreamReady %p connection closed\n", this));
      CloseWithReason(NS_ERROR_FAILURE);
      return NS_OK;
    }
    remainingCapacity -= count;
    read += count;
  }
  if (read > 0) {
    nsTArray<uint8_t> array(read);
    array.AppendElements(buffer, read);
    InvokeOnRead(std::move(array));
  }
  mSocketIn->AsyncWait(this, 0, 0, nullptr);
  return NS_OK;
 }
--- a/icecat/dom/svg/SVGContentUtils.cpp
+++ b/icecat/dom/svg/SVGContentUtils.cpp
@ -436,8 +436,9 @@ static gfx::Matrix GetCTMInternal(SVGElement* aElement, CTMType aCTMType,
  auto postTranslateFrameOffset = [](nsIFrame* aFrame, nsIFrame* aAncestorFrame,
                                     gfx::Matrix& aMatrix) {
    auto point = aFrame->GetOffsetTo(aAncestorFrame);
-    aMatrix.PostTranslate(nsPresContext::AppUnitsToFloatCSSPixels(point.x),
+    aMatrix =
-                          nsPresContext::AppUnitsToFloatCSSPixels(point.y));
+        aMatrix.PostTranslate(nsPresContext::AppUnitsToFloatCSSPixels(point.x),
                              nsPresContext::AppUnitsToFloatCSSPixels(point.y));
  };
  gfxMatrix matrix = getLocalTransformHelper(aElement, aHaveRecursed);
@ -498,7 +499,8 @@ static gfx::Matrix GetCTMInternal(SVGElement* aElement, CTMType aCTMType,
  if (frame->IsSVGOuterSVGFrame()) {
    nsMargin bp = frame->GetUsedBorderAndPadding();
    int32_t appUnitsPerCSSPixel = AppUnitsPerCSSPixel();
-    nscoord xOffset, yOffset;
+    float xOffset = NSAppUnitsToFloatPixels(bp.left, appUnitsPerCSSPixel);
    float yOffset = NSAppUnitsToFloatPixels(bp.top, appUnitsPerCSSPixel);
    // See
    // https://drafts.csswg.org/css-transforms/#valdef-transform-box-fill-box
    // For elements with associated CSS layout box, the used value for fill-box
@ -506,24 +508,17 @@ static gfx::Matrix GetCTMInternal(SVGElement* aElement, CTMType aCTMType,
    switch (frame->StyleDisplay()->mTransformBox) {
      case StyleTransformBox::FillBox:
      case StyleTransformBox::ContentBox:
-        xOffset = bp.left;
+        // Apply border/padding separate from the rest of the transform.
-        yOffset = bp.top;
+        // i.e. after it's been transformed
        tm.PostTranslate(xOffset, yOffset);
        break;
      case StyleTransformBox::StrokeBox:
      case StyleTransformBox::ViewBox:
-      case StyleTransformBox::BorderBox: {
+      case StyleTransformBox::BorderBox:
-        // Extract the rotation component of the matrix.
+        // Apply border/padding before we transform the surface.
-        float angle = std::atan2(tm._12, tm._11);
+        tm.PreTranslate(xOffset, yOffset);
        float cosAngle = std::cos(angle);
        float sinAngle = std::sin(angle);
        // Apply that rotation to bp.left and bp.top.
        xOffset = bp.left * cosAngle - bp.top * sinAngle;
        yOffset = bp.top * cosAngle + bp.left * sinAngle;
        break;
      }
    }
    tm.PostTranslate(NSAppUnitsToFloatPixels(xOffset, appUnitsPerCSSPixel),
                     NSAppUnitsToFloatPixels(yOffset, appUnitsPerCSSPixel));
  }
  if (!ancestor || !ancestor->IsElement()) {
--- a/icecat/dom/webauthn/MacOSWebAuthnService.mm
+++ b/icecat/dom/webauthn/MacOSWebAuthnService.mm
@ -823,20 +823,6 @@ MacOSWebAuthnService::MakeCredential(uint64_t aTransactionId,
              *userVerificationPreference;
        }
        if (__builtin_available(macos 13.5, *)) {
          // Show the hybrid transport unless we have a non-empty hint list and
          // none of the hints are for the hybrid transport.
          bool hasHybridHint = false;
          nsTArray<nsString> hints;
          (void)aArgs->GetHints(hints);
          for (nsString& hint : hints) {
            if (hint.Equals(u"hybrid"_ns)) {
              hasHybridHint = true;
            }
          }
          platformRegistrationRequest.shouldShowHybridTransport =
              hints.Length() == 0 || hasHybridHint;
        }
        if (__builtin_available(macos 14.0, *)) {
          bool largeBlobSupportRequired;
          nsresult rv =
@ -1187,19 +1173,11 @@ void MacOSWebAuthnService::DoGetAssertion(
              *userVerificationPreference;
        }
        if (__builtin_available(macos 13.5, *)) {
-          // Show the hybrid transport option if (1) none of the allowlist
+          // Show the hybrid transport option if (1) we have no transport hints
-          // credentials list transports, or (2) at least one allow list entry
+          // or (2) at least one allow list entry lists the hybrid transport.
          // lists the hybrid transport, or (3) the request has the hybrid hint.
          bool shouldShowHybridTransport =
              !transports ||
              (transports & MOZ_WEBAUTHN_AUTHENTICATOR_TRANSPORT_ID_HYBRID);
          nsTArray<nsString> hints;
          (void)aArgs->GetHints(hints);
          for (nsString& hint : hints) {
            if (hint.Equals(u"hybrid"_ns)) {
              shouldShowHybridTransport = true;
            }
          }
          platformAssertionRequest.shouldShowHybridTransport =
              shouldShowHybridTransport;
        }
--- a/icecat/dom/webauthn/PWebAuthnTransaction.ipdl
+++ b/icecat/dom/webauthn/PWebAuthnTransaction.ipdl
@ -143,7 +143,6 @@ struct WebAuthnMakeCredentialInfo {
  WebAuthnExtension[] Extensions;
  WebAuthnAuthenticatorSelection AuthenticatorSelection;
  nsString attestationConveyancePreference;
  nsString[] Hints;
 };
 struct WebAuthnMakeCredentialResult {
@ -169,7 +168,6 @@ struct WebAuthnGetAssertionInfo {
  WebAuthnExtension[] Extensions;
  nsString userVerificationRequirement;
  bool ConditionallyMediated;
  nsString[] Hints;
 };
 struct WebAuthnGetAssertionResult {
--- a/icecat/dom/webauthn/PublicKeyCredential.cpp
+++ b/icecat/dom/webauthn/PublicKeyCredential.cpp
@ -659,8 +659,6 @@ void PublicKeyCredential::ParseCreationOptionsFromJSON(
    aResult.mAuthenticatorSelection = aOptions.mAuthenticatorSelection.Value();
  }
  aResult.mHints = aOptions.mHints;
  aResult.mAttestation = aOptions.mAttestation;
  if (aOptions.mExtensions.WasPassed()) {
@ -754,8 +752,6 @@ void PublicKeyCredential::ParseRequestOptionsFromJSON(
  aResult.mUserVerification = aOptions.mUserVerification;
  aResult.mHints = aOptions.mHints;
  if (aOptions.mExtensions.WasPassed()) {
    if (aOptions.mExtensions.Value().mAppid.WasPassed()) {
      aResult.mExtensions.mAppid.Construct(
--- a/icecat/dom/webauthn/WebAuthnArgs.cpp
+++ b/icecat/dom/webauthn/WebAuthnArgs.cpp
@ -245,12 +245,6 @@ WebAuthnRegisterArgs::GetLargeBlobSupportRequired(
  return NS_ERROR_NOT_AVAILABLE;
 }
 NS_IMETHODIMP
 WebAuthnRegisterArgs::GetHints(nsTArray<nsString>& aHints) {
  aHints.Assign(mInfo.Hints());
  return NS_OK;
 }
 NS_IMPL_ISUPPORTS(WebAuthnSignArgs, nsIWebAuthnSignArgs)
 NS_IMETHODIMP
@ -490,10 +484,4 @@ WebAuthnSignArgs::GetLargeBlobWrite(nsTArray<uint8_t>& aLargeBlobWrite) {
  return NS_ERROR_NOT_AVAILABLE;
 }
 NS_IMETHODIMP
 WebAuthnSignArgs::GetHints(nsTArray<nsString>& aHints) {
  aHints.Assign(mInfo.Hints());
  return NS_OK;
 }
 }  // namespace mozilla::dom
--- a/icecat/dom/webauthn/WebAuthnHandler.cpp
+++ b/icecat/dom/webauthn/WebAuthnHandler.cpp
@ -392,7 +392,7 @@ already_AddRefed<Promise> WebAuthnHandler::MakeCredential(
  WebAuthnMakeCredentialInfo info(rpId, challenge, adjustedTimeout, excludeList,
                                  rpInfo, userInfo, coseAlgos, extensions,
-                                  authSelection, attestation, aOptions.mHints);
+                                  authSelection, attestation);
  // Set up the transaction state. Fallible operations should not be performed
  // below this line, as we must not leave the transaction state partially
@ -666,7 +666,7 @@ already_AddRefed<Promise> WebAuthnHandler::GetAssertion(
  WebAuthnGetAssertionInfo info(
      rpId, maybeAppId, challenge, adjustedTimeout, allowList, extensions,
-      aOptions.mUserVerification, aConditionallyMediated, aOptions.mHints);
+      aOptions.mUserVerification, aConditionallyMediated);
  // Set up the transaction state. Fallible operations should not be performed
  // below this line, as we must not leave the transaction state partially
--- a/icecat/dom/webauthn/WinWebAuthnService.cpp
+++ b/icecat/dom/webauthn/WinWebAuthnService.cpp
@ -30,10 +30,6 @@ StaticRWLock gWinWebAuthnModuleLock;
 static bool gWinWebAuthnModuleUnusable = false;
 static HMODULE gWinWebAuthnModule = 0;
 static const LPCWSTR gWebAuthnHintStrings[3] = {
    WEBAUTHN_CREDENTIAL_HINT_SECURITY_KEY,
    WEBAUTHN_CREDENTIAL_HINT_CLIENT_DEVICE, WEBAUTHN_CREDENTIAL_HINT_HYBRID};
 static decltype(WebAuthNIsUserVerifyingPlatformAuthenticatorAvailable)*
    gWinWebauthnIsUVPAA = nullptr;
 static decltype(WebAuthNAuthenticatorMakeCredential)*
@ -54,6 +50,7 @@ static decltype(WebAuthNGetPlatformCredentialList)*
    gWinWebauthnGetPlatformCredentialList = nullptr;
 static decltype(WebAuthNFreePlatformCredentialList)*
    gWinWebauthnFreePlatformCredentialList = nullptr;
 }  // namespace
 /***********************************************************************
@ -179,18 +176,6 @@ WinWebAuthnService::~WinWebAuthnService() {
  gWinWebAuthnModule = 0;
 }
 // static
 void PrunePublicKeyCredentialHints(const nsTArray<nsString>& aInHints,
                                   /* out */ nsTArray<LPCWSTR>& aOutHints) {
  for (const nsString& inputHint : aInHints) {
    for (const LPCWSTR knownHint : gWebAuthnHintStrings) {
      if (inputHint.Equals(knownHint)) {
        aOutHints.AppendElement(knownHint);
      }
    }
  }
 }
 // static
 bool WinWebAuthnService::AreWebAuthNApisAvailable() {
  nsresult rv = EnsureWinWebAuthnModuleLoaded();
@ -609,16 +594,10 @@ WinWebAuthnService::MakeCredential(uint64_t aTransactionId,
          winPrivateBrowsing = TRUE;
        }
        nsTArray<nsString> inputHints;
        (void)aArgs->GetHints(inputHints);
        nsTArray<LPCWSTR> hints;
        PrunePublicKeyCredentialHints(inputHints, hints);
        // MakeCredentialOptions
        WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS
        WebAuthNCredentialOptions = {
-            WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_8,
+            WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_7,
            timeout,
            {0, NULL},
            {0, NULL},
@ -630,16 +609,13 @@ WinWebAuthnService::MakeCredential(uint64_t aTransactionId,
            &cancellationId,  // CancellationId
            pExcludeCredentialList,
            WEBAUTHN_ENTERPRISE_ATTESTATION_NONE,
-            largeBlobSupport,       // LargeBlobSupport
+            largeBlobSupport,      // LargeBlobSupport
-            winPreferResidentKey,   // PreferResidentKey
+            winPreferResidentKey,  // PreferResidentKey
-            winPrivateBrowsing,     // BrowserInPrivateMode
+            winPrivateBrowsing,    // BrowserInPrivateMode
-            winEnablePrf,           // EnablePrf
+            winEnablePrf,          // EnablePrf
-            NULL,                   // LinkedDevice
+            NULL,                  // LinkedDevice
-            0,                      // size of JsonExt
+            0,                     // size of JsonExt
-            NULL,                   // JsonExt
+            NULL,                  // JsonExt
            NULL,                   // PRFGlobalEval
            (DWORD)hints.Length(),  // Size of CredentialHints
            hints.Elements(),       // CredentialHints
        };
        if (rgExtension.Length() != 0) {
@ -992,12 +968,6 @@ void WinWebAuthnService::DoGetAssertion(
          pAllowCredentialList = &allowCredentialList;
        }
        nsTArray<nsString> inputHints;
        (void)aArgs->GetHints(inputHints);
        nsTArray<LPCWSTR> hints;
        PrunePublicKeyCredentialHints(inputHints, hints);
        uint32_t timeout_u32;
        Unused << aArgs->GetTimeoutMS(&timeout_u32);
        DWORD timeout = timeout_u32;
@ -1011,7 +981,7 @@ void WinWebAuthnService::DoGetAssertion(
        WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS WebAuthNAssertionOptions =
            {
-                WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_8,
+                WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_7,
                timeout,
                {0, NULL},
                {0, NULL},
@ -1031,8 +1001,6 @@ void WinWebAuthnService::DoGetAssertion(
                FALSE,                   // AutoFill
                0,                       // Size of JsonExt
                NULL,                    // JsonExt
                (DWORD)hints.Length(),   // Size of CredentialHints
                hints.Elements(),        // CredentialHints
            };
        PWEBAUTHN_ASSERTION pWebAuthNAssertion = nullptr;
--- a/icecat/dom/webauthn/nsIWebAuthnArgs.idl
+++ b/icecat/dom/webauthn/nsIWebAuthnArgs.idl
@ -65,8 +65,6 @@ interface nsIWebAuthnRegisterArgs : nsISupports {
    // consent popup.
    [must_use] readonly attribute AString attestationConveyancePreference;
    readonly attribute Array<AString> hints;
    readonly attribute boolean privateBrowsing;
 };
@ -113,8 +111,6 @@ interface nsIWebAuthnSignArgs : nsISupports {
    // cancel transactions.
    readonly attribute unsigned long timeoutMS;
    readonly attribute Array<AString> hints;
    readonly attribute boolean conditionallyMediated;
    readonly attribute boolean privateBrowsing;
--- a/icecat/dom/webauthn/tests/test_webauthn_get_assertion.html
+++ b/icecat/dom/webauthn/tests/test_webauthn_get_assertion.html
@ -47,7 +47,6 @@
    add_task(test_empty_credential_list);
    add_task(test_credential_protection_policy_uv_optional_with_list);
    add_task(test_credential_protection_policy_uv_required);
    add_task(test_unsupported_mediation_requirements);
    function requestGetAssertion(params) {
      return navigator.credentials.get(params);
@ -81,11 +80,6 @@
      is(aResult.code, DOMException.ABORT_ERR, "Expecting an AbortError");
    }
    function expectNotSupportedError(aResult) {
      ok(aResult.toString().startsWith("NotSupportedError"), "Expecting a NotSupportedError");
      return Promise.resolve();
    }
    // Set up a valid credential
    async function test_setup_valid_credential() {
      let publicKey = {
@ -299,19 +293,6 @@
      setUserVerified(authenticatorId, true)
    }
    async function test_unsupported_mediation_requirements() {
      let publicKey = {
        challenge: gAssertionChallenge,
        allowCredentials: [validCred]
      };
      for (const mediation of ["silent"]) {
        await requestGetAssertion({publicKey, mediation})
          .then(arrivingHereIsBad)
          .catch(expectNotSupportedError);
      }
    }
  </script>
 </body>
--- a/icecat/dom/webauthn/tests/test_webauthn_make_credential.html
+++ b/icecat/dom/webauthn/tests/test_webauthn_make_credential.html
@ -78,7 +78,6 @@
    add_task(test_no_unexpected_extensions);
    add_task(test_cred_props_with_rk_required);
    add_task(test_cred_props_with_rk_discouraged);
    add_task(test_unsupported_mediation_requirements);
    function arrivingHereIsGood(aResult) {
      ok(true, "Good result! Received a: " + aResult);
@ -454,17 +453,6 @@
      is(extensionResults.credProps?.rk, false, "rk is false");
    }
    async function test_unsupported_mediation_requirements() {
      let makeCredentialOptions = {
        rp, user, challenge: gCredentialChallenge, pubKeyCredParams: [param]
      };
      for (const mediation of ["conditional", "silent"]) {
        await credm.create({publicKey: makeCredentialOptions, mediation})
                    .then(arrivingHereIsBad)
                    .catch(expectNotSupportedError);
      }
    }
  </script>
 </body>
--- a/icecat/dom/webauthn/tests/test_webauthn_serialization.html
+++ b/icecat/dom/webauthn/tests/test_webauthn_serialization.html
@ -36,18 +36,6 @@
      is(arr.length, 0, `${description} (array should be empty)`);
    }
    function stringArrayEquals(actual, expected, description) {
      is(actual.length, expected.length, `${description} (actual and expected should have the same length)`);
      for (let i = 0; i < actual.length; i++) {
        if (actual[i] instanceof String) {
          throw new Error(`actual[${i}] is not a string` + typeof actual[i]);
        }
        if (actual[i] !== expected[i]) {
          throw new Error(`actual and expected differ in position ${i}: ${actual[i]} vs ${expected[i]}`);
        }
      }
    }
    function shouldThrow(func, expectedError, description) {
      let threw = false;
      try {
@ -67,7 +55,7 @@
        pubKeyCredParams: [],
      };
      let creationOptions = PublicKeyCredential.parseCreationOptionsFromJSON(creationOptionsJSON);
-      is(Object.getOwnPropertyNames(creationOptions).length, 9, "creation options should have 9 properties");
+      is(Object.getOwnPropertyNames(creationOptions).length, 8, "creation options should have 8 properties");
      is(creationOptions.rp.id, undefined, "rp.id should be undefined");
      is(creationOptions.rp.name, "Example", "rp.name should be Example");
      arrayBufferEqualsArray(creationOptions.user.id, [ 250, 93, 234, 52, 180, 202, 38, 120 ], "user.id should be as expected");
@ -82,7 +70,6 @@
      is(creationOptions.authenticatorSelection.requireResidentKey, false, "creationOptions.authenticatorSelection.requireResidentKey should be false");
      is(creationOptions.authenticatorSelection.userVerification, "preferred", "creationOptions.authenticatorSelection.userVerification should be preferred");
      is(creationOptions.attestation, "none", "attestation should be none");
      stringArrayEquals(creationOptions.hints, [], "hints should be an empty array");
      is(Object.getOwnPropertyNames(creationOptions.extensions).length, 0, "extensions should be an empty object");
    });
@ -118,7 +105,7 @@
            },
      };
      let creationOptions = PublicKeyCredential.parseCreationOptionsFromJSON(creationOptionsJSON);
-      is(Object.getOwnPropertyNames(creationOptions).length, 10, "creation options should have 10 properties");
+      is(Object.getOwnPropertyNames(creationOptions).length, 9, "creation options should have 9 properties");
      is(creationOptions.rp.name, "Example", "rp.name should be Example");
      is(creationOptions.rp.id, "example.com", "rp.id should be example.com");
      arrayBufferEqualsArray(creationOptions.user.id, [ 215, 212, 213, 166, 160, 65, 56, 3 ], "user.id should be as expected");
@ -138,7 +125,6 @@
      is(creationOptions.authenticatorSelection.residentKey, "required", "creationOptions.authenticatorSelection.residentKey should be required");
      is(creationOptions.authenticatorSelection.requireResidentKey, true, "creationOptions.authenticatorSelection.requireResidentKey should be true");
      is(creationOptions.authenticatorSelection.userVerification, "discouraged", "creationOptions.authenticatorSelection.userVerification should be discouraged");
      stringArrayEquals(creationOptions.hints, creationOptionsJSON.hints, "creationOptions.hints should be as expected");
      is(creationOptions.attestation, "indirect", "attestation should be indirect");
      is(creationOptions.extensions.appid, "https://www.example.com/appID", "extensions.appid should be https://www.example.com/appID");
      is(creationOptions.extensions.credProps, true, "extensions.credProps should be true");
@ -200,13 +186,12 @@
        challenge: "3yW2WHD_jbU",
      };
      let requestOptions = PublicKeyCredential.parseRequestOptionsFromJSON(requestOptionsJSON);
-      is(Object.getOwnPropertyNames(requestOptions).length, 5, "request options should have 5 properties");
+      is(Object.getOwnPropertyNames(requestOptions).length, 4, "request options should have 4 properties");
      arrayBufferEqualsArray(requestOptions.challenge, [ 223, 37, 182, 88, 112, 255, 141, 181 ], "challenge should be as expected");
      is(requestOptions.timeout, undefined, "timeout should be undefined");
      is(requestOptions.rpId, undefined, "rpId should be undefined");
      isEmptyArray(requestOptions.allowCredentials, "allowCredentials should be an empty array");
      is(requestOptions.userVerification, "preferred", "userVerification should be preferred");
      stringArrayEquals(requestOptions.hints, [], "hints should be an empty array");
      is(Object.getOwnPropertyNames(requestOptions.extensions).length, 0, "extensions should be an empty object");
    });
@ -237,7 +222,7 @@
            },
      };
      let requestOptions = PublicKeyCredential.parseRequestOptionsFromJSON(requestOptionsJSON);
-      is(Object.getOwnPropertyNames(requestOptions).length, 7, "request options should have 7 properties");
+      is(Object.getOwnPropertyNames(requestOptions).length, 6, "request options should have 6 properties");
      arrayBufferEqualsArray(requestOptions.challenge, [ 64, 7, 218, 103, 1, 16, 10, 68 ], "challenge should be as expected");
      is(requestOptions.timeout, 25000, "timeout should be 25000");
      is(requestOptions.rpId, "example.com", "rpId should be example.com");
@ -247,7 +232,6 @@
      is(requestOptions.allowCredentials[0].transports.length, 1, "allowCredentials[0].transports should have one element");
      is(requestOptions.allowCredentials[0].transports[0], "smart-card", "allowCredentials[0].transports[0] should be usb");
      is(requestOptions.userVerification, "discouraged", "userVerification should be discouraged");
      stringArrayEquals(requestOptions.hints, requestOptionsJSON.hints, "requestOptions.hints should be as expected");
      is(requestOptions.extensions.appid, "https://www.example.com/anotherAppID", "extensions.appid should be https://www.example.com/anotherAppID");
      arrayBufferEqualsArray(requestOptions.extensions.prf.eval.first, [102, 105, 114, 115, 116], "extensions.prf.eval.first should be 'first'");
      arrayBufferEqualsArray(requestOptions.extensions.prf.eval.second, [115, 101, 99, 111, 110, 100], "extensions.prf.eval.second should be 'second'");
--- a/icecat/dom/webauthn/winwebauthn/.gitignore
+++ b/icecat/dom/webauthn/winwebauthn/.gitignore
@ -0,0 +1,330 @@
 ## Ignore Visual Studio temporary files, build results, and
 ## files generated by popular Visual Studio add-ons.
 ##
 ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
 # User-specific files
 *.suo
 *.user
 *.userosscache
 *.sln.docstates
 # User-specific files (MonoDevelop/Xamarin Studio)
 *.userprefs
 # Build results
 [Dd]ebug/
 [Dd]ebugPublic/
 [Rr]elease/
 [Rr]eleases/
 x64/
 x86/
 bld/
 [Bb]in/
 [Oo]bj/
 [Ll]og/
 # Visual Studio 2015/2017 cache/options directory
 .vs/
 # Uncomment if you have tasks that create the project's static files in wwwroot
 #wwwroot/
 # Visual Studio 2017 auto generated files
 Generated\ Files/
 # MSTest test Results
 [Tt]est[Rr]esult*/
 [Bb]uild[Ll]og.*
 # NUNIT
 *.VisualState.xml
 TestResult.xml
 # Build Results of an ATL Project
 [Dd]ebugPS/
 [Rr]eleasePS/
 dlldata.c
 # Benchmark Results
 BenchmarkDotNet.Artifacts/
 # .NET Core
 project.lock.json
 project.fragment.lock.json
 artifacts/
 **/Properties/launchSettings.json
 # StyleCop
 StyleCopReport.xml
 # Files built by Visual Studio
 *_i.c
 *_p.c
 *_i.h
 *.ilk
 *.meta
 *.obj
 *.iobj
 *.pch
 *.pdb
 *.ipdb
 *.pgc
 *.pgd
 *.rsp
 *.sbr
 *.tlb
 *.tli
 *.tlh
 *.tmp
 *.tmp_proj
 *.log
 *.vspscc
 *.vssscc
 .builds
 *.pidb
 *.svclog
 *.scc
 # Chutzpah Test files
 _Chutzpah*
 # Visual C++ cache files
 ipch/
 *.aps
 *.ncb
 *.opendb
 *.opensdf
 *.sdf
 *.cachefile
 *.VC.db
 *.VC.VC.opendb
 # Visual Studio profiler
 *.psess
 *.vsp
 *.vspx
 *.sap
 # Visual Studio Trace Files
 *.e2e
 # TFS 2012 Local Workspace
 $tf/
 # Guidance Automation Toolkit
 *.gpState
 # ReSharper is a .NET coding add-in
 _ReSharper*/
 *.[Rr]e[Ss]harper
 *.DotSettings.user
 # JustCode is a .NET coding add-in
 .JustCode
 # TeamCity is a build add-in
 _TeamCity*
 # DotCover is a Code Coverage Tool
 *.dotCover
 # AxoCover is a Code Coverage Tool
 .axoCover/*
 !.axoCover/settings.json
 # Visual Studio code coverage results
 *.coverage
 *.coveragexml
 # NCrunch
 _NCrunch_*
 .*crunch*.local.xml
 nCrunchTemp_*
 # MightyMoose
 *.mm.*
 AutoTest.Net/
 # Web workbench (sass)
 .sass-cache/
 # Installshield output folder
 [Ee]xpress/
 # DocProject is a documentation generator add-in
 DocProject/buildhelp/
 DocProject/Help/*.HxT
 DocProject/Help/*.HxC
 DocProject/Help/*.hhc
 DocProject/Help/*.hhk
 DocProject/Help/*.hhp
 DocProject/Help/Html2
 DocProject/Help/html
 # Click-Once directory
 publish/
 # Publish Web Output
 *.[Pp]ublish.xml
 *.azurePubxml
 # Note: Comment the next line if you want to checkin your web deploy settings,
 # but database connection strings (with potential passwords) will be unencrypted
 *.pubxml
 *.publishproj
 # Microsoft Azure Web App publish settings. Comment the next line if you want to
 # checkin your Azure Web App publish settings, but sensitive information contained
 # in these scripts will be unencrypted
 PublishScripts/
 # NuGet Packages
 *.nupkg
 # The packages folder can be ignored because of Package Restore
 **/[Pp]ackages/*
 # except build/, which is used as an MSBuild target.
 !**/[Pp]ackages/build/
 # Uncomment if necessary however generally it will be regenerated when needed
 #!**/[Pp]ackages/repositories.config
 # NuGet v3's project.json files produces more ignorable files
 *.nuget.props
 *.nuget.targets
 # Microsoft Azure Build Output
 csx/
 *.build.csdef
 # Microsoft Azure Emulator
 ecf/
 rcf/
 # Windows Store app package directories and files
 AppPackages/
 BundleArtifacts/
 Package.StoreAssociation.xml
 _pkginfo.txt
 *.appx
 # Visual Studio cache files
 # files ending in .cache can be ignored
 *.[Cc]ache
 # but keep track of directories ending in .cache
 !*.[Cc]ache/
 # Others
 ClientBin/
 ~$*
 *~
 *.dbmdl
 *.dbproj.schemaview
 *.jfm
 *.pfx
 *.publishsettings
 orleans.codegen.cs
 # Including strong name files can present a security risk 
 # (https://github.com/github/gitignore/pull/2483#issue-259490424)
 #*.snk
 # Since there are multiple workflows, uncomment next line to ignore bower_components
 # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
 #bower_components/
 # RIA/Silverlight projects
 Generated_Code/
 # Backup & report files from converting an old project file
 # to a newer Visual Studio version. Backup files are not needed,
 # because we have git ;-)
 _UpgradeReport_Files/
 Backup*/
 UpgradeLog*.XML
 UpgradeLog*.htm
 ServiceFabricBackup/
 *.rptproj.bak
 # SQL Server files
 *.mdf
 *.ldf
 *.ndf
 # Business Intelligence projects
 *.rdl.data
 *.bim.layout
 *.bim_*.settings
 *.rptproj.rsuser
 # Microsoft Fakes
 FakesAssemblies/
 # GhostDoc plugin setting file
 *.GhostDoc.xml
 # Node.js Tools for Visual Studio
 .ntvs_analysis.dat
 node_modules/
 # Visual Studio 6 build log
 *.plg
 # Visual Studio 6 workspace options file
 *.opt
 # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
 *.vbw
 # Visual Studio LightSwitch build output
 **/*.HTMLClient/GeneratedArtifacts
 **/*.DesktopClient/GeneratedArtifacts
 **/*.DesktopClient/ModelManifest.xml
 **/*.Server/GeneratedArtifacts
 **/*.Server/ModelManifest.xml
 _Pvt_Extensions
 # Paket dependency manager
 .paket/paket.exe
 paket-files/
 # FAKE - F# Make
 .fake/
 # JetBrains Rider
 .idea/
 *.sln.iml
 # CodeRush
 .cr/
 # Python Tools for Visual Studio (PTVS)
 __pycache__/
 *.pyc
 # Cake - Uncomment if you are using it
 # tools/**
 # !tools/packages.config
 # Tabs Studio
 *.tss
 # Telerik's JustMock configuration file
 *.jmconfig
 # BizTalk build output
 *.btp.cs
 *.btm.cs
 *.odx.cs
 *.xsd.cs
 # OpenCover UI analysis results
 OpenCover/
 # Azure Stream Analytics local run output 
 ASALocalRun/
 # MSBuild Binary and Structured Log
 *.binlog
 # NVidia Nsight GPU debugger configuration file
 *.nvuser
 # MFractors (Xamarin productivity tool) working folder 
 .mfractor/
--- a/icecat/dom/webauthn/winwebauthn/README.md
+++ b/icecat/dom/webauthn/winwebauthn/README.md
@ -1,20 +1,16 @@
 # Description
-## WebAuthn Specification APIs
+This project includes Win32 headers for communicating to Windows Hello and external secruity keys as part of WebAuthn and CTAP specification.
-Win32 APIs for performing operations corresponding to WebAuthn (https://w3c.github.io/webauthn) specification are present in following files.
+For more details about the standards, please follow these links:
- webauthn.h
+* WebAuthn: https://w3c.github.io/webauthn/
 * CTAP: https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html
 ## Plugin Passkey Authenticators Implementation APIs/Interfaces
 APIs, interfaces and helper functions for passkey plugin authenticator implementators are present in following files
 - pluginauthenticator.idl
 - pluginauthenticator.h
 - webauthnplugin.h
 # Having Issues?
 If you have any issues in adopting these APIs or need some clarification, please contact fido-dev@microsoft.com.
 # Contributing
 This project welcomes contributions and suggestions.  Most contributions require you to agree to a
--- a/icecat/dom/webauthn/winwebauthn/moz.yaml
+++ b/icecat/dom/webauthn/winwebauthn/moz.yaml
@ -1,26 +0,0 @@
 schema: 1
 bugzilla:
  product: Core
  component: "DOM: Web Authentication"
 origin:
  name: Microsoft WebAuthn
  description: Win32 APIs for WebAuthn
  url: https://github.com/microsoft/webauthn
  release: 9108981ca80b3c6788fa598708dcf3cb10220ad7
  revision: 9108981ca80b3c6788fa598708dcf3cb10220ad7
  license: MIT
 vendoring:
  url: https://github.com/microsoft/webauthn
  source-hosting: github
  vendor-directory: dom/webauthn/winwebauthn
  exclude:
    - "**"
  include:
    - LICENSE
    - README.md
    - webauthn.h
--- a/icecat/dom/webauthn/winwebauthn/webauthn.h
+++ b/icecat/dom/webauthn/winwebauthn/webauthn.h
@ -95,7 +95,6 @@ extern "C" {
 //          - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS    :   5
 //          - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS      :   6
 //          - WEBAUTHN_ASSERTION                                :   3
 //          - WEBAUTHN_GET_CREDENTIALS_OPTIONS                  :   1
 //          - WEBAUTHN_CREDENTIAL_DETAILS                       :   1
 //      APIs:
 //          - WebAuthNGetPlatformCredentialList
@ -128,30 +127,7 @@ extern "C" {
 //          - WEBAUTHN_CREDENTIAL_ATTESTATION                   :   6
 //          - WEBAUTHN_ASSERTION                                :   5
-#define WEBAUTHN_API_VERSION_8          8
+#define WEBAUTHN_API_CURRENT_VERSION    WEBAUTHN_API_VERSION_7
 // WEBAUTHN_API_VERSION_8 : Delta From WEBAUTHN_API_VERSION_7
 //      Data Structures and their sub versions:
 //          - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS    :   8
 //          - WEBAUTHN_CREDENTIAL_DETAILS                       :   3
 //          - WEBAUTHN_CREDENTIAL_ATTESTATION                   :   7
 //          - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS      :   8
 //
 #define WEBAUTHN_API_VERSION_9          9
 // WEBAUTHN_API_VERSION_9 : Delta From WEBAUTHN_API_VERSION_8
 //      Data Structures and their sub versions:
 //          - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS    :   9
 //          - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS      :   9
 //          - WEBAUTHN_ASSERTION                                :   6
 //          - WEBAUTHN_CREDENTIAL_DETAILS                       :   4
 //          - WEBAUTHN_CREDENTIAL_ATTESTATION                   :   8
 //          - WEBAUTHN_AUTHENTICATOR_DETAILS                    :   1
 //          - WEBAUTHN_AUTHENTICATOR_DETAILS_LIST               :   Not Applicable
 //      APIs:
 //          - WebAuthNGetAuthenticatorList
 //          - WebAuthNFreeAuthenticatorList
 #define WEBAUTHN_API_CURRENT_VERSION    WEBAUTHN_API_VERSION_9
 //+------------------------------------------------------------------------------------------
 // Information about an RP Entity
@ -171,7 +147,7 @@ typedef struct _WEBAUTHN_RP_ENTITY_INFORMATION {
    // This field is required.
    PCWSTR pwszName;
-    // Optional URL pointing to RP's logo.
+    // Optional URL pointing to RP's logo. 
    PCWSTR pwszIcon;
 } WEBAUTHN_RP_ENTITY_INFORMATION, *PWEBAUTHN_RP_ENTITY_INFORMATION;
 typedef const WEBAUTHN_RP_ENTITY_INFORMATION *PCWEBAUTHN_RP_ENTITY_INFORMATION;
@ -307,15 +283,7 @@ typedef const WEBAUTHN_CREDENTIALS *PCWEBAUTHN_CREDENTIALS;
 #define WEBAUTHN_CTAP_TRANSPORT_TEST        0x00000008
 #define WEBAUTHN_CTAP_TRANSPORT_INTERNAL    0x00000010
 #define WEBAUTHN_CTAP_TRANSPORT_HYBRID      0x00000020
-#define WEBAUTHN_CTAP_TRANSPORT_SMART_CARD  0x00000040
+#define WEBAUTHN_CTAP_TRANSPORT_FLAGS_MASK  0x0000003F
 #define WEBAUTHN_CTAP_TRANSPORT_FLAGS_MASK  0x0000007F
 #define WEBAUTHN_CTAP_TRANSPORT_USB_STRING          "usb"
 #define WEBAUTHN_CTAP_TRANSPORT_NFC_STRING          "nfc"
 #define WEBAUTHN_CTAP_TRANSPORT_BLE_STRING          "ble"
 #define WEBAUTHN_CTAP_TRANSPORT_SMART_CARD_STRING   "smart-card"
 #define WEBAUTHN_CTAP_TRANSPORT_HYBRID_STRING       "hybrid"
 #define WEBAUTHN_CTAP_TRANSPORT_INTERNAL_STRING     "internal"
 #define WEBAUTHN_CREDENTIAL_EX_CURRENT_VERSION                         1
@ -355,7 +323,6 @@ typedef const WEBAUTHN_CREDENTIAL_LIST *PCWEBAUTHN_CREDENTIAL_LIST;
 #define CTAPCBOR_HYBRID_STORAGE_LINKED_DATA_VERSION_1       1
 #define CTAPCBOR_HYBRID_STORAGE_LINKED_DATA_CURRENT_VERSION CTAPCBOR_HYBRID_STORAGE_LINKED_DATA_VERSION_1
 // Deprecated
 typedef struct _CTAPCBOR_HYBRID_STORAGE_LINKED_DATA
 {
    // Version
@ -389,65 +356,13 @@ typedef struct _CTAPCBOR_HYBRID_STORAGE_LINKED_DATA
 } CTAPCBOR_HYBRID_STORAGE_LINKED_DATA, *PCTAPCBOR_HYBRID_STORAGE_LINKED_DATA;
 typedef const CTAPCBOR_HYBRID_STORAGE_LINKED_DATA *PCCTAPCBOR_HYBRID_STORAGE_LINKED_DATA;
 //+------------------------------------------------------------------------------------------
 // Authenticator Information for WebAuthNGetAuthenticatorList API
 //-------------------------------------------------------------------------------------------
 #define WEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS_VERSION_1          1
 #define WEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS_CURRENT_VERSION    WEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS_VERSION_1
 typedef struct _WEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS {
    // Version of this structure, to allow for modifications in the future.
    DWORD dwVersion;
 } WEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS;
 typedef const WEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS;
 #define WEBAUTHN_AUTHENTICATOR_DETAILS_VERSION_1         1
 #define WEBAUTHN_AUTHENTICATOR_DETAILS_CURRENT_VERSION   WEBAUTHN_AUTHENTICATOR_DETAILS_VERSION_1
 typedef struct _WEBAUTHN_AUTHENTICATOR_DETAILS {
    // Version of this structure, to allow for modifications in the future.
    DWORD dwVersion;
    // Authenticator ID
    DWORD cbAuthenticatorId;
    _Field_size_bytes_(cbAuthenticatorId)
    PBYTE pbAuthenticatorId;
    // Authenticator Name
    PCWSTR pwszAuthenticatorName;
    // Authenticator logo (expected to be in SVG format)
    DWORD cbAuthenticatorLogo;
    _Field_size_bytes_(cbAuthenticatorLogo)
    PBYTE pbAuthenticatorLogo;
    // Is the authenticator currently locked? When locked, this authenticator's credentials
    // might not be present or updated in WebAuthNGetPlatformCredentialList.
    BOOL bLocked;
 } WEBAUTHN_AUTHENTICATOR_DETAILS, *PWEBAUTHN_AUTHENTICATOR_DETAILS;
 typedef const WEBAUTHN_AUTHENTICATOR_DETAILS *PCWEBAUTHN_AUTHENTICATOR_DETAILS;
 typedef struct _WEBAUTHN_AUTHENTICATOR_DETAILS_LIST {
    // Authenticator Details
    DWORD cAuthenticatorDetails;
    _Field_size_(cAuthenticatorDetails)
    PWEBAUTHN_AUTHENTICATOR_DETAILS *ppAuthenticatorDetails;
 } WEBAUTHN_AUTHENTICATOR_DETAILS_LIST, *PWEBAUTHN_AUTHENTICATOR_DETAILS_LIST;
 typedef const WEBAUTHN_AUTHENTICATOR_DETAILS_LIST *PCWEBAUTHN_AUTHENTICATOR_DETAILS_LIST;
 //+------------------------------------------------------------------------------------------
 // Credential Information for WebAuthNGetPlatformCredentialList API
 //-------------------------------------------------------------------------------------------
 #define WEBAUTHN_CREDENTIAL_DETAILS_VERSION_1           1
 #define WEBAUTHN_CREDENTIAL_DETAILS_VERSION_2           2
-#define WEBAUTHN_CREDENTIAL_DETAILS_VERSION_3           3
+#define WEBAUTHN_CREDENTIAL_DETAILS_CURRENT_VERSION     WEBAUTHN_CREDENTIAL_DETAILS_VERSION_2
 #define WEBAUTHN_CREDENTIAL_DETAILS_VERSION_4           4
 #define WEBAUTHN_CREDENTIAL_DETAILS_CURRENT_VERSION     WEBAUTHN_CREDENTIAL_DETAILS_VERSION_4
 typedef struct _WEBAUTHN_CREDENTIAL_DETAILS {
    // Version of this structure, to allow for modifications in the future.
@ -473,27 +388,6 @@ typedef struct _WEBAUTHN_CREDENTIAL_DETAILS {
    // Backed Up or not.
    BOOL bBackedUp;
    //
    // The following fields have been added in WEBAUTHN_CREDENTIAL_DETAILS_VERSION_3
    //
    PCWSTR pwszAuthenticatorName;
    // The logo is expected to be in the svg format
    DWORD cbAuthenticatorLogo;
    _Field_size_bytes_(cbAuthenticatorLogo)
    PBYTE pbAuthenticatorLogo;
    // ThirdPartyPayment Credential or not.
    BOOL bThirdPartyPayment;
    //
    // The following fields have been added in WEBAUTHN_CREDENTIAL_DETAILS_VERSION_4
    //
    // Applicable Transports
    DWORD dwTransports;
 } WEBAUTHN_CREDENTIAL_DETAILS, *PWEBAUTHN_CREDENTIAL_DETAILS;
 typedef const WEBAUTHN_CREDENTIAL_DETAILS *PCWEBAUTHN_CREDENTIAL_DETAILS;
@ -699,10 +593,6 @@ typedef const WEBAUTHN_EXTENSIONS *PCWEBAUTHN_EXTENSIONS;
 #define WEBAUTHN_LARGE_BLOB_SUPPORT_REQUIRED                                1
 #define WEBAUTHN_LARGE_BLOB_SUPPORT_PREFERRED                               2
 #define WEBAUTHN_CREDENTIAL_HINT_SECURITY_KEY                               L"security-key"
 #define WEBAUTHN_CREDENTIAL_HINT_CLIENT_DEVICE                              L"client-device"
 #define WEBAUTHN_CREDENTIAL_HINT_HYBRID                                     L"hybrid"
 #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_1            1
 #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_2            2
 #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_3            3
@ -710,9 +600,7 @@ typedef const WEBAUTHN_EXTENSIONS *PCWEBAUTHN_EXTENSIONS;
 #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_5            5
 #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_6            6
 #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_7            7
-#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_8            8
+#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_CURRENT_VERSION      WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_7
 #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_9            9
 #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_CURRENT_VERSION      WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_9
 typedef struct _WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS {
    // Version of this structure, to allow for modifications in the future.
@ -792,7 +680,6 @@ typedef struct _WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS {
    // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_7
    //
    // Deprecated
    // Optional. Linked Device Connection Info.
    PCTAPCBOR_HYBRID_STORAGE_LINKED_DATA pLinkedDevice;
@ -800,41 +687,6 @@ typedef struct _WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS {
    DWORD cbJsonExt;
    _Field_size_bytes_(cbJsonExt)
    PBYTE pbJsonExt;
    //
    // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_8
    //
    // PRF extension "eval" values which will be converted into HMAC-SECRET values according to WebAuthn Spec.
    // Set WEBAUTHN_AUTHENTICATOR_HMAC_SECRET_VALUES_FLAG in dwFlags above, if caller wants to provide RAW Hmac-Secret SALT values directly.
    // In that case, values provided MUST be of WEBAUTHN_CTAP_ONE_HMAC_SECRET_LENGTH size.
    PWEBAUTHN_HMAC_SECRET_SALT pPRFGlobalEval;
    // PublicKeyCredentialHints (https://w3c.github.io/webauthn/#enum-hints)
    DWORD cCredentialHints;
    _Field_size_(cCredentialHints)
    LPCWSTR *ppwszCredentialHints;
    // Enable ThirdPartyPayment
    BOOL bThirdPartyPayment;
    //
    // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_9
    //
    // Web Origin. For Remote Web App scenario.
    PCWSTR pwszRemoteWebOrigin;
    // UTF-8 encoded JSON serialization of the PublicKeyCredentialCreationOptions.
    DWORD cbPublicKeyCredentialCreationOptionsJSON;
    _Field_size_bytes_(cbPublicKeyCredentialCreationOptionsJSON)
    PBYTE pbPublicKeyCredentialCreationOptionsJSON;
    // Authenticator ID got from WebAuthNGetAuthenticatorList API.
    DWORD cbAuthenticatorId;
    _Field_size_bytes_(cbAuthenticatorId)
    PBYTE pbAuthenticatorId;
 } WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS;
 typedef const WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS;
@ -850,9 +702,7 @@ typedef const WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS *PCWEBAUTHN_AUTHENT
 #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_5          5
 #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_6          6
 #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_7          7
-#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_8          8
+#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_CURRENT_VERSION    WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_7
 #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_9          9
 #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_CURRENT_VERSION    WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_9
 /*
    Information about flags.
@ -933,7 +783,6 @@ typedef struct _WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS {
    // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_7
    //
    // Deprecated
    // Optional. Linked Device Connection Info.
    PCTAPCBOR_HYBRID_STORAGE_LINKED_DATA pLinkedDevice;
@ -944,33 +793,6 @@ typedef struct _WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS {
    DWORD cbJsonExt;
    _Field_size_bytes_(cbJsonExt)
    PBYTE pbJsonExt;
    //
    // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_8
    //
    // PublicKeyCredentialHints (https://w3c.github.io/webauthn/#enum-hints)
    DWORD cCredentialHints;
    _Field_size_(cCredentialHints)
    LPCWSTR *ppwszCredentialHints;
    //
    // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_9
    //
    // Web Origin. For Remote Web App scenario.
    PCWSTR pwszRemoteWebOrigin;
    // UTF-8 encoded JSON serialization of the PublicKeyCredentialRequestOptions.
    DWORD cbPublicKeyCredentialRequestOptionsJSON;
    _Field_size_bytes_(cbPublicKeyCredentialRequestOptionsJSON)
    PBYTE pbPublicKeyCredentialRequestOptionsJSON;
    // Authenticator ID got from WebAuthNGetAuthenticatorList API.
    DWORD cbAuthenticatorId;
    _Field_size_bytes_(cbAuthenticatorId)
    PBYTE pbAuthenticatorId;
 } WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS,  *PWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS;
 typedef const WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS  *PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS;
@ -1049,9 +871,7 @@ typedef const WEBAUTHN_COMMON_ATTESTATION *PCWEBAUTHN_COMMON_ATTESTATION;
 #define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4               4
 #define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_5               5
 #define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_6               6
-#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_7               7
+#define WEBAUTHN_CREDENTIAL_ATTESTATION_CURRENT_VERSION         WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_6
 #define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_8               8
 #define WEBAUTHN_CREDENTIAL_ATTESTATION_CURRENT_VERSION         WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_8
 typedef struct _WEBAUTHN_CREDENTIAL_ATTESTATION {
    // Version of this structure, to allow for modifications in the future.
@ -1127,34 +947,6 @@ typedef struct _WEBAUTHN_CREDENTIAL_ATTESTATION {
    DWORD cbUnsignedExtensionOutputs;
    _Field_size_bytes_(cbUnsignedExtensionOutputs)
    PBYTE pbUnsignedExtensionOutputs;
    //
    // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_7
    //
    PWEBAUTHN_HMAC_SECRET_SALT pHmacSecret;
    // ThirdPartyPayment Credential or not.
    BOOL bThirdPartyPayment;
    //
    // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_8
    //
    // Multiple WEBAUTHN_CTAP_TRANSPORT_* bits will be set corresponding to
    // the transports that are supported.
    DWORD dwTransports;
    // UTF-8 encoded JSON serialization of the client data.
    DWORD cbClientDataJSON;
    _Field_size_bytes_(cbClientDataJSON)
    PBYTE pbClientDataJSON;
    // UTF-8 encoded JSON serialization of the RegistrationResponse.
    DWORD cbRegistrationResponseJSON;
    _Field_size_bytes_(cbRegistrationResponseJSON)
    PBYTE pbRegistrationResponseJSON;
 } WEBAUTHN_CREDENTIAL_ATTESTATION, *PWEBAUTHN_CREDENTIAL_ATTESTATION;
 typedef const WEBAUTHN_CREDENTIAL_ATTESTATION *PCWEBAUTHN_CREDENTIAL_ATTESTATION;
@ -1179,8 +971,7 @@ typedef const WEBAUTHN_CREDENTIAL_ATTESTATION *PCWEBAUTHN_CREDENTIAL_ATTESTATION
 #define WEBAUTHN_ASSERTION_VERSION_3                            3
 #define WEBAUTHN_ASSERTION_VERSION_4                            4
 #define WEBAUTHN_ASSERTION_VERSION_5                            5
-#define WEBAUTHN_ASSERTION_VERSION_6                            6
+#define WEBAUTHN_ASSERTION_CURRENT_VERSION                      WEBAUTHN_ASSERTION_VERSION_5
 #define WEBAUTHN_ASSERTION_CURRENT_VERSION                      WEBAUTHN_ASSERTION_VERSION_6
 typedef struct _WEBAUTHN_ASSERTION {
    // Version of this structure, to allow for modifications in the future.
@ -1241,21 +1032,6 @@ typedef struct _WEBAUTHN_ASSERTION {
    DWORD cbUnsignedExtensionOutputs;
    _Field_size_bytes_(cbUnsignedExtensionOutputs)
    PBYTE pbUnsignedExtensionOutputs;
    //
    // Following fields have been added in WEBAUTHN_ASSERTION_VERSION_6
    //
    // UTF-8 encoded JSON serialization of the client data.
    DWORD cbClientDataJSON;
    _Field_size_bytes_(cbClientDataJSON)
    PBYTE pbClientDataJSON;
    // UTF-8 encoded JSON serialization of the AuthenticationResponse.
    DWORD cbAuthenticationResponseJSON;
    _Field_size_bytes_(cbAuthenticationResponseJSON)
    PBYTE pbAuthenticationResponseJSON;
 } WEBAUTHN_ASSERTION, *PWEBAUTHN_ASSERTION;
 typedef const WEBAUTHN_ASSERTION *PCWEBAUTHN_ASSERTION;
@ -1333,18 +1109,6 @@ WebAuthNDeletePlatformCredential(
    _In_reads_bytes_(cbCredentialId) const BYTE *pbCredentialId
    );
 // Returns NTE_NOT_FOUND when authenticator details are not found.
 HRESULT
 WINAPI
 WebAuthNGetAuthenticatorList(
    _In_opt_ PCWEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS pWebAuthNGetAuthenticatorListOptions,
    _Outptr_result_maybenull_ PWEBAUTHN_AUTHENTICATOR_DETAILS_LIST* ppAuthenticatorDetailsList);
 void
 WINAPI
 WebAuthNFreeAuthenticatorList(
    _In_ PWEBAUTHN_AUTHENTICATOR_DETAILS_LIST pAuthenticatorDetailsList);
 //
 // Returns the following Error Names:
 //  L"Success"              - S_OK
--- a/icecat/dom/webidl/CredentialManagement.webidl
+++ b/icecat/dom/webidl/CredentialManagement.webidl
@ -50,7 +50,6 @@ enum CredentialMediationRequirement {
 };
 dictionary CredentialCreationOptions {
  CredentialMediationRequirement mediation = "optional";
  // This is taken from the partial definition in
  // https://w3c.github.io/webauthn/#sctn-credentialcreationoptions-extension
  [Pref="security.webauth.webauthn"]
--- a/icecat/dom/webidl/WebAuthentication.webidl
+++ b/icecat/dom/webidl/WebAuthentication.webidl
@ -177,7 +177,6 @@ dictionary PublicKeyCredentialCreationOptions {
    sequence<PublicKeyCredentialDescriptor>      excludeCredentials = [];
    // FIXME: bug 1493860: should this "= {}" be here?
    AuthenticatorSelectionCriteria               authenticatorSelection = {};
    sequence<DOMString>                          hints = [];
    DOMString                                    attestation = "none";
    // FIXME: bug 1493860: should this "= {}" be here?
    AuthenticationExtensionsClientInputs         extensions = {};
@ -209,7 +208,6 @@ dictionary PublicKeyCredentialRequestOptions {
    USVString                            rpId;
    sequence<PublicKeyCredentialDescriptor> allowCredentials = [];
    DOMString                            userVerification = "preferred";
    sequence<DOMString>                  hints = [];
    // FIXME: bug 1493860: should this "= {}" be here?
    AuthenticationExtensionsClientInputs extensions = {};
 };
--- a/icecat/dom/webtransport/parent/WebTransportParent.h
+++ b/icecat/dom/webtransport/parent/WebTransportParent.h
@ -103,11 +103,9 @@ class WebTransportParent : public PWebTransportParent,
    OnResetOrStopSendingCallback mCallback;
    nsCOMPtr<T> mStream;
  };
-  nsTHashMap<NoMemMoveKey<nsUint64HashKey>,
+  nsTHashMap<nsUint64HashKey, StreamHash<nsIWebTransportBidirectionalStream>>
             StreamHash<nsIWebTransportBidirectionalStream>>
      mBidiStreamCallbackMap;
-  nsTHashMap<NoMemMoveKey<nsUint64HashKey>,
+  nsTHashMap<nsUint64HashKey, StreamHash<nsIWebTransportSendStream>>
             StreamHash<nsIWebTransportSendStream>>
      mUniStreamCallbackMap;
 };
--- a/Show more
+++ b/Show more