diff --git a/b2g/config/aries/sources.xml b/b2g/config/aries/sources.xml
index eed3491c810..ad04f544d3d 100644
--- a/b2g/config/aries/sources.xml
+++ b/b2g/config/aries/sources.xml
@@ -15,7 +15,7 @@
   <project name="platform_build" path="build" remote="b2g" revision="e862ab9177af664f00b4522e2350f4cb13866d73">
     <copyfile dest="Makefile" src="core/root.mk"/>
   </project>
-  <project name="gaia" path="gaia" remote="mozillaorg" revision="8a1e4ae522c121c5cacd39b20a5386ec9055db82"/>
+  <project name="gaia" path="gaia" remote="mozillaorg" revision="0b166043ef2a1f235a4d7d4f40a51b625784195a"/>
   <project name="fake-libdvm" path="dalvik" remote="b2g" revision="d50ae982b19f42f0b66d08b9eb306be81687869f"/>
   <project name="gonk-misc" path="gonk-misc" remote="b2g" revision="3477513bcd385571aa01c0d074849e35bd5e2376"/>
   <project name="librecovery" path="librecovery" remote="b2g" revision="1b3591a50ed352fc6ddb77462b7b35d0bfa555a3"/>
@@ -23,7 +23,7 @@
   <project name="rilproxy" path="rilproxy" remote="b2g" revision="5ef30994f4778b4052e58a4383dbe7890048c87e"/>
   <project name="valgrind" path="external/valgrind" remote="b2g" revision="daa61633c32b9606f58799a3186395fd2bbb8d8c"/>
   <project name="vex" path="external/VEX" remote="b2g" revision="47f031c320888fe9f3e656602588565b52d43010"/>
-  <project name="apitrace" path="external/apitrace" remote="apitrace" revision="0a749b6475889d1f7db8da4385c77aadfe5b06d5"/>
+  <project name="apitrace" path="external/apitrace" remote="apitrace" revision="1ec161cddbdc631508816d74b0978a7aeba56e78"/>
   <!-- Stock Android things -->
   <project groups="linux" name="platform/prebuilts/gcc/linux-x86/host/i686-linux-glibc2.7-4.6" path="prebuilts/gcc/linux-x86/host/i686-linux-glibc2.7-4.6" revision="95bb5b66b3ec5769c3de8d3f25d681787418e7d2"/>
   <project groups="linux" name="platform/prebuilts/gcc/linux-x86/host/x86_64-linux-glibc2.7-4.6" path="prebuilts/gcc/linux-x86/host/x86_64-linux-glibc2.7-4.6" revision="ebdad82e61c16772f6cd47e9f11936bf6ebe9aa0"/>
diff --git a/b2g/config/dolphin/sources.xml b/b2g/config/dolphin/sources.xml
index 2e2d2282515..551ff94eb23 100644
--- a/b2g/config/dolphin/sources.xml
+++ b/b2g/config/dolphin/sources.xml
@@ -15,7 +15,7 @@
   <project name="platform_build" path="build" remote="b2g" revision="e862ab9177af664f00b4522e2350f4cb13866d73">
     <copyfile dest="Makefile" src="core/root.mk"/>
   </project>
-  <project name="gaia" path="gaia" remote="mozillaorg" revision="8a1e4ae522c121c5cacd39b20a5386ec9055db82"/>
+  <project name="gaia" path="gaia" remote="mozillaorg" revision="0b166043ef2a1f235a4d7d4f40a51b625784195a"/>
   <project name="fake-libdvm" path="dalvik" remote="b2g" revision="d50ae982b19f42f0b66d08b9eb306be81687869f"/>
   <project name="gonk-misc" path="gonk-misc" remote="b2g" revision="3477513bcd385571aa01c0d074849e35bd5e2376"/>
   <project name="librecovery" path="librecovery" remote="b2g" revision="1b3591a50ed352fc6ddb77462b7b35d0bfa555a3"/>
@@ -23,7 +23,7 @@
   <project name="rilproxy" path="rilproxy" remote="b2g" revision="5ef30994f4778b4052e58a4383dbe7890048c87e"/>
   <project name="valgrind" path="external/valgrind" remote="b2g" revision="daa61633c32b9606f58799a3186395fd2bbb8d8c"/>
   <project name="vex" path="external/VEX" remote="b2g" revision="47f031c320888fe9f3e656602588565b52d43010"/>
-  <project name="apitrace" path="external/apitrace" remote="apitrace" revision="0a749b6475889d1f7db8da4385c77aadfe5b06d5"/>
+  <project name="apitrace" path="external/apitrace" remote="apitrace" revision="1ec161cddbdc631508816d74b0978a7aeba56e78"/>
   <!-- Stock Android things -->
   <project groups="linux" name="platform/prebuilts/gcc/linux-x86/host/i686-linux-glibc2.7-4.6" path="prebuilts/gcc/linux-x86/host/i686-linux-glibc2.7-4.6" revision="95bb5b66b3ec5769c3de8d3f25d681787418e7d2"/>
   <project groups="linux" name="platform/prebuilts/gcc/linux-x86/host/x86_64-linux-glibc2.7-4.6" path="prebuilts/gcc/linux-x86/host/x86_64-linux-glibc2.7-4.6" revision="ebdad82e61c16772f6cd47e9f11936bf6ebe9aa0"/>
diff --git a/b2g/config/emulator-ics/sources.xml b/b2g/config/emulator-ics/sources.xml
index 3d66b8d27a4..b45c2f396fc 100644
--- a/b2g/config/emulator-ics/sources.xml
+++ b/b2g/config/emulator-ics/sources.xml
@@ -19,7 +19,7 @@
     <copyfile dest="Makefile" src="core/root.mk"/>
   </project>
   <project name="fake-dalvik" path="dalvik" remote="b2g" revision="ca1f327d5acc198bb4be62fa51db2c039032c9ce"/>
-  <project name="gaia.git" path="gaia" remote="mozillaorg" revision="8a1e4ae522c121c5cacd39b20a5386ec9055db82"/>
+  <project name="gaia.git" path="gaia" remote="mozillaorg" revision="0b166043ef2a1f235a4d7d4f40a51b625784195a"/>
   <project name="gonk-misc" path="gonk-misc" remote="b2g" revision="3477513bcd385571aa01c0d074849e35bd5e2376"/>
   <project name="rilproxy" path="rilproxy" remote="b2g" revision="5ef30994f4778b4052e58a4383dbe7890048c87e"/>
   <project name="platform_hardware_ril" path="hardware/ril" remote="b2g" revision="87a2d8ab9248540910e56921654367b78a587095"/>
diff --git a/b2g/config/emulator-jb/sources.xml b/b2g/config/emulator-jb/sources.xml
index baca4017103..87dcf02876a 100644
--- a/b2g/config/emulator-jb/sources.xml
+++ b/b2g/config/emulator-jb/sources.xml
@@ -17,10 +17,10 @@
   </project>
   <project name="rilproxy" path="rilproxy" remote="b2g" revision="5ef30994f4778b4052e58a4383dbe7890048c87e"/>
   <project name="fake-libdvm" path="dalvik" remote="b2g" revision="d50ae982b19f42f0b66d08b9eb306be81687869f"/>
-  <project name="gaia" path="gaia" remote="mozillaorg" revision="8a1e4ae522c121c5cacd39b20a5386ec9055db82"/>
+  <project name="gaia" path="gaia" remote="mozillaorg" revision="0b166043ef2a1f235a4d7d4f40a51b625784195a"/>
   <project name="gonk-misc" path="gonk-misc" remote="b2g" revision="3477513bcd385571aa01c0d074849e35bd5e2376"/>
   <project name="moztt" path="external/moztt" remote="b2g" revision="46da1a05ac04157669685246d70ac59d48699c9e"/>
-  <project name="apitrace" path="external/apitrace" remote="apitrace" revision="0a749b6475889d1f7db8da4385c77aadfe5b06d5"/>
+  <project name="apitrace" path="external/apitrace" remote="apitrace" revision="1ec161cddbdc631508816d74b0978a7aeba56e78"/>
   <project name="valgrind" path="external/valgrind" remote="b2g" revision="daa61633c32b9606f58799a3186395fd2bbb8d8c"/>
   <project name="vex" path="external/VEX" remote="b2g" revision="47f031c320888fe9f3e656602588565b52d43010"/>
   <!-- Stock Android things -->
diff --git a/b2g/config/emulator-kk/sources.xml b/b2g/config/emulator-kk/sources.xml
index ba3b8d939cd..7902ffd5fa6 100644
--- a/b2g/config/emulator-kk/sources.xml
+++ b/b2g/config/emulator-kk/sources.xml
@@ -15,7 +15,7 @@
   <project name="platform_build" path="build" remote="b2g" revision="e862ab9177af664f00b4522e2350f4cb13866d73">
     <copyfile dest="Makefile" src="core/root.mk"/>
   </project>
-  <project name="gaia" path="gaia" remote="mozillaorg" revision="8a1e4ae522c121c5cacd39b20a5386ec9055db82"/>
+  <project name="gaia" path="gaia" remote="mozillaorg" revision="0b166043ef2a1f235a4d7d4f40a51b625784195a"/>
   <project name="fake-libdvm" path="dalvik" remote="b2g" revision="d50ae982b19f42f0b66d08b9eb306be81687869f"/>
   <project name="gonk-misc" path="gonk-misc" remote="b2g" revision="3477513bcd385571aa01c0d074849e35bd5e2376"/>
   <project name="librecovery" path="librecovery" remote="b2g" revision="1b3591a50ed352fc6ddb77462b7b35d0bfa555a3"/>
@@ -23,7 +23,7 @@
   <project name="rilproxy" path="rilproxy" remote="b2g" revision="5ef30994f4778b4052e58a4383dbe7890048c87e"/>
   <project name="valgrind" path="external/valgrind" remote="b2g" revision="daa61633c32b9606f58799a3186395fd2bbb8d8c"/>
   <project name="vex" path="external/VEX" remote="b2g" revision="47f031c320888fe9f3e656602588565b52d43010"/>
-  <project name="apitrace" path="external/apitrace" remote="apitrace" revision="0a749b6475889d1f7db8da4385c77aadfe5b06d5"/>
+  <project name="apitrace" path="external/apitrace" remote="apitrace" revision="1ec161cddbdc631508816d74b0978a7aeba56e78"/>
   <!-- Stock Android things -->
   <project groups="linux" name="platform/prebuilts/gcc/linux-x86/host/i686-linux-glibc2.7-4.6" path="prebuilts/gcc/linux-x86/host/i686-linux-glibc2.7-4.6" revision="f92a936f2aa97526d4593386754bdbf02db07a12"/>
   <project groups="linux" name="platform/prebuilts/gcc/linux-x86/host/x86_64-linux-glibc2.7-4.6" path="prebuilts/gcc/linux-x86/host/x86_64-linux-glibc2.7-4.6" revision="6e47ff2790f5656b5b074407829ceecf3e6188c4"/>
diff --git a/b2g/config/emulator-l/sources.xml b/b2g/config/emulator-l/sources.xml
index dae84b6e1ad..129a6667ec2 100644
--- a/b2g/config/emulator-l/sources.xml
+++ b/b2g/config/emulator-l/sources.xml
@@ -15,7 +15,7 @@
   <project name="platform_build" path="build" remote="b2g" revision="61e82f99bb8bc78d52b5717e9a2481ec7267fa33">
     <copyfile dest="Makefile" src="core/root.mk"/>
   </project>
-  <project name="gaia" path="gaia" remote="mozillaorg" revision="8a1e4ae522c121c5cacd39b20a5386ec9055db82"/>
+  <project name="gaia" path="gaia" remote="mozillaorg" revision="0b166043ef2a1f235a4d7d4f40a51b625784195a"/>
   <project name="fake-libdvm" path="dalvik" remote="b2g" revision="d50ae982b19f42f0b66d08b9eb306be81687869f"/>
   <project name="gonk-misc" path="gonk-misc" remote="b2g" revision="3477513bcd385571aa01c0d074849e35bd5e2376"/>
   <project name="librecovery" path="librecovery" remote="b2g" revision="1b3591a50ed352fc6ddb77462b7b35d0bfa555a3"/>
@@ -23,7 +23,7 @@
   <project name="rilproxy" path="rilproxy" remote="b2g" revision="5ef30994f4778b4052e58a4383dbe7890048c87e"/>
   <project name="valgrind" path="external/valgrind" remote="b2g" revision="daa61633c32b9606f58799a3186395fd2bbb8d8c"/>
   <project name="vex" path="external/VEX" remote="b2g" revision="47f031c320888fe9f3e656602588565b52d43010"/>
-  <project name="apitrace" path="external/apitrace" remote="apitrace" revision="0a749b6475889d1f7db8da4385c77aadfe5b06d5"/>
+  <project name="apitrace" path="external/apitrace" remote="apitrace" revision="1ec161cddbdc631508816d74b0978a7aeba56e78"/>
   <!-- Stock Android things -->
   <project groups="pdk,linux" name="platform/prebuilts/clang/linux-x86/host/3.5" path="prebuilts/clang/linux-x86/host/3.5" revision="ffc05a232799fe8fcb3e47b7440b52b1fb4244c0"/>
   <project groups="pdk,linux,arm" name="platform/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.8" path="prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.8" revision="337e0ef5e40f02a1ae59b90db0548976c70a7226"/>
diff --git a/b2g/config/emulator/sources.xml b/b2g/config/emulator/sources.xml
index 3d66b8d27a4..b45c2f396fc 100644
--- a/b2g/config/emulator/sources.xml
+++ b/b2g/config/emulator/sources.xml
@@ -19,7 +19,7 @@
     <copyfile dest="Makefile" src="core/root.mk"/>
   </project>
   <project name="fake-dalvik" path="dalvik" remote="b2g" revision="ca1f327d5acc198bb4be62fa51db2c039032c9ce"/>
-  <project name="gaia.git" path="gaia" remote="mozillaorg" revision="8a1e4ae522c121c5cacd39b20a5386ec9055db82"/>
+  <project name="gaia.git" path="gaia" remote="mozillaorg" revision="0b166043ef2a1f235a4d7d4f40a51b625784195a"/>
   <project name="gonk-misc" path="gonk-misc" remote="b2g" revision="3477513bcd385571aa01c0d074849e35bd5e2376"/>
   <project name="rilproxy" path="rilproxy" remote="b2g" revision="5ef30994f4778b4052e58a4383dbe7890048c87e"/>
   <project name="platform_hardware_ril" path="hardware/ril" remote="b2g" revision="87a2d8ab9248540910e56921654367b78a587095"/>
diff --git a/b2g/config/flame-kk/sources.xml b/b2g/config/flame-kk/sources.xml
index 1ba136bc46c..939c06284f3 100644
--- a/b2g/config/flame-kk/sources.xml
+++ b/b2g/config/flame-kk/sources.xml
@@ -15,7 +15,7 @@
   <project name="platform_build" path="build" remote="b2g" revision="e862ab9177af664f00b4522e2350f4cb13866d73">
     <copyfile dest="Makefile" src="core/root.mk"/>
   </project>
-  <project name="gaia" path="gaia" remote="mozillaorg" revision="8a1e4ae522c121c5cacd39b20a5386ec9055db82"/>
+  <project name="gaia" path="gaia" remote="mozillaorg" revision="0b166043ef2a1f235a4d7d4f40a51b625784195a"/>
   <project name="fake-libdvm" path="dalvik" remote="b2g" revision="d50ae982b19f42f0b66d08b9eb306be81687869f"/>
   <project name="gonk-misc" path="gonk-misc" remote="b2g" revision="3477513bcd385571aa01c0d074849e35bd5e2376"/>
   <project name="librecovery" path="librecovery" remote="b2g" revision="1b3591a50ed352fc6ddb77462b7b35d0bfa555a3"/>
@@ -23,7 +23,7 @@
   <project name="rilproxy" path="rilproxy" remote="b2g" revision="5ef30994f4778b4052e58a4383dbe7890048c87e"/>
   <project name="valgrind" path="external/valgrind" remote="b2g" revision="daa61633c32b9606f58799a3186395fd2bbb8d8c"/>
   <project name="vex" path="external/VEX" remote="b2g" revision="47f031c320888fe9f3e656602588565b52d43010"/>
-  <project name="apitrace" path="external/apitrace" remote="apitrace" revision="0a749b6475889d1f7db8da4385c77aadfe5b06d5"/>
+  <project name="apitrace" path="external/apitrace" remote="apitrace" revision="1ec161cddbdc631508816d74b0978a7aeba56e78"/>
   <!-- Stock Android things -->
   <project groups="linux" name="platform/prebuilts/gcc/linux-x86/host/i686-linux-glibc2.7-4.6" path="prebuilts/gcc/linux-x86/host/i686-linux-glibc2.7-4.6" revision="95bb5b66b3ec5769c3de8d3f25d681787418e7d2"/>
   <project groups="linux" name="platform/prebuilts/gcc/linux-x86/host/x86_64-linux-glibc2.7-4.6" path="prebuilts/gcc/linux-x86/host/x86_64-linux-glibc2.7-4.6" revision="ebdad82e61c16772f6cd47e9f11936bf6ebe9aa0"/>
diff --git a/b2g/config/gaia.json b/b2g/config/gaia.json
index 7022a0108d2..5cbd47dfa9a 100644
--- a/b2g/config/gaia.json
+++ b/b2g/config/gaia.json
@@ -1,9 +1,9 @@
 {
     "git": {
-        "git_revision": "8a1e4ae522c121c5cacd39b20a5386ec9055db82", 
+        "git_revision": "0b166043ef2a1f235a4d7d4f40a51b625784195a", 
         "remote": "https://git.mozilla.org/releases/gaia.git", 
         "branch": ""
     }, 
-    "revision": "155bda717bccdcab21d76d66aeebe400d887fb39", 
+    "revision": "8fc4e30c525ad4801000e23bb739fe794c397cd6", 
     "repo_path": "integration/gaia-central"
 }
diff --git a/b2g/config/nexus-4/sources.xml b/b2g/config/nexus-4/sources.xml
index 3e8e49ce84f..af974261d6a 100644
--- a/b2g/config/nexus-4/sources.xml
+++ b/b2g/config/nexus-4/sources.xml
@@ -17,10 +17,10 @@
   </project>
   <project name="rilproxy" path="rilproxy" remote="b2g" revision="5ef30994f4778b4052e58a4383dbe7890048c87e"/>
   <project name="fake-libdvm" path="dalvik" remote="b2g" revision="d50ae982b19f42f0b66d08b9eb306be81687869f"/>
-  <project name="gaia" path="gaia" remote="mozillaorg" revision="8a1e4ae522c121c5cacd39b20a5386ec9055db82"/>
+  <project name="gaia" path="gaia" remote="mozillaorg" revision="0b166043ef2a1f235a4d7d4f40a51b625784195a"/>
   <project name="gonk-misc" path="gonk-misc" remote="b2g" revision="3477513bcd385571aa01c0d074849e35bd5e2376"/>
   <project name="moztt" path="external/moztt" remote="b2g" revision="46da1a05ac04157669685246d70ac59d48699c9e"/>
-  <project name="apitrace" path="external/apitrace" remote="apitrace" revision="0a749b6475889d1f7db8da4385c77aadfe5b06d5"/>
+  <project name="apitrace" path="external/apitrace" remote="apitrace" revision="1ec161cddbdc631508816d74b0978a7aeba56e78"/>
   <project name="valgrind" path="external/valgrind" remote="b2g" revision="daa61633c32b9606f58799a3186395fd2bbb8d8c"/>
   <project name="vex" path="external/VEX" remote="b2g" revision="47f031c320888fe9f3e656602588565b52d43010"/>
   <!-- Stock Android things -->
diff --git a/b2g/config/nexus-5-l/sources.xml b/b2g/config/nexus-5-l/sources.xml
index 0f0de3f087e..c3eeb46c4ea 100644
--- a/b2g/config/nexus-5-l/sources.xml
+++ b/b2g/config/nexus-5-l/sources.xml
@@ -15,7 +15,7 @@
   <project name="platform_build" path="build" remote="b2g" revision="61e82f99bb8bc78d52b5717e9a2481ec7267fa33">
     <copyfile dest="Makefile" src="core/root.mk"/>
   </project>
-  <project name="gaia" path="gaia" remote="mozillaorg" revision="8a1e4ae522c121c5cacd39b20a5386ec9055db82"/>
+  <project name="gaia" path="gaia" remote="mozillaorg" revision="0b166043ef2a1f235a4d7d4f40a51b625784195a"/>
   <project name="fake-libdvm" path="dalvik" remote="b2g" revision="d50ae982b19f42f0b66d08b9eb306be81687869f"/>
   <project name="gonk-misc" path="gonk-misc" remote="b2g" revision="3477513bcd385571aa01c0d074849e35bd5e2376"/>
   <project name="librecovery" path="librecovery" remote="b2g" revision="1b3591a50ed352fc6ddb77462b7b35d0bfa555a3"/>
@@ -23,7 +23,7 @@
   <project name="rilproxy" path="rilproxy" remote="b2g" revision="5ef30994f4778b4052e58a4383dbe7890048c87e"/>
   <project name="valgrind" path="external/valgrind" remote="b2g" revision="daa61633c32b9606f58799a3186395fd2bbb8d8c"/>
   <project name="vex" path="external/VEX" remote="b2g" revision="47f031c320888fe9f3e656602588565b52d43010"/>
-  <project name="apitrace" path="external/apitrace" remote="apitrace" revision="0a749b6475889d1f7db8da4385c77aadfe5b06d5"/>
+  <project name="apitrace" path="external/apitrace" remote="apitrace" revision="1ec161cddbdc631508816d74b0978a7aeba56e78"/>
   <!-- Stock Android things -->
   <project groups="pdk,linux" name="platform/prebuilts/clang/linux-x86/host/3.5" path="prebuilts/clang/linux-x86/host/3.5" revision="ffc05a232799fe8fcb3e47b7440b52b1fb4244c0"/>
   <project groups="pdk,linux,arm" name="platform/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.8" path="prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.8" revision="337e0ef5e40f02a1ae59b90db0548976c70a7226"/>
diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js
index 6c199cf8f3e..c7e158c5fe8 100644
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -1665,8 +1665,6 @@ pref("prompts.tab_modal.enabled", true);
 // Whether the Panorama should animate going in/out of tabs
 pref("browser.panorama.animate_zoom", true);
 
-// Defines the url to be used for new tabs.
-pref("browser.newtab.url", "about:newtab");
 // Activates preloading of the new tab url.
 pref("browser.newtab.preload", true);
 
@@ -1733,7 +1731,7 @@ pref("shumway.swf.whitelist", "http://www.areweflashyet.com/*.swf");
 pref("image.mem.max_decoded_image_kb", 256000);
 
 pref("loop.enabled", true);
-pref("loop.textChat.enabled", false);
+pref("loop.textChat.enabled", true);
 pref("loop.server", "https://loop.services.mozilla.com/v0");
 pref("loop.seenToS", "unseen");
 pref("loop.showPartnerLogo", true);
diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
index 7b41240169b..958e73ce2a9 100644
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -54,6 +54,8 @@ XPCOMUtils.defineLazyModuleGetter(this, "LightweightThemeManager",
                                   "resource://gre/modules/LightweightThemeManager.jsm");
 XPCOMUtils.defineLazyModuleGetter(this, "Pocket",
                                   "resource:///modules/Pocket.jsm");
+XPCOMUtils.defineLazyModuleGetter(this, "NewTabURL",
+                                  "resource:///modules/NewTabURL.jsm");
 
 // Can't use XPCOMUtils for these because the scripts try to define the variables
 // on window, and so the defineProperty inside defineLazyGetter fails.
@@ -4091,6 +4093,10 @@ var XULBrowserWindow = {
     return true;
   },
 
+  shouldAddToSessionHistory: function(aDocShell, aURI) {
+    return aURI.spec != NewTabURL.get();
+  },
+
   onProgressChange: function (aWebProgress, aRequest,
                               aCurSelfProgress, aMaxSelfProgress,
                               aCurTotalProgress, aMaxTotalProgress) {
@@ -6958,6 +6964,10 @@ var gIdentityHandler = {
       host = this.getEffectiveHost();
     } catch (e) {
       // Some URIs might have no hosts.
+    }
+
+    if (!host) {
+      // Fallback for special protocols.
       host = this._lastUri.specIgnoringRef;
     }
 
diff --git a/browser/base/content/browser.xul b/browser/base/content/browser.xul
index 46b15111f1e..da35fddd4e8 100644
--- a/browser/base/content/browser.xul
+++ b/browser/base/content/browser.xul
@@ -1241,13 +1241,18 @@
 
   <svg:svg height="0">
 #include tab-shape.inc.svg
-    <svg:clipPath id="urlbar-back-button-clip-path" clipPathUnits="userSpaceOnUse">
+    <svg:clipPath id="urlbar-back-button-clip-path">
 #ifndef XP_MACOSX
-      <svg:path d="m 1,-5 l 0,7.8 c 2.5,3.2 4,6.2 4,10.2 c 0,4 -1.5,7 -4,10 l 0,22l10000,0 l 0,-50 l -10000,0 z"/>
+      <svg:path d="M -9,-4 l 0,1 a 15 15 0 0,1 0,30 l 0,1 l 10000,0 l 0,-32 l -10000,0 z" />
 #else
       <svg:path d="M -11,-5 a 16 16 0 0 1 0,34 l 10000,0 l 0,-34 l -10000,0 z"/>
 #endif
     </svg:clipPath>
+#ifdef XP_WIN
+    <svg:clipPath id="urlbar-back-button-clip-path-win10">
+      <svg:path d="M -6,-2 l 0,1 a 15 15 0 0,1 0,30 l 0,1 l 10000,0 l 0,-32 l -10000,0 z" />
+    </svg:clipPath>
+#endif
   </svg:svg>
 
 </vbox>
diff --git a/browser/base/content/content.js b/browser/base/content/content.js
index 7b12cee18e5..c1fef6a25c2 100644
--- a/browser/base/content/content.js
+++ b/browser/base/content/content.js
@@ -56,6 +56,9 @@ addEventListener("DOMFormHasPassword", function(event) {
   LoginManagerContent.onDOMFormHasPassword(event, content);
   InsecurePasswordUtils.checkForInsecurePasswords(event.target);
 });
+addEventListener("DOMInputPasswordAdded", function(event) {
+  LoginManagerContent.onDOMInputPasswordAdded(event, content);
+});
 addEventListener("pageshow", function(event) {
   LoginManagerContent.onPageShow(event, content);
 });
diff --git a/browser/base/content/tabbrowser.xml b/browser/base/content/tabbrowser.xml
index ad37a0f78f1..5a478d2f165 100644
--- a/browser/base/content/tabbrowser.xml
+++ b/browser/base/content/tabbrowser.xml
@@ -1609,7 +1609,7 @@
             // and the URL is "about:newtab". We do not support preloading for
             // custom newtab URLs.
             return Services.prefs.getBoolPref("browser.newtab.preload") &&
-                   !Services.prefs.prefHasUserValue("browser.newtab.url");
+                   !NewTabURL.overridden;
           ]]>
         </body>
       </method>
@@ -3487,16 +3487,18 @@
 
               let b = tab.linkedBrowser;
 
-              if (!b.isRemoteBrowser) {
-                // non-remote browsers are not the problem.
-                return true;
-              }
-
               if (!b._alive) {
                 // The browser binding has been removed. Dump a bunch of
                 // diagnostic information to the browser console.
-                err("The tabbrowser-remote-browser binding has been removed " +
-                    "from the tab being switched to.");
+                let utils = Cc["@mozilla.org/inspector/dom-utils;1"].getService(Ci.inIDOMUtils);
+                let results = utils.getBindingURLs(b);
+                let urls = [];
+
+                for (let i = 0; i < results.length; ++i) {
+                  urls.push(results.queryElementAt(i, Ci.nsIURI).spec);
+                }
+                err("The browser has the following bindings:");
+                err(urls);
                 err("MozBinding is currently: " +
                     window.getComputedStyle(b).MozBinding);
                 if (!b.parentNode) {
@@ -6161,8 +6163,6 @@
   <binding id="tabbrowser-remote-browser"
            extends="chrome://global/content/bindings/remote-browser.xml#remote-browser">
     <implementation>
-      <!-- This will go away if the binding has been removed for some reason. -->
-      <field name="_alive">true</field>
       <!-- throws exception for unknown schemes -->
       <method name="loadURIWithFlags">
         <parameter name="aURI"/>
diff --git a/browser/base/content/test/general/browser_bug763468_perwindowpb.js b/browser/base/content/test/general/browser_bug763468_perwindowpb.js
index bdd6943d96a..1ddc35d44bb 100644
--- a/browser/base/content/test/general/browser_bug763468_perwindowpb.js
+++ b/browser/base/content/test/general/browser_bug763468_perwindowpb.js
@@ -8,7 +8,6 @@ function test() {
   waitForExplicitFinish();
   let windowsToClose = [];
   let newTab;
-  let newTabPrefName = "browser.newtab.url";
   let newTabURL;
   let mode;
 
@@ -19,7 +18,7 @@ function test() {
         newTabURL = "about:privatebrowsing";
       } else {
         mode = "normal";
-        newTabURL = Services.prefs.getCharPref(newTabPrefName) || "about:blank";
+        newTabURL = NewTabURL.get();
       }
 
       is(aWindow.gBrowser.currentURI.spec, newTabURL,
diff --git a/browser/base/content/test/general/browser_bug767836_perwindowpb.js b/browser/base/content/test/general/browser_bug767836_perwindowpb.js
index 131a4aae62f..ee27a8dcf2e 100644
--- a/browser/base/content/test/general/browser_bug767836_perwindowpb.js
+++ b/browser/base/content/test/general/browser_bug767836_perwindowpb.js
@@ -5,7 +5,6 @@
 function test() {
   //initialization
   waitForExplicitFinish();
-  let newTabPrefName = "browser.newtab.url";
   let newTabURL;
   let testURL = "http://example.com/";
   let mode;
@@ -17,24 +16,24 @@ function test() {
         newTabURL = "about:privatebrowsing";
       } else {
         mode = "normal";
-        newTabURL = Services.prefs.getCharPref(newTabPrefName) || "about:blank";
+        newTabURL = NewTabURL.get();
       }
 
       // Check the new tab opened while in normal/private mode
       is(aWindow.gBrowser.selectedBrowser.currentURI.spec, newTabURL,
         "URL of NewTab should be " + newTabURL + " in " + mode +  " mode");
       // Set the custom newtab url
-      Services.prefs.setCharPref(newTabPrefName, testURL);
-      ok(Services.prefs.prefHasUserValue(newTabPrefName), "Custom newtab url is set");
+      NewTabURL.override(testURL);
+      is(NewTabURL.get(), testURL, "Custom newtab url is set");
 
       // Open a newtab after setting the custom newtab url
       openNewTab(aWindow, function () {
         is(aWindow.gBrowser.selectedBrowser.currentURI.spec, testURL,
            "URL of NewTab should be the custom url");
 
-        // clear the custom url preference
-        Services.prefs.clearUserPref(newTabPrefName);
-        ok(!Services.prefs.prefHasUserValue(newTabPrefName), "No custom newtab url is set");
+        // Clear the custom url.
+        NewTabURL.reset();
+        is(NewTabURL.get(), "about:newtab", "No custom newtab url is set");
 
         aWindow.gBrowser.removeTab(aWindow.gBrowser.selectedTab);
         aWindow.gBrowser.removeTab(aWindow.gBrowser.selectedTab);
@@ -51,7 +50,7 @@ function test() {
   }
 
   // check whether any custom new tab url has been configured
-  ok(!Services.prefs.prefHasUserValue(newTabPrefName), "No custom newtab url is set");
+  ok(!NewTabURL.overridden, "No custom newtab url is set");
 
   // test normal mode
   testOnWindow(false, function(aWindow) {
diff --git a/browser/base/content/urlbarBindings.xml b/browser/base/content/urlbarBindings.xml
index 32d26b32f9c..519101caaaf 100644
--- a/browser/base/content/urlbarBindings.xml
+++ b/browser/base/content/urlbarBindings.xml
@@ -330,7 +330,9 @@ file, You can obtain one at http://mozilla.org/MPL/2.0/.
               url = action.params.url;
             } else if (action.type == "searchengine") {
               let engine = Services.search.getEngineByName(action.params.engineName);
-              let submission = engine.getSubmission(action.params.searchQuery);
+              let query = action.params.searchSuggestion ||
+                          action.params.searchQuery;
+              let submission = engine.getSubmission(query);
 
               url = submission.uri.spec;
               postData = submission.postData;
@@ -790,12 +792,6 @@ file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
           try {
             action.params = JSON.parse(params);
-            if (action.params.input) {
-              action.params.input = decodeURIComponent(action.params.input);
-            }
-            if (action.params.searchQuery) {
-              action.params.searchQuery = decodeURIComponent(action.params.searchQuery);
-            }
           } catch (e) {
             // If this failed, we assume that params is not a JSON object, and
             // is instead just a flat string. This will happen when
@@ -804,6 +800,17 @@ file, You can obtain one at http://mozilla.org/MPL/2.0/.
             action.params = {
               url: params,
             }
+            return action;
+          }
+
+          for (let key of [
+            "input",
+            "searchQuery",
+            "searchSuggestion",
+          ]) {
+            if (action.params[key]) {
+              action.params[key] = decodeURIComponent(action.params[key]);
+            }
           }
 
           return action;
@@ -1577,7 +1584,9 @@ file, You can obtain one at http://mozilla.org/MPL/2.0/.
                 }
                 case "searchengine": {
                   let engine = Services.search.getEngineByName(action.params.engineName);
-                  let submission = engine.getSubmission(action.params.searchQuery);
+                  let query = action.params.searchSuggestion ||
+                              action.params.searchQuery;
+                  let submission = engine.getSubmission(query);
                   url = submission.uri.spec;
                   options.postData = submission.postData;
                   break;
diff --git a/browser/base/content/utilityOverlay.js b/browser/base/content/utilityOverlay.js
index 493d2e5adb6..48fb6d39258 100644
--- a/browser/base/content/utilityOverlay.js
+++ b/browser/base/content/utilityOverlay.js
@@ -9,32 +9,16 @@ Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
 Components.utils.import("resource://gre/modules/PrivateBrowsingUtils.jsm");
 Components.utils.import("resource:///modules/RecentWindow.jsm");
 
-XPCOMUtils.defineLazyGetter(this, "BROWSER_NEW_TAB_URL", function () {
-  const PREF = "browser.newtab.url";
+XPCOMUtils.defineLazyModuleGetter(this, "NewTabURL",
+  "resource:///modules/NewTabURL.jsm");
 
-  function getNewTabPageURL() {
-    if (PrivateBrowsingUtils.isWindowPrivate(window) &&
-        !PrivateBrowsingUtils.permanentPrivateBrowsing &&
-        !Services.prefs.prefHasUserValue(PREF)) {
-      return "about:privatebrowsing";
-    }
-
-    let url = Services.prefs.getComplexValue(PREF, Ci.nsISupportsString).data;
-    return url || "about:blank";
+this.__defineGetter__("BROWSER_NEW_TAB_URL", () => {
+  if (PrivateBrowsingUtils.isWindowPrivate(window) &&
+      !PrivateBrowsingUtils.permanentPrivateBrowsing &&
+      !NewTabURL.overridden) {
+    return "about:privatebrowsing";
   }
-
-  function update() {
-    BROWSER_NEW_TAB_URL = getNewTabPageURL();
-  }
-
-  Services.prefs.addObserver(PREF, update, false);
-
-  addEventListener("unload", function onUnload() {
-    removeEventListener("unload", onUnload);
-    Services.prefs.removeObserver(PREF, update);
-  });
-
-  return getNewTabPageURL();
+  return NewTabURL.get();
 });
 
 var TAB_DROP_TYPE = "application/x-moz-tabbrowser-tab";
diff --git a/browser/components/controlcenter/content/panel.inc.xul b/browser/components/controlcenter/content/panel.inc.xul
index f3d662ba78c..d91bac14b3e 100644
--- a/browser/components/controlcenter/content/panel.inc.xul
+++ b/browser/components/controlcenter/content/panel.inc.xul
@@ -69,6 +69,9 @@
                value="&identity.connectionInternal;"/>
       </vbox>
 
+      <description id="identity-popup-content-verifier"
+                   class="identity-popup-text"/>
+
       <description id="identity-popup-securityView-connection"
                    class="identity-popup-text">&identity.connectionVerified;</description>
 
@@ -76,8 +79,6 @@
                    class="identity-popup-text"/>
       <description id="identity-popup-content-supplemental"
                    class="identity-popup-text"/>
-      <description id="identity-popup-content-verifier"
-                   class="identity-popup-text"/>
     </panelview>
   </panelmultiview>
 </panel>
diff --git a/browser/components/loop/content/js/otconfig.js b/browser/components/loop/content/js/otconfig.js
index 7f9098f3cfc..e8b33ebcc14 100644
--- a/browser/components/loop/content/js/otconfig.js
+++ b/browser/components/loop/content/js/otconfig.js
@@ -7,4 +7,3 @@ window.OTProperties = {
 };
 window.OTProperties.assetURL = window.OTProperties.cdnURL + "sdk-content/";
 window.OTProperties.configURL = window.OTProperties.assetURL + "js/dynamic_config.min.js";
-window.OTProperties.cssURL = window.OTProperties.assetURL + "css/ot.css";
diff --git a/browser/components/loop/content/shared/js/otSdkDriver.js b/browser/components/loop/content/shared/js/otSdkDriver.js
index 640947e89ab..9d34d2bc91b 100644
--- a/browser/components/loop/content/shared/js/otSdkDriver.js
+++ b/browser/components/loop/content/shared/js/otSdkDriver.js
@@ -344,6 +344,11 @@ loop.OTSdkDriver = (function() {
     _onSessionConnectionCompleted: function(error) {
       if (error) {
         console.error("Failed to complete connection", error);
+        // We log this here before the connection failure to ensure the metrics
+        // event gets to the server before the leave action occurs. Otherwise
+        // the server won't log the metrics event because the user is no longer
+        // in the room.
+        this._notifyMetricsEvent("sdk.exception." + error.code);
         this.dispatcher.dispatch(new sharedActions.ConnectionFailure({
           reason: FAILURE_DETAILS.COULD_NOT_CONNECT
         }));
@@ -399,6 +404,7 @@ loop.OTSdkDriver = (function() {
 
       this._noteConnectionLengthIfNeeded(this._getTwoWayMediaStartTime(),
         performance.now());
+      this._notifyMetricsEvent("Session." + event.reason);
       this.dispatcher.dispatch(new sharedActions.ConnectionFailure({
         reason: reason
       }));
@@ -485,9 +491,14 @@ loop.OTSdkDriver = (function() {
         case "Session.streamDestroyed":
           this._metrics.recvStreams--;
           break;
+        case "Session.networkDisconnected":
+        case "Session.forceDisconnected":
+          break;
         default:
-          console.error("Unexpected event name", eventName);
-          return;
+          if (eventName.indexOf("sdk.exception") === -1) {
+            console.error("Unexpected event name", eventName);
+            return;
+          }
       }
       if (!state) {
         state = this._getConnectionState();
@@ -910,6 +921,8 @@ loop.OTSdkDriver = (function() {
         this.dispatcher.dispatch(new sharedActions.ConnectionFailure({
           reason: FAILURE_DETAILS.UNABLE_TO_PUBLISH_MEDIA
         }));
+      } else {
+        this._notifyMetricsEvent("sdk.exception." + event.code);
       }
     },
 
diff --git a/browser/components/loop/jar.mn b/browser/components/loop/jar.mn
index 218b5fa33d9..3f254734715 100644
--- a/browser/components/loop/jar.mn
+++ b/browser/components/loop/jar.mn
@@ -118,18 +118,4 @@ browser.jar:
 
   # Partner SDK assets
   content/browser/loop/libs/sdk.js                                                    (content/shared/libs/sdk.js)
-  content/browser/loop/sdk-content/css/ot.css                                 (content/shared/libs/sdk-content/css/ot.css)
   content/browser/loop/sdk-content/js/dynamic_config.min.js                   (content/shared/libs/sdk-content/js/dynamic_config.min.js)
-  content/browser/loop/sdk-content/images/rtc/access-denied-chrome.png        (content/shared/libs/sdk-content/images/rtc/access-denied-chrome.png)
-  content/browser/loop/sdk-content/images/rtc/access-denied-copy-firefox.png  (content/shared/libs/sdk-content/images/rtc/access-denied-copy-firefox.png)
-  content/browser/loop/sdk-content/images/rtc/access-denied-firefox.png       (content/shared/libs/sdk-content/images/rtc/access-denied-firefox.png)
-  content/browser/loop/sdk-content/images/rtc/access-predenied-chrome.png     (content/shared/libs/sdk-content/images/rtc/access-predenied-chrome.png)
-  content/browser/loop/sdk-content/images/rtc/access-prompt-chrome.png        (content/shared/libs/sdk-content/images/rtc/access-prompt-chrome.png)
-  content/browser/loop/sdk-content/images/rtc/audioonly-publisher.png         (content/shared/libs/sdk-content/images/rtc/audioonly-publisher.png)
-  content/browser/loop/sdk-content/images/rtc/audioonly-subscriber.png        (content/shared/libs/sdk-content/images/rtc/audioonly-subscriber.png)
-  content/browser/loop/sdk-content/images/rtc/buttons.png                     (content/shared/libs/sdk-content/images/rtc/buttons.png)
-  content/browser/loop/sdk-content/images/rtc/loader.gif                      (content/shared/libs/sdk-content/images/rtc/loader.gif)
-  content/browser/loop/sdk-content/images/rtc/mic-off.png                     (content/shared/libs/sdk-content/images/rtc/mic-off.png)
-  content/browser/loop/sdk-content/images/rtc/mic-on.png                      (content/shared/libs/sdk-content/images/rtc/mic-on.png)
-  content/browser/loop/sdk-content/images/rtc/speaker-off.png                 (content/shared/libs/sdk-content/images/rtc/speaker-off.png)
-  content/browser/loop/sdk-content/images/rtc/speaker-on.png                  (content/shared/libs/sdk-content/images/rtc/speaker-on.png)
diff --git a/browser/components/loop/standalone/content/index.html b/browser/components/loop/standalone/content/index.html
index adfdcf80e28..29c32d35674 100644
--- a/browser/components/loop/standalone/content/index.html
+++ b/browser/components/loop/standalone/content/index.html
@@ -109,7 +109,6 @@
       };
       window.OTProperties.assetURL = window.OTProperties.cdnURL + "sdk-content/";
       window.OTProperties.configURL = window.OTProperties.assetURL + "js/dynamic_config.min.js";
-      window.OTProperties.cssURL = window.OTProperties.assetURL + "css/ot.css";
     </script>
     <script type="text/javascript" src="js/multiplexGum.js"></script>
     <script type="text/javascript" src="shared/libs/sdk.js"></script>
diff --git a/browser/components/loop/test/shared/otSdkDriver_test.js b/browser/components/loop/test/shared/otSdkDriver_test.js
index bb9d1a3c21e..07b96fcbe66 100644
--- a/browser/components/loop/test/shared/otSdkDriver_test.js
+++ b/browser/components/loop/test/shared/otSdkDriver_test.js
@@ -67,6 +67,7 @@ describe("loop.OTSdkDriver", function () {
 
     window.OT = {
       ExceptionCodes: {
+        CONNECT_FAILED: 1006,
         UNABLE_TO_PUBLISH: 1500
       }
     };
@@ -388,12 +389,31 @@ describe("loop.OTSdkDriver", function () {
         sinon.assert.calledOnce(session.publish);
       });
 
+      it("should notify metrics", function() {
+        session.connect.callsArgWith(2, {
+          title: "Fake",
+          code: OT.ExceptionCodes.CONNECT_FAILED
+        });
+
+        driver.connectSession(sessionData);
+
+        sinon.assert.calledTwice(dispatcher.dispatch);
+        sinon.assert.calledWithExactly(dispatcher.dispatch,
+          new sharedActions.ConnectionStatus({
+            event: "sdk.exception." + OT.ExceptionCodes.CONNECT_FAILED,
+            state: "starting",
+            connections: 0,
+            sendStreams: 0,
+            recvStreams: 0
+          }));
+      });
+
       it("should dispatch connectionFailure if connecting failed", function() {
         session.connect.callsArgWith(2, new Error("Failure"));
 
         driver.connectSession(sessionData);
 
-        sinon.assert.calledOnce(dispatcher.dispatch);
+        sinon.assert.calledTwice(dispatcher.dispatch);
         sinon.assert.calledWithMatch(dispatcher.dispatch,
           sinon.match.hasOwn("name", "connectionFailure"));
         sinon.assert.calledWithMatch(dispatcher.dispatch,
@@ -723,13 +743,29 @@ describe("loop.OTSdkDriver", function () {
     });
 
     describe("sessionDisconnected", function() {
+      it("should notify metrics", function() {
+        session.trigger("sessionDisconnected", {
+          reason: "networkDisconnected"
+        });
+
+        sinon.assert.calledTwice(dispatcher.dispatch);
+        sinon.assert.calledWithExactly(dispatcher.dispatch,
+          new sharedActions.ConnectionStatus({
+            event: "Session.networkDisconnected",
+            state: "starting",
+            connections: 0,
+            sendStreams: 0,
+            recvStreams: 0
+          }));
+      });
+
       it("should dispatch a connectionFailure action if the session was disconnected",
         function() {
           session.trigger("sessionDisconnected", {
             reason: "networkDisconnected"
           });
 
-          sinon.assert.calledOnce(dispatcher.dispatch);
+          sinon.assert.calledTwice(dispatcher.dispatch);
           sinon.assert.calledWithMatch(dispatcher.dispatch,
             sinon.match.hasOwn("name", "connectionFailure"));
           sinon.assert.calledWithMatch(dispatcher.dispatch,
@@ -742,7 +778,7 @@ describe("loop.OTSdkDriver", function () {
             reason: "forceDisconnected"
           });
 
-          sinon.assert.calledOnce(dispatcher.dispatch);
+          sinon.assert.calledTwice(dispatcher.dispatch);
           sinon.assert.calledWithMatch(dispatcher.dispatch,
             sinon.match.hasOwn("name", "connectionFailure"));
           sinon.assert.calledWithMatch(dispatcher.dispatch,
@@ -1368,6 +1404,24 @@ describe("loop.OTSdkDriver", function () {
     });
 
     describe("exception", function() {
+      it("should notify metrics", function() {
+        sdk.trigger("exception", {
+          code: OT.ExceptionCodes.CONNECT_FAILED,
+          message: "Fake",
+          title: "Connect Failed"
+        });
+
+        sinon.assert.calledOnce(dispatcher.dispatch);
+        sinon.assert.calledWithExactly(dispatcher.dispatch,
+          new sharedActions.ConnectionStatus({
+            event: "sdk.exception." + OT.ExceptionCodes.CONNECT_FAILED,
+            state: "starting",
+            connections: 0,
+            sendStreams: 0,
+            recvStreams: 0
+          }));
+      });
+
       describe("Unable to publish (GetUserMedia)", function() {
         it("should destroy the publisher", function() {
           sdk.trigger("exception", {
@@ -1378,6 +1432,25 @@ describe("loop.OTSdkDriver", function () {
           sinon.assert.calledOnce(publisher.destroy);
         });
 
+        // XXX We should remove this when we stop being unable to publish as a
+        // workaround for knowing if the user has video as well as audio devices
+        // installed (bug 1138851).
+        it("should not notify metrics", function() {
+          sdk.trigger("exception", {
+            code: OT.ExceptionCodes.UNABLE_TO_PUBLISH,
+            message: "GetUserMedia"
+          });
+
+          sinon.assert.neverCalledWith(dispatcher.dispatch,
+            new sharedActions.ConnectionStatus({
+              event: "sdk.exception." + OT.ExceptionCodes.UNABLE_TO_PUBLISH,
+              state: "starting",
+              connections: 0,
+              sendStreams: 0,
+              recvStreams: 0
+            }));
+        });
+
         it("should dispatch a ConnectionFailure action", function() {
           sdk.trigger("exception", {
             code: OT.ExceptionCodes.UNABLE_TO_PUBLISH,
diff --git a/browser/components/loop/ui/index.html b/browser/components/loop/ui/index.html
index ee647666d6c..64902db97d2 100644
--- a/browser/components/loop/ui/index.html
+++ b/browser/components/loop/ui/index.html
@@ -35,7 +35,6 @@
       };
       window.OTProperties.assetURL = window.OTProperties.cdnURL + 'sdk-content/';
       window.OTProperties.configURL = window.OTProperties.assetURL + 'js/dynamic_config.min.js';
-      window.OTProperties.cssURL = window.OTProperties.assetURL + 'css/ot.css';
     </script>
     <script src="../content/js/multiplexGum.js"></script>
     <script src="../content/shared/libs/sdk.js"></script>
diff --git a/browser/components/privatebrowsing/test/browser/browser_privatebrowsing_urlbarfocus.js b/browser/components/privatebrowsing/test/browser/browser_privatebrowsing_urlbarfocus.js
index a1c22fb706b..bb2c93df35d 100644
--- a/browser/components/privatebrowsing/test/browser/browser_privatebrowsing_urlbarfocus.js
+++ b/browser/components/privatebrowsing/test/browser/browser_privatebrowsing_urlbarfocus.js
@@ -28,14 +28,14 @@ add_task(function* () {
 });
 
 add_task(function* () {
-  Services.prefs.setCharPref("browser.newtab.url", "about:blank");
+  NewTabURL.override("about:blank");
   registerCleanupFunction(() => {
-    Services.prefs.clearUserPref("browser.newtab.url");
+    NewTabURL.reset();
   });
 
   let win = yield openNewPrivateWindow();
   checkUrlbarFocus(win);
   win.close();
 
-  Services.prefs.clearUserPref("browser.newtab.url");
+  NewTabURL.reset();
 });
diff --git a/browser/devtools/inspector/inspector-panel.js b/browser/devtools/inspector/inspector-panel.js
index d8f1010282e..5c0f583c329 100644
--- a/browser/devtools/inspector/inspector-panel.js
+++ b/browser/devtools/inspector/inspector-panel.js
@@ -686,6 +686,19 @@ InspectorPanel.prototype = {
     let copyInnerHTML = this.panelDoc.getElementById("node-menu-copyinner");
     let copyOuterHTML = this.panelDoc.getElementById("node-menu-copyouter");
     let scrollIntoView = this.panelDoc.getElementById("node-menu-scrollnodeintoview");
+    let expandAll = this.panelDoc.getElementById("node-menu-expand");
+    let collapse = this.panelDoc.getElementById("node-menu-collapse");
+
+    expandAll.setAttribute("disabled", "true");
+    collapse.setAttribute("disabled", "true");
+
+    let markUpContainer = this.markup.importNode(this.selection.nodeFront, false);
+    if (this.selection.isNode() && markUpContainer.hasChildren) {
+      if (markUpContainer.expanded) {
+        collapse.removeAttribute("disabled");
+      }
+      expandAll.removeAttribute("disabled");
+    }
 
     this._target.actorHasMethod("domnode", "scrollIntoView").then(value => {
       scrollIntoView.hidden = !value;
@@ -1121,6 +1134,14 @@ InspectorPanel.prototype = {
     }
   },
 
+  expandNode: function() {
+    this.markup.expandAll(this.selection.nodeFront);
+  },
+
+  collapseNode: function() {
+    this.markup.collapseNode(this.selection.nodeFront);
+  },
+
   /**
    * This method is here for the benefit of the node-menu-link-follow menu item
    * in the inspector contextual-menu. It's behavior depends on which node was
diff --git a/browser/devtools/inspector/inspector.xul b/browser/devtools/inspector/inspector.xul
index b939033e49d..d4bb848c912 100644
--- a/browser/devtools/inspector/inspector.xul
+++ b/browser/devtools/inspector/inspector.xul
@@ -55,6 +55,12 @@
       <menuitem id="node-menu-showdomproperties"
         label="&inspectorShowDOMProperties.label;"
         oncommand="inspector.showDOMProperties()"/>
+      <menuitem id="node-menu-expand"
+        label="&inspectorExpandNode.label;"
+        oncommand="inspector.expandNode()"/>
+      <menuitem id="node-menu-collapse"
+        label="&inspectorCollapseNode.label;"
+        oncommand="inspector.collapseNode()"/>
       <menuseparator/>
       <menuitem id="node-menu-pasteinnerhtml"
         label="&inspectorHTMLPasteInner.label;"
diff --git a/browser/devtools/styleinspector/cssruleview.xhtml b/browser/devtools/styleinspector/cssruleview.xhtml
index d48eb9624ee..ebf1153ee03 100644
--- a/browser/devtools/styleinspector/cssruleview.xhtml
+++ b/browser/devtools/styleinspector/cssruleview.xhtml
@@ -45,8 +45,7 @@
                  type="search" placeholder="&filterStylesPlaceholder;"/>
           <button id="ruleview-searchinput-clear" class="devtools-searchinput-clear"></button>
         </div>
-        <!-- TODO : Bug 1165122 : Show this button by default -->
-        <button hidden="true" id="ruleview-add-rule-button" title="&addRuleButtonTooltip;" class="devtools-button"></button>
+        <button id="ruleview-add-rule-button" title="&addRuleButtonTooltip;" class="devtools-button"></button>
         <button id="pseudo-class-panel-toggle" title="&togglePseudoClassPanel;" class="devtools-button"></button>
       </div>
       <div id="pseudo-class-panel" class="devtools-toolbar" hidden="true">
diff --git a/browser/devtools/styleinspector/ruleview.css b/browser/devtools/styleinspector/ruleview.css
index 9d0f40a56e7..df0a116f28a 100644
--- a/browser/devtools/styleinspector/ruleview.css
+++ b/browser/devtools/styleinspector/ruleview.css
@@ -47,6 +47,8 @@ body {
 #pseudo-class-panel > label {
   -moz-user-select: none;
   flex-grow: 1;
+  display: flex;
+  align-items: center;
 }
 
 .ruleview {
diff --git a/browser/locales/en-US/chrome/browser/devtools/inspector.dtd b/browser/locales/en-US/chrome/browser/devtools/inspector.dtd
index 35848a678fb..baf207f2659 100644
--- a/browser/locales/en-US/chrome/browser/devtools/inspector.dtd
+++ b/browser/locales/en-US/chrome/browser/devtools/inspector.dtd
@@ -105,6 +105,16 @@
      opens the split Console and displays the properties in its side panel. -->
 <!ENTITY inspectorShowDOMProperties.label       "Show DOM Properties">
 
+<!-- LOCALIZATION NOTE (inspectorExpandNode.label): This is the label
+     shown in the inspector contextual-menu for recursively expanding
+     mark-up elements -->
+<!ENTITY inspectorExpandNode.label       "Expand All">
+
+<!-- LOCALIZATION NOTE (inspectorCollapseNode.label): This is the label
+     shown in the inspector contextual-menu for recursively collapsing
+     mark-up elements -->
+<!ENTITY inspectorCollapseNode.label       "Collapse">
+
 <!-- LOCALIZATION NOTE (inspectorScreenshotNode.label): This is the label
      shown in the inspector contextual-menu for the item that lets users take
      a screenshot of the currently selected node. -->
diff --git a/browser/locales/en-US/chrome/browser/loop/loop.properties b/browser/locales/en-US/chrome/browser/loop/loop.properties
index 3f5937b069e..5e4326dd021 100644
--- a/browser/locales/en-US/chrome/browser/loop/loop.properties
+++ b/browser/locales/en-US/chrome/browser/loop/loop.properties
@@ -296,6 +296,7 @@ feedback_rejoin_button=Rejoin
 ## LOCALIZATION NOTE (feedback_report_user_button): Used to report a user in the case of
 ## an abusive user.
 feedback_report_user_button=Report User
+feedback_request_button=Leave Feedback
 
 help_label=Help
 tour_label=Tour
diff --git a/browser/locales/en-US/chrome/browser/preferences/sync.dtd b/browser/locales/en-US/chrome/browser/preferences/sync.dtd
index 385bb443b84..85333334738 100644
--- a/browser/locales/en-US/chrome/browser/preferences/sync.dtd
+++ b/browser/locales/en-US/chrome/browser/preferences/sync.dtd
@@ -41,11 +41,11 @@
 
 <!-- Device Settings -->
 <!ENTITY syncDeviceName.label       "Device Name:">
+<!ENTITY syncDeviceName.accesskey   "c">
 <!ENTITY fxaSyncDeviceName.label       "Device Name">
-<!ENTITY changeSyncDeviceName.label "Change Device Name...">
+<!ENTITY changeSyncDeviceName.label "Change Device Name…">
 <!ENTITY cancelChangeSyncDeviceName.label "Cancel">
 <!ENTITY saveChangeSyncDeviceName.label "Save">
-<!ENTITY syncDeviceName.accesskey   "c">
 <!ENTITY unlinkDevice.label           "Unlink This Device">
 
 <!-- Footer stuff -->
diff --git a/browser/modules/NewTabURL.jsm b/browser/modules/NewTabURL.jsm
new file mode 100644
index 00000000000..9e78efaae09
--- /dev/null
+++ b/browser/modules/NewTabURL.jsm
@@ -0,0 +1,34 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+let Cc = Components.classes;
+let Ci = Components.interfaces;
+let Cu = Components.utils;
+
+this.EXPORTED_SYMBOLS = [ "NewTabURL" ];
+
+this.NewTabURL = {
+  _url: "about:newtab",
+  _overridden: false,
+
+  get: function() {
+    return this._url;
+  },
+
+  get overridden() {
+    return this._overridden;
+  },
+
+  override: function(newURL) {
+    this._url = newURL;
+    this._overridden = true;
+  },
+
+  reset: function() {
+    this._url = "about:newtab";
+    this._overridden = false;
+  }
+};
diff --git a/browser/modules/moz.build b/browser/modules/moz.build
index 4bb2d984677..eadb836f5fe 100644
--- a/browser/modules/moz.build
+++ b/browser/modules/moz.build
@@ -30,6 +30,7 @@ EXTRA_JS_MODULES += [
     'FormValidationHandler.jsm',
     'HiddenFrame.jsm',
     'NetworkPrioritizer.jsm',
+    'NewTabURL.jsm',
     'offlineAppCache.jsm',
     'PanelFrame.jsm',
     'PluginContent.jsm',
diff --git a/browser/modules/test/xpcshell/test_NewTabURL.js b/browser/modules/test/xpcshell/test_NewTabURL.js
new file mode 100644
index 00000000000..e5ccd9ecfc7
--- /dev/null
+++ b/browser/modules/test/xpcshell/test_NewTabURL.js
@@ -0,0 +1,17 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/
+ */
+"use strict";
+
+Components.utils.import("resource:///modules/NewTabURL.jsm");
+
+function run_test() {
+  Assert.equal(NewTabURL.get(), "about:newtab", "Default newtab URL should be about:newtab");
+  let url = "http://example.com/";
+  NewTabURL.override(url);
+  Assert.ok(NewTabURL.overridden, "Newtab URL should be overridden");
+  Assert.equal(NewTabURL.get(), url, "Newtab URL should be the custom URL");
+  NewTabURL.reset();
+  Assert.ok(!NewTabURL.overridden, "Newtab URL should not be overridden");
+  Assert.equal(NewTabURL.get(), "about:newtab", "Newtab URL should be the about:newtab");
+}
diff --git a/browser/modules/test/xpcshell/xpcshell.ini b/browser/modules/test/xpcshell/xpcshell.ini
index 4bb31a385c5..6cb221ded68 100644
--- a/browser/modules/test/xpcshell/xpcshell.ini
+++ b/browser/modules/test/xpcshell/xpcshell.ini
@@ -5,3 +5,4 @@ firefox-appdir = browser
 skip-if = toolkit == 'android' || toolkit == 'gonk'
 
 [test_DirectoryLinksProvider.js]
+[test_NewTabURL.js]
diff --git a/browser/themes/osx/browser.css b/browser/themes/osx/browser.css
index ea1a0d6d182..93575fa1f93 100644
--- a/browser/themes/osx/browser.css
+++ b/browser/themes/osx/browser.css
@@ -2615,10 +2615,8 @@ toolbarbutton.chevron > .toolbarbutton-menu-dropmarker {
   }
 
   /* Background tab separators */
-  #tabbrowser-tabs[movingtab] > .tabbrowser-tab[beforeselected]:not([last-visible-tab])::after,
-  .tabbrowser-tab:not([visuallyselected]):not([afterselected-visible]):not([afterhovered]):not([first-visible-tab]):not(:hover)::before,
-  #tabbrowser-tabs:not([overflow]) > .tabbrowser-tab[last-visible-tab]:not([visuallyselected]):not([beforehovered]):not(:hover)::after {
-    background-image: url(chrome://browser/skin/tabbrowser/tab-separator@2x.png);
+  #TabsToolbar:not([brighttext]) {
+    --tab-separator-image: url(chrome://browser/skin/tabbrowser/tab-separator@2x.png);
   }
 }
 
diff --git a/browser/themes/shared/controlcenter/panel.inc.css b/browser/themes/shared/controlcenter/panel.inc.css
index f8122263cbe..242a55d7298 100644
--- a/browser/themes/shared/controlcenter/panel.inc.css
+++ b/browser/themes/shared/controlcenter/panel.inc.css
@@ -191,8 +191,12 @@
   font-weight: 700;
 }
 
+#identity-popup-content-verifier {
+  color: #636363;
+}
+
 #identity-popup-content-owner,
-#identity-popup-securityView:not(.verifiedDomain) > #identity-popup-content-verifier {
+#identity-popup-securityView > #identity-popup-securityView-connection.identity-popup-text {
   margin-top: 1em;
 }
 
diff --git a/browser/themes/shared/devedition.inc.css b/browser/themes/shared/devedition.inc.css
index b3967b44879..006b82909e4 100644
--- a/browser/themes/shared/devedition.inc.css
+++ b/browser/themes/shared/devedition.inc.css
@@ -283,6 +283,7 @@ searchbar:not([oneoffui]) .search-go-button {
 .tabbrowser-tab:not([visuallyselected]):not([afterselected-visible]):not([afterhovered]):not([first-visible-tab]):not(:hover)::before,
 #tabbrowser-tabs:not([overflow]) > .tabbrowser-tab[last-visible-tab]:not([visuallyselected]):not([beforehovered]):not(:hover)::after {
   background: var(--tab-separator-color);
+  opacity: 1;
   width: 1px;
   -moz-margin-start: 0;
   -moz-margin-end: -1px;
diff --git a/browser/themes/shared/devtools/ruleview.css b/browser/themes/shared/devtools/ruleview.css
index 6531686e2a8..93ac040dda0 100644
--- a/browser/themes/shared/devtools/ruleview.css
+++ b/browser/themes/shared/devtools/ruleview.css
@@ -280,4 +280,27 @@
 }
 #pseudo-class-panel-toggle[checked]::before {
   background-image: url("chrome://browser/skin/devtools/pseudo-class.svg#pseudo-class-checked");
+  filter: none !important;
+}
+
+/**
+ * These buttons are using opacity instead of background color to indicate
+ * the state
+ */
+#ruleview-add-rule-button,
+#pseudo-class-panel-toggle {
+  opacity: 0.8;
+}
+
+#ruleview-add-rule-button:not([disabled]):hover,
+#pseudo-class-panel-toggle:hover,
+#pseudo-class-panel-toggle[checked] {
+  opacity: 1;
+}
+
+#ruleview-add-rule-button,
+#pseudo-class-panel-toggle,
+#pseudo-class-panel-toggle:hover,
+#pseudo-class-panel-toggle[checked]::before {
+  background-color: transparent !important;
 }
diff --git a/browser/themes/shared/identity-block.inc.css b/browser/themes/shared/identity-block.inc.css
index a73eb7bdb52..51b4b8d9c6a 100644
--- a/browser/themes/shared/identity-block.inc.css
+++ b/browser/themes/shared/identity-block.inc.css
@@ -145,3 +145,11 @@
     -moz-image-region: rect(0, 96px, 32px, 64px);
   }
 }
+
+#urlbar[actiontype="searchengine"] > #identity-box > #page-proxy-favicon {
+  -moz-image-region: inherit;
+  list-style-image: url(chrome://global/skin/icons/autocomplete-search.svg#search-icon);
+  width: 16px;
+  height: 16px;
+  opacity: 1;
+}
diff --git a/browser/themes/shared/tabs.inc.css b/browser/themes/shared/tabs.inc.css
index 509eb263640..d570010fe5a 100644
--- a/browser/themes/shared/tabs.inc.css
+++ b/browser/themes/shared/tabs.inc.css
@@ -8,6 +8,11 @@
   --tab-toolbar-navbar-overlap: 1px;
   --tab-min-height: 31px;
 }
+#TabsToolbar {
+  --tab-separator-image: url(chrome://browser/skin/tabbrowser/tab-separator.png);
+  --tab-separator-size: 3px 100%;
+  --tab-separator-opacity: 1;
+}
 
 %define tabCurveWidth 30px
 %define tabCurveHalfWidth 15px
@@ -321,15 +326,22 @@
 #tabbrowser-tabs:not([overflow]) > .tabbrowser-tab[last-visible-tab]:not([visuallyselected]):not([beforehovered]):not(:hover)::after {
   -moz-margin-start: -1.5px;
   -moz-margin-end: -1.5px;
-  background-image: url(chrome://browser/skin/tabbrowser/tab-separator.png);
+  background-image: var(--tab-separator-image);
   background-position: left bottom var(--tab-toolbar-navbar-overlap);
   background-repeat: no-repeat;
-  background-size: 3px 100%;
+  background-size: var(--tab-separator-size);
+  opacity: var(--tab-separator-opacity);
   content: "";
   display: -moz-box;
   width: 3px;
 }
 
+#TabsToolbar[brighttext] {
+  --tab-separator-image: linear-gradient(transparent 0%, transparent 15%, currentColor 15%, currentColor 90%, transparent 90%);
+  --tab-separator-size: 1px 100%;
+  --tab-separator-opacity: 0.4;
+}
+
 /* New tab button */
 
 .tabs-newtab-button {
diff --git a/browser/themes/windows/Toolbar-win8.png b/browser/themes/windows/Toolbar-win8.png
new file mode 100644
index 00000000000..50a5df60c1b
Binary files /dev/null and b/browser/themes/windows/Toolbar-win8.png differ
diff --git a/browser/themes/windows/Toolbar-win8@2x.png b/browser/themes/windows/Toolbar-win8@2x.png
new file mode 100644
index 00000000000..8da9af263ec
Binary files /dev/null and b/browser/themes/windows/Toolbar-win8@2x.png differ
diff --git a/browser/themes/windows/Toolbar.png b/browser/themes/windows/Toolbar.png
index 50a5df60c1b..d01a85e3f2c 100644
Binary files a/browser/themes/windows/Toolbar.png and b/browser/themes/windows/Toolbar.png differ
diff --git a/browser/themes/windows/Toolbar@2x.png b/browser/themes/windows/Toolbar@2x.png
index 8da9af263ec..4404a628bca 100644
Binary files a/browser/themes/windows/Toolbar@2x.png and b/browser/themes/windows/Toolbar@2x.png differ
diff --git a/browser/themes/windows/browser-aero.css b/browser/themes/windows/browser-aero.css
index 695138b302a..dc2c4321723 100644
--- a/browser/themes/windows/browser-aero.css
+++ b/browser/themes/windows/browser-aero.css
@@ -335,14 +335,3 @@
     -moz-appearance: -moz-win-browsertabbar-toolbox;
   }
 }
-
-/* Win8 and beyond. */
-@media not all and (-moz-os-version: windows-vista) {
-  @media not all and (-moz-os-version: windows-win7) {
-    /* Introducing an additional hover state for the Bookmark button */
-    #nav-bar .toolbarbutton-1[buttonover] > .toolbarbutton-menubutton-button:hover > .toolbarbutton-icon {
-      background-color: hsla(210,4%,10%,.08);
-      border-color: hsla(210,4%,10%,.1);
-    }
-  }
-}
diff --git a/browser/themes/windows/browser.css b/browser/themes/windows/browser.css
index cfcca58a8d6..4a1a15f5b68 100644
--- a/browser/themes/windows/browser.css
+++ b/browser/themes/windows/browser.css
@@ -1187,6 +1187,14 @@ toolbarbutton[constrain-size="true"][cui-areatype="toolbar"] > .toolbarbutton-ba
   }
 }
 
+@media (-moz-os-version: windows-win10) {
+  #urlbar,
+  .searchbar-textbox {
+    font-size: 1.15em;
+    min-height: 28px;
+  }
+}
+
 #urlbar {
   -moz-padding-end: 2px;
 }
@@ -1235,6 +1243,13 @@ toolbarbutton[constrain-size="true"][cui-areatype="toolbar"] > .toolbarbutton-ba
   -moz-margin-start: -5px;
 }
 
+@media (-moz-os-version: windows-win10) {
+  @conditionalForwardWithUrlbar@ {
+    clip-path: url("chrome://browser/content/browser.xul#urlbar-back-button-clip-path-win10");
+    -moz-margin-start: -8px;
+  }
+}
+
 @conditionalForwardWithUrlbar@:-moz-locale-dir(rtl),
 @conditionalForwardWithUrlbar@ > #urlbar:-moz-locale-dir(rtl) {
   /* let urlbar-back-button-clip-path clip the urlbar's right side for RTL */
@@ -1438,6 +1453,12 @@ html|*.urlbar-input:-moz-lwtheme::-moz-placeholder,
   -moz-margin-end: 1px;
 }
 
+@media (-moz-os-version: windows-win10) {
+  #page-proxy-favicon {
+    -moz-margin-start: 6px;
+  }
+}
+
 /* autocomplete */
 
 #treecolAutoCompleteImage {
@@ -1936,12 +1957,23 @@ richlistitem[type~="action"][actiontype="switchtab"] > .ac-url-box > .ac-action-
   }
 }
 
+/* Use solid tab separators for Windows 8+ */
+@media not all and (-moz-os-version: windows-xp) {
+  @media not all and (-moz-os-version: windows-vista) {
+    @media not all and (-moz-os-version: windows-win7) {
+      #TabsToolbar:not([brighttext]) {
+        --tab-separator-image: linear-gradient(transparent 0%, transparent 15%, currentColor 15%, currentColor 90%, transparent 90%);
+        --tab-separator-size: 1px 100%;
+        --tab-separator-opacity: 0.2;
+      }
+    }
+  }
+}
+
 /* Use lighter colors of buttons and text in the titlebar on luna-blue */
 @media (-moz-windows-theme: luna-blue) {
-  #tabbrowser-tabs[movingtab] > .tabbrowser-tab[beforeselected]:not([last-visible-tab])::after,
-  .tabbrowser-tab:not([visuallyselected]):not([afterselected-visible]):not([afterhovered]):not([first-visible-tab]):not(:hover)::before,
-  #tabbrowser-tabs:not([overflow]) > .tabbrowser-tab[last-visible-tab]:not([visuallyselected]):not([beforehovered]):not(:hover)::after {
-    background-image: url("chrome://browser/skin/tabbrowser/tab-separator-luna-blue.png");
+  #TabsToolbar:not([brighttext]) {
+    --tab-separator-image: url("chrome://browser/skin/tabbrowser/tab-separator-luna-blue.png");
   }
 }
 
diff --git a/browser/themes/windows/jar.mn b/browser/themes/windows/jar.mn
index 68f40b59ee4..df3b34dcd65 100644
--- a/browser/themes/windows/jar.mn
+++ b/browser/themes/windows/jar.mn
@@ -129,6 +129,8 @@ browser.jar:
         skin/classic/browser/Toolbar-inverted.png
         skin/classic/browser/Toolbar-inverted@2x.png
         skin/classic/browser/Toolbar-lunaSilver.png
+        skin/classic/browser/Toolbar-win8.png
+        skin/classic/browser/Toolbar-win8@2x.png
         skin/classic/browser/Toolbar-XP.png
         skin/classic/browser/toolbarbutton-dropdown-arrow.png
         skin/classic/browser/toolbarbutton-dropdown-arrow-XPVista7.png
@@ -211,6 +213,7 @@ browser.jar:
         skin/classic/browser/customizableui/panelarrow-customizeTip.png  (../shared/customizableui/panelarrow-customizeTip.png)
 *       skin/classic/browser/customizableui/panelUIOverlay.css       (customizableui/panelUIOverlay.css)
         skin/classic/browser/customizableui/subView-arrow-back-inverted.png  (../shared/customizableui/subView-arrow-back-inverted.png)
+        skin/classic/browser/customizableui/subView-arrow-back-inverted@2x.png  (../shared/customizableui/subView-arrow-back-inverted@2x.png)
         skin/classic/browser/customizableui/subView-arrow-back-inverted-rtl.png  (../shared/customizableui/subView-arrow-back-inverted-rtl.png)
         skin/classic/browser/customizableui/whimsy.png  (../shared/customizableui/whimsy.png)
         skin/classic/browser/customizableui/whimsy@2x.png  (../shared/customizableui/whimsy@2x.png)
@@ -645,20 +648,24 @@ browser.jar:
 % override chrome://browser/skin/menuPanel-small@2x.png               chrome://browser/skin/menuPanel-small-aero@2x.png                 os=WINNT osversion=6.1
 % override chrome://browser/skin/Toolbar@2x.png                       chrome://browser/skin/Toolbar-aero@2x.png                         os=WINNT osversion=6
 % override chrome://browser/skin/Toolbar@2x.png                       chrome://browser/skin/Toolbar-aero@2x.png                         os=WINNT osversion=6.1
+% override chrome://browser/skin/Toolbar@2x.png                       chrome://browser/skin/Toolbar-win8@2x.png                         os=WINNT osversion=6.2
+% override chrome://browser/skin/Toolbar@2x.png                       chrome://browser/skin/Toolbar-win8@2x.png                         os=WINNT osversion=6.3
 % override chrome://browser/skin/loop/menuPanel.png                   chrome://browser/skin/loop/menuPanel-aero.png                     os=WINNT osversion=6
 % override chrome://browser/skin/loop/menuPanel.png                   chrome://browser/skin/loop/menuPanel-aero.png                     os=WINNT osversion=6.1
 % override chrome://browser/skin/loop/menuPanel@2x.png                chrome://browser/skin/loop/menuPanel-aero@2x.png                  os=WINNT osversion=6
 % override chrome://browser/skin/loop/menuPanel@2x.png                chrome://browser/skin/loop/menuPanel-aero@2x.png                  os=WINNT osversion=6.1
 
+% override chrome://browser/skin/Toolbar.png                          chrome://browser/skin/Toolbar-XP.png                              os=WINNT osversion<6
 % override chrome://browser/skin/Toolbar.png                          chrome://browser/skin/Toolbar-aero.png                            os=WINNT osversion=6
 % override chrome://browser/skin/Toolbar.png                          chrome://browser/skin/Toolbar-aero.png                            os=WINNT osversion=6.1
-% override chrome://browser/skin/Toolbar.png                          chrome://browser/skin/Toolbar-XP.png                              os=WINNT osversion<6
+% override chrome://browser/skin/Toolbar.png                          chrome://browser/skin/Toolbar-win8.png                            os=WINNT osversion=6.2
+% override chrome://browser/skin/Toolbar.png                          chrome://browser/skin/Toolbar-win8.png                            os=WINNT osversion=6.3
+% override chrome://browser/skin/loop/toolbar.png                     chrome://browser/skin/loop/toolbar-XP.png                         os=WINNT osversion<6
 % override chrome://browser/skin/loop/toolbar.png                     chrome://browser/skin/loop/toolbar-aero.png                       os=WINNT osversion=6
 % override chrome://browser/skin/loop/toolbar.png                     chrome://browser/skin/loop/toolbar-aero.png                       os=WINNT osversion=6.1
-% override chrome://browser/skin/loop/toolbar.png                     chrome://browser/skin/loop/toolbar-XP.png                         os=WINNT osversion<6
+% override chrome://browser/skin/loop/toolbar@2x.png                  chrome://browser/skin/loop/toolbar-XP@2x.png                      os=WINNT osversion<6
 % override chrome://browser/skin/loop/toolbar@2x.png                  chrome://browser/skin/loop/toolbar-aero@2x.png                    os=WINNT osversion=6
 % override chrome://browser/skin/loop/toolbar@2x.png                  chrome://browser/skin/loop/toolbar-aero@2x.png                    os=WINNT osversion=6.1
-% override chrome://browser/skin/loop/toolbar@2x.png                  chrome://browser/skin/loop/toolbar-XP@2x.png                      os=WINNT osversion<6
 % override chrome://browser/skin/preferences/checkbox.png             chrome://browser/skin/preferences/checkbox-aero.png               os=WINNT osversion=6
 % override chrome://browser/skin/preferences/checkbox.png             chrome://browser/skin/preferences/checkbox-aero.png               os=WINNT osversion=6.1
 % override chrome://browser/skin/preferences/checkbox.png             chrome://browser/skin/preferences/checkbox-xp.png                 os=WINNT osversion<6
diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp
index 05894f8465f..f0f967cb63d 100644
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -11732,7 +11732,7 @@ nsDocShell::ShouldAddToSessionHistory(nsIURI* aURI)
   // should just do a spec compare, rather than two gets of the scheme and
   // then the path.  -Gagan
   nsresult rv;
-  nsAutoCString buf, pref;
+  nsAutoCString buf;
 
   rv = aURI->GetScheme(buf);
   if (NS_FAILED(rv)) {
@@ -11750,16 +11750,17 @@ nsDocShell::ShouldAddToSessionHistory(nsIURI* aURI)
     }
   }
 
-  rv = Preferences::GetDefaultCString("browser.newtab.url", &pref);
-
-  if (NS_FAILED(rv)) {
-    return true;
+  // Check if the webbrowser chrome wants us to proceed - by default it ensures
+  // aURI is not the newtab URI.
+  nsCOMPtr<nsIWebBrowserChrome3> browserChrome3 = do_GetInterface(mTreeOwner);
+  if (browserChrome3) {
+    bool shouldAdd;
+    rv = browserChrome3->ShouldAddToSessionHistory(this, aURI, &shouldAdd);
+    NS_ENSURE_SUCCESS(rv, true);
+    return shouldAdd;
   }
 
-  rv = aURI->GetSpec(buf);
-  NS_ENSURE_SUCCESS(rv, true);
-
-  return !buf.Equals(pref);
+  return true;
 }
 
 nsresult
diff --git a/dom/base/DOMCursor.cpp b/dom/base/DOMCursor.cpp
index 5eaf5626484..28af38fa9c2 100644
--- a/dom/base/DOMCursor.cpp
+++ b/dom/base/DOMCursor.cpp
@@ -27,6 +27,13 @@ DOMCursor::DOMCursor(nsPIDOMWindow* aWindow, nsICursorContinueCallback* aCallbac
 {
 }
 
+DOMCursor::DOMCursor(nsIGlobalObject* aGlobal, nsICursorContinueCallback* aCallback)
+  : DOMRequest(aGlobal)
+  , mCallback(aCallback)
+  , mFinished(false)
+{
+}
+
 void
 DOMCursor::Reset()
 {
diff --git a/dom/base/DOMCursor.h b/dom/base/DOMCursor.h
index 4217b4ca680..108d2fb7e6a 100644
--- a/dom/base/DOMCursor.h
+++ b/dom/base/DOMCursor.h
@@ -26,6 +26,7 @@ public:
                                            DOMRequest)
 
   DOMCursor(nsPIDOMWindow* aWindow, nsICursorContinueCallback *aCallback);
+  DOMCursor(nsIGlobalObject* aGlobal, nsICursorContinueCallback *aCallback);
 
   virtual JSObject* WrapObject(JSContext* aCx, JS::Handle<JSObject*> aGivenProto) override;
 
diff --git a/dom/base/DOMRequest.cpp b/dom/base/DOMRequest.cpp
index 47ca932fe86..d36053e8ac2 100644
--- a/dom/base/DOMRequest.cpp
+++ b/dom/base/DOMRequest.cpp
@@ -20,7 +20,7 @@ using mozilla::dom::DOMRequest;
 using mozilla::dom::DOMRequestService;
 using mozilla::dom::DOMCursor;
 using mozilla::dom::Promise;
-using mozilla::AutoSafeJSContext;
+using mozilla::dom::AutoJSAPI;
 
 DOMRequest::DOMRequest(nsPIDOMWindow* aWindow)
   : DOMEventTargetHelper(aWindow->IsInnerWindow() ?
@@ -30,6 +30,13 @@ DOMRequest::DOMRequest(nsPIDOMWindow* aWindow)
 {
 }
 
+DOMRequest::DOMRequest(nsIGlobalObject* aGlobal)
+  : DOMEventTargetHelper(aGlobal)
+  , mResult(JS::UndefinedValue())
+  , mDone(false)
+{
+}
+
 DOMRequest::~DOMRequest()
 {
   mResult.setUndefined();
@@ -235,6 +242,7 @@ NS_IMETHODIMP
 DOMRequestService::CreateRequest(nsIDOMWindow* aWindow,
                                  nsIDOMDOMRequest** aRequest)
 {
+  MOZ_ASSERT(NS_IsMainThread());
   nsCOMPtr<nsPIDOMWindow> win(do_QueryInterface(aWindow));
   NS_ENSURE_STATE(win);
   NS_ADDREF(*aRequest = new DOMRequest(win));
@@ -306,13 +314,9 @@ public:
   Dispatch(DOMRequest* aRequest,
            const JS::Value& aResult)
   {
-    NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
     mozilla::ThreadsafeAutoSafeJSContext cx;
     nsRefPtr<FireSuccessAsyncTask> asyncTask = new FireSuccessAsyncTask(cx, aRequest, aResult);
-    if (NS_FAILED(NS_DispatchToMainThread(asyncTask))) {
-      NS_WARNING("Failed to dispatch to main thread!");
-      return NS_ERROR_FAILURE;
-    }
+    MOZ_ALWAYS_TRUE(NS_SUCCEEDED(NS_DispatchToCurrentThread(asyncTask)));
     return NS_OK;
   }
 
@@ -323,11 +327,6 @@ public:
     return NS_OK;
   }
 
-  ~FireSuccessAsyncTask()
-  {
-    NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
-  }
-
 private:
   nsRefPtr<DOMRequest> mReq;
   JS::PersistentRooted<JS::Value> mResult;
@@ -369,10 +368,7 @@ DOMRequestService::FireErrorAsync(nsIDOMDOMRequest* aRequest,
   NS_ENSURE_STATE(aRequest);
   nsCOMPtr<nsIRunnable> asyncTask =
     new FireErrorAsyncTask(static_cast<DOMRequest*>(aRequest), aError);
-  if (NS_FAILED(NS_DispatchToMainThread(asyncTask))) {
-    NS_WARNING("Failed to dispatch to main thread!");
-    return NS_ERROR_FAILURE;
-  }
+  MOZ_ALWAYS_TRUE(NS_SUCCEEDED(NS_DispatchToCurrentThread(asyncTask)));
   return NS_OK;
 }
 
diff --git a/dom/base/DOMRequest.h b/dom/base/DOMRequest.h
index 8989343eea6..21f8a1f2318 100644
--- a/dom/base/DOMRequest.h
+++ b/dom/base/DOMRequest.h
@@ -84,6 +84,7 @@ public:
   void FireDetailedError(DOMError* aError);
 
   explicit DOMRequest(nsPIDOMWindow* aWindow);
+  explicit DOMRequest(nsIGlobalObject* aGlobal);
 
 protected:
   virtual ~DOMRequest();
diff --git a/dom/system/gonk/MozMtpDatabase.cpp b/dom/system/gonk/MozMtpDatabase.cpp
index 9855ecf662e..7e9a219fdbe 100644
--- a/dom/system/gonk/MozMtpDatabase.cpp
+++ b/dom/system/gonk/MozMtpDatabase.cpp
@@ -1243,8 +1243,11 @@ MozMtpDatabase::getObjectInfo(MtpObjectHandle aHandle,
   aInfo.mAssociationDesc = 0;
   aInfo.mSequenceNumber = 0;
   aInfo.mName = ::strdup(entry->mObjectName.get());
-  aInfo.mDateCreated = entry->mDateCreated;
-  aInfo.mDateModified = entry->mDateModified;
+
+  // entry->mDateXxxx is a PRTime stores the time as microseconds from the epoch.
+  // aInfo.mDateXxxx is time_t which stores the time as seconds from the epoch.
+  aInfo.mDateCreated = entry->mDateCreated / PR_USEC_PER_SEC;
+  aInfo.mDateModified = entry->mDateModified / PR_USEC_PER_SEC;
   aInfo.mKeywords = ::strdup("fxos,touch");
 
   return MTP_RESPONSE_OK;
diff --git a/dom/webidl/DOMCursor.webidl b/dom/webidl/DOMCursor.webidl
index 3ad36a76fa1..f5d0447ea85 100644
--- a/dom/webidl/DOMCursor.webidl
+++ b/dom/webidl/DOMCursor.webidl
@@ -3,6 +3,7 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+[Exposed=(Window,Worker)]
 interface DOMCursor : EventTarget {
   readonly attribute boolean done;
   [Throws]
diff --git a/dom/webidl/DOMRequest.webidl b/dom/webidl/DOMRequest.webidl
index 53686ab1130..74a656d661a 100644
--- a/dom/webidl/DOMRequest.webidl
+++ b/dom/webidl/DOMRequest.webidl
@@ -5,7 +5,7 @@
 
 enum DOMRequestReadyState { "pending", "done" };
 
-[NoInterfaceObject]
+[Exposed=(Window,Worker), NoInterfaceObject]
 interface DOMRequestShared {
   readonly attribute DOMRequestReadyState readyState;
 
@@ -16,6 +16,7 @@ interface DOMRequestShared {
   attribute EventHandler onerror;
 };
 
+[Exposed=(Window,Worker)]
 interface DOMRequest : EventTarget {
   // The [TreatNonCallableAsNull] annotation is required since then() should do
   // nothing instead of throwing errors when non-callable arguments are passed.
diff --git a/dom/workers/test/serviceworkers/test_serviceworker_interfaces.js b/dom/workers/test/serviceworkers/test_serviceworker_interfaces.js
index 6da094bacbd..1b0c4d188b3 100644
--- a/dom/workers/test/serviceworkers/test_serviceworker_interfaces.js
+++ b/dom/workers/test/serviceworkers/test_serviceworker_interfaces.js
@@ -102,10 +102,14 @@ var interfaceNamesInGlobalScope =
     { name: "DataStore", b2g: true },
 // IMPORTANT: Do not change this list without review from a DOM peer!
     { name: "DataStoreCursor", b2g: true },
+// IMPORTANT: Do not change this list without review from a DOM peer!
+    "DOMCursor",
 // IMPORTANT: Do not change this list without review from a DOM peer!
     "DOMError",
 // IMPORTANT: Do not change this list without review from a DOM peer!
     "DOMException",
+// IMPORTANT: Do not change this list without review from a DOM peer!
+    "DOMRequest",
 // IMPORTANT: Do not change this list without review from a DOM peer!
     "DOMStringList",
 // IMPORTANT: Do not change this list without review from a DOM peer!
diff --git a/dom/workers/test/test_worker_interfaces.js b/dom/workers/test/test_worker_interfaces.js
index df87987a895..a025829f3da 100644
--- a/dom/workers/test/test_worker_interfaces.js
+++ b/dom/workers/test/test_worker_interfaces.js
@@ -98,10 +98,14 @@ var interfaceNamesInGlobalScope =
     { name: "DataStore", b2g: true },
 // IMPORTANT: Do not change this list without review from a DOM peer!
     { name: "DataStoreCursor", b2g: true },
+// IMPORTANT: Do not change this list without review from a DOM peer!
+    "DOMCursor",
 // IMPORTANT: Do not change this list without review from a DOM peer!
     "DOMError",
 // IMPORTANT: Do not change this list without review from a DOM peer!
     "DOMException",
+// IMPORTANT: Do not change this list without review from a DOM peer!
+    "DOMRequest",
 // IMPORTANT: Do not change this list without review from a DOM peer!
     "DOMStringList",
 // IMPORTANT: Do not change this list without review from a DOM peer!
diff --git a/embedding/browser/nsIWebBrowserChrome3.idl b/embedding/browser/nsIWebBrowserChrome3.idl
index 938ff55e266..05e35f455a0 100644
--- a/embedding/browser/nsIWebBrowserChrome3.idl
+++ b/embedding/browser/nsIWebBrowserChrome3.idl
@@ -12,7 +12,7 @@ interface nsIInputStream;
 /**
  * nsIWebBrowserChrome3 is an extension to nsIWebBrowserChrome2.
  */
-[scriptable, uuid(9e6c2372-5d9d-4ce8-ab9e-c5df1494dc84)]
+[scriptable, uuid(da646a9c-5788-4860-88a4-bd5d0ad853da)]
 interface nsIWebBrowserChrome3 : nsIWebBrowserChrome2
 {
   /**
@@ -47,4 +47,7 @@ interface nsIWebBrowserChrome3 : nsIWebBrowserChrome2
   bool shouldLoadURI(in nsIDocShell    aDocShell,
                      in nsIURI         aURI,
                      in nsIURI         aReferrer);
+
+  bool shouldAddToSessionHistory(in nsIDocShell aDocShell,
+                                 in nsIURI      aURI);
 };
diff --git a/mobile/android/.eslintignore b/mobile/android/.eslintignore
new file mode 100644
index 00000000000..413086bef18
--- /dev/null
+++ b/mobile/android/.eslintignore
@@ -0,0 +1,24 @@
+chrome/content
+tests/
+
+# Uses `#filter substitution`
+app/mobile.js
+chrome/content/healthreport-prefs.js
+
+# Uses `#expand`
+chrome/content/about.js
+
+# Not much JS to lint and non-standard at that
+installer/
+locales/
+
+# Pretty sure we're disabling this one anyway
+modules/ContactService.jsm
+
+# es7 proposed: array comprehensions
+#   https://github.com/eslint/espree/issues/125
+modules/WebappManager.jsm
+
+# Non-standard `(catch ex if ...)`
+components/Snippets.js
+modules/MatchstickApp.jsm
diff --git a/mobile/android/.eslintrc b/mobile/android/.eslintrc
new file mode 100644
index 00000000000..fdd180c9310
--- /dev/null
+++ b/mobile/android/.eslintrc
@@ -0,0 +1,112 @@
+env:
+    browser: true
+    es6: true
+
+globals:
+    Components: false
+
+    # TODO: Create custom rule for `Cu.import`
+    AddonManager: false
+    AppConstants: false
+    Downloads: false
+    File: false
+    FileUtils: false
+    HelperApps: true # TODO: Can be more specific here.
+    JNI: true # TODO: Can be more specific here.
+    LightweightThemeManager: false
+    Messaging: false
+    Notifications: false
+    OS: false
+    ParentalControls: false
+    PrivateBrowsingUtils: false
+    Prompt: false
+    Services: false
+    SharedPreferences: false
+    strings: false
+    Strings: false
+    Task: false
+    TelemetryStopwatch: false
+    UITelemetry: false
+    UserAgentOverrides: 0
+    WebappManager: false
+    XPCOMUtils: false
+    ctypes: false
+    dump: false
+    exports: false
+    importScripts: false
+    module: false
+    require: false
+    uuidgen: false
+
+    Iterator: false # TODO: Remove - deprecated!
+
+rules:
+    global-strict: 0 # Overridden by "strict"
+    no-underscore-dangle: 0 # We allow trailing underscores in names.
+
+    # We disable everything to get all files to pass w/o updating them.
+    # We'll re-enable one by one.
+    camelcase: 0
+    comma-dangle: 0
+    comma-spacing: 0
+    consistent-return: 0
+    curly: 0
+    dot-notation: 0
+    eqeqeq: 0
+    key-spacing: 0
+    new-cap: 0
+    no-caller: 0
+    no-constant-condition: 0
+    no-empty: 0
+    no-extra-bind: 0
+    no-extra-semi: 0
+    no-loop-func: 0
+    no-multi-spaces: 0
+    no-new-object: 0
+    no-octal: 0
+    no-return-assign: 0
+    no-shadow: 0
+    no-trailing-spaces: 0
+    no-unused-vars: 0
+    no-use-before-define: 0
+    quotes: 0 # [2, "double"]
+    semi: 0
+    space-infix-ops: 0
+    space-unary-ops: 0 # 2: https://github.com/eslint/eslint/issues/2764
+    strict: 0
+
+  #"ecmaFeatures": {
+  #  "forOf": true,
+  #  "jsx": true,
+  #},
+  #"rules": {
+  #  // turn off all kinds of stuff that we actually do want, because
+  #  // right now, we're bootstrapping the linting infrastructure.  We'll
+  #  // want to audit these rules, and start turning them on and fixing the
+  #  // problems they find, one at a time.
+
+  #  // Eslint built-in rules are documented at <http://eslint.org/docs/rules/>
+  #  "camelcase": 0,               // TODO: Remove (use default)
+  #  "consistent-return": 0,       // TODO: Remove (use default)
+  #  dot-location: 0,              // [2, property],
+  #  "eqeqeq": 0,                  // TBD. Might need to be separate for content & chrome
+  #  "global-strict": 0,           // Leave as zero (this will be unsupported in eslint 1.0.0)
+  #  "linebreak-style": [2, "unix"],
+  #  "new-cap": 0,                 // TODO: Remove (use default)
+  #  "no-catch-shadow": 0,         // TODO: Remove (use default)
+  #  "no-console": 0,              // Leave as 0. We use console logging in content code.
+  #  "no-empty": 0,                // TODO: Remove (use default)
+  #  "no-extra-bind": 0,           // Leave as 0
+  #  "no-extra-boolean-cast": 0,   // TODO: Remove (use default)
+  #  "no-multi-spaces": 0,         // TBD.
+  #  "no-new": 0,                  // TODO: Remove (use default)
+  #  "no-redeclare": 0,            // TODO: Remove (use default)
+  #  "no-return-assign": 0,        // TODO: Remove (use default)
+  #  "no-underscore-dangle": 0,    // Leave as 0. Commonly used for private variables.
+  #  "no-unneeded-ternary": 2,
+  #  "no-unused-expressions": 0,   // TODO: Remove (use default)
+  #  "no-unused-vars": 0,          // TODO: Remove (use default)
+  #  "no-use-before-define": 0,    // TODO: Remove (use default)
+  #  "quotes": [2, "double", "avoid-escape"],
+  #  "strict": 0,                  // [2, "function"],
+  #}
diff --git a/mobile/android/base/AndroidManifest.xml.in b/mobile/android/base/AndroidManifest.xml.in
index dda1c0a475e..1b97e63f36b 100644
--- a/mobile/android/base/AndroidManifest.xml.in
+++ b/mobile/android/base/AndroidManifest.xml.in
@@ -206,10 +206,6 @@
                 <data android:scheme="https" />
             </intent-filter>
 
-            <intent-filter>
-                <action android:name="android.intent.action.SEARCH" />
-            </intent-filter>
-
             <!-- For XPI installs from websites and the download manager. -->
             <intent-filter>
                 <action android:name="android.intent.action.VIEW" />
@@ -238,9 +234,6 @@
             </intent-filter>
 #endif
 
-            <meta-data android:name="android.app.searchable"
-                       android:resource="@xml/searchable" />
-
             <!-- For debugging -->
             <intent-filter>
                 <action android:name="org.mozilla.gecko.DEBUG" />
diff --git a/mobile/android/base/BrowserApp.java b/mobile/android/base/BrowserApp.java
index e6e387ec468..663d6d5318b 100644
--- a/mobile/android/base/BrowserApp.java
+++ b/mobile/android/base/BrowserApp.java
@@ -477,6 +477,8 @@ public class BrowserApp extends GeckoApp
                 }
 
                 mHideDynamicToolbarOnActionModeEnd = false;
+
+                mProgressView.setPrivateMode(tab.isPrivate());
                 break;
             case START:
                 if (Tabs.getInstance().isSelectedTab(tab)) {
@@ -1083,6 +1085,12 @@ public class BrowserApp extends GeckoApp
                 }
             });
         }
+
+        // Sending a message to the toolbar when the browser window gains focus
+        // This is needed for qr code input
+        if (hasFocus) {
+            mBrowserToolbar.onParentFocus();
+        }
     }
 
     private void setBrowserToolbarListeners() {
diff --git a/mobile/android/base/PrivateTab.java b/mobile/android/base/PrivateTab.java
index 0129ef9c995..3392588e08c 100644
--- a/mobile/android/base/PrivateTab.java
+++ b/mobile/android/base/PrivateTab.java
@@ -15,7 +15,7 @@ public class PrivateTab extends Tab {
 
         // Init background to private_toolbar_grey to ensure flicker-free
         // private tab creation. Page loads will reset it to white as expected.
-        final int bgColor = context.getResources().getColor(R.color.private_toolbar_grey);
+        final int bgColor = context.getResources().getColor(R.color.tabs_tray_grey_pressed);
         setBackgroundColor(bgColor);
     }
 
diff --git a/mobile/android/base/background/preferences/PreferenceFragment.java b/mobile/android/base/background/preferences/PreferenceFragment.java
index 1036d2abcfc..5bc5422c807 100644
--- a/mobile/android/base/background/preferences/PreferenceFragment.java
+++ b/mobile/android/base/background/preferences/PreferenceFragment.java
@@ -17,6 +17,7 @@
 package org.mozilla.gecko.background.preferences;
 
 import org.mozilla.gecko.R;
+import org.mozilla.gecko.util.WeakReferenceHandler;
 
 import android.content.Intent;
 import android.os.Bundle;
@@ -49,21 +50,28 @@ public abstract class PreferenceFragment extends Fragment implements PreferenceM
 
   private static final int MSG_BIND_PREFERENCES = 1;
 
-  // This triggers "This Handler class should be static or leaks might occur".
-  // The issue is that the Handler references the Fragment; messages targeting
-  // the Handler reference it; and if such messages are long lived, the Fragment
-  // cannot be GCed. This is not an issue for us; our messages are short-lived.
-  private final Handler mHandler = new Handler() {
+  private static class PreferenceFragmentHandler extends WeakReferenceHandler<PreferenceFragment> {
+    public PreferenceFragmentHandler(final PreferenceFragment that) {
+      super(that);
+    }
+
     @Override
     public void handleMessage(Message msg) {
+      final PreferenceFragment that = mTarget.get();
+      if (that == null) {
+        return;
+      }
+
       switch (msg.what) {
 
       case MSG_BIND_PREFERENCES:
-        bindPreferences();
+        that.bindPreferences();
         break;
       }
     }
-  };
+  }
+
+  private final Handler mHandler = new PreferenceFragmentHandler(this);
 
   final private Runnable mRequestFocus = new Runnable() {
     @Override
diff --git a/mobile/android/base/gfx/LayerRenderer.java b/mobile/android/base/gfx/LayerRenderer.java
index 5cd935b0222..0c1405b512c 100644
--- a/mobile/android/base/gfx/LayerRenderer.java
+++ b/mobile/android/base/gfx/LayerRenderer.java
@@ -687,7 +687,7 @@ public class LayerRenderer implements Tabs.OnTabsChangedListener {
         if (msg == Tabs.TabEvents.SELECTED) {
             if (mView != null) {
                 final int overscrollColor =
-                        (tab.isPrivate() ? R.color.private_toolbar_grey : R.color.toolbar_grey);
+                        (tab.isPrivate() ? R.color.tabs_tray_grey_pressed : R.color.toolbar_grey);
                 setOverscrollColor(overscrollColor);
 
                 if (mView.getChildAt(0) != null) {
diff --git a/mobile/android/base/home/TopSitesGridView.java b/mobile/android/base/home/TopSitesGridView.java
index 209924b1670..58a05b19866 100644
--- a/mobile/android/base/home/TopSitesGridView.java
+++ b/mobile/android/base/home/TopSitesGridView.java
@@ -46,6 +46,9 @@ public class TopSitesGridView extends GridView {
     // Measured height of this view.
     private int mMeasuredHeight;
 
+    // A dummy View used to measure the required size of the child Views.
+    private final TopSitesGridItemView dummyChildView;
+
     // Context menu info.
     private TopSitesGridContextMenuInfo mContextMenuInfo;
 
@@ -72,6 +75,15 @@ public class TopSitesGridView extends GridView {
         mHorizontalSpacing = a.getDimensionPixelOffset(R.styleable.TopSitesGridView_android_horizontalSpacing, 0x00);
         mVerticalSpacing = a.getDimensionPixelOffset(R.styleable.TopSitesGridView_android_verticalSpacing, 0x00);
         a.recycle();
+
+        dummyChildView = new TopSitesGridItemView(context);
+        // Set a default LayoutParams on the child, if it doesn't have one on its own.
+        AbsListView.LayoutParams params = (AbsListView.LayoutParams) dummyChildView.getLayoutParams();
+        if (params == null) {
+            params = new AbsListView.LayoutParams(AbsListView.LayoutParams.WRAP_CONTENT,
+                    AbsListView.LayoutParams.WRAP_CONTENT);
+            dummyChildView.setLayoutParams(params);
+        }
     }
 
     @Override
@@ -110,27 +122,16 @@ public class TopSitesGridView extends GridView {
 
         final int columnWidth = getColumnWidth();
 
-        // Get the first child from the adapter.
-        final TopSitesGridItemView child = new TopSitesGridItemView(getContext());
-
-        // Set a default LayoutParams on the child, if it doesn't have one on its own.
-        AbsListView.LayoutParams params = (AbsListView.LayoutParams) child.getLayoutParams();
-        if (params == null) {
-            params = new AbsListView.LayoutParams(AbsListView.LayoutParams.WRAP_CONTENT,
-                                                  AbsListView.LayoutParams.WRAP_CONTENT);
-            child.setLayoutParams(params);
-        }
-
         // Measure the exact width of the child, and the height based on the width.
         // Note: the child (and TopSitesThumbnailView) takes care of calculating its height.
         int childWidthSpec = MeasureSpec.makeMeasureSpec(columnWidth, MeasureSpec.EXACTLY);
         int childHeightSpec = MeasureSpec.makeMeasureSpec(0,  MeasureSpec.UNSPECIFIED);
-        child.measure(childWidthSpec, childHeightSpec);
-        final int childHeight = child.getMeasuredHeight();
+        dummyChildView.measure(childWidthSpec, childHeightSpec);
+        final int childHeight = dummyChildView.getMeasuredHeight();
 
         // This is the maximum width of the contents of each child in the grid.
         // Use this as the target width for thumbnails.
-        final int thumbnailWidth = child.getMeasuredWidth() - child.getPaddingLeft() - child.getPaddingRight();
+        final int thumbnailWidth = dummyChildView.getMeasuredWidth() - dummyChildView.getPaddingLeft() - dummyChildView.getPaddingRight();
         ThumbnailHelper.getInstance().setThumbnailWidth(thumbnailWidth);
 
         // Number of rows required to show these top sites.
diff --git a/mobile/android/base/home/TopSitesThumbnailView.java b/mobile/android/base/home/TopSitesThumbnailView.java
index faa2d043d65..fed2698445c 100644
--- a/mobile/android/base/home/TopSitesThumbnailView.java
+++ b/mobile/android/base/home/TopSitesThumbnailView.java
@@ -30,6 +30,13 @@ public class TopSitesThumbnailView extends ImageView {
     // 27.34% opacity filter for the dominant color.
     private static final int COLOR_FILTER = 0x46FFFFFF;
 
+    // Cache variables used in onMeasure.
+    //
+    // Note: we have two matrices because we can't change it in place - see ImageView.getImageMatrix docs.
+    private final RectF mLayoutRect = new RectF();
+    private Matrix mLayoutCurrentMatrix = new Matrix();
+    private Matrix mLayoutNextMatrix = new Matrix();
+
     // Default filter color for "Add a bookmark" views.
     private final int mDefaultColor = getResources().getColor(R.color.top_site_default);
 
@@ -68,6 +75,34 @@ public class TopSitesThumbnailView extends ImageView {
     public void setImageBitmap(Bitmap bm, boolean resize) {
         super.setImageBitmap(bm);
         mResize = resize;
+        clearLayoutVars();
+
+        updateImageMatrix();
+    }
+
+    private void clearLayoutVars() {
+        mLayoutRect.setEmpty();
+    }
+
+    private void updateImageMatrix() {
+        if (!HardwareUtils.isTablet() || !mResize) {
+            return;
+        }
+
+        // No work to be done here - assumes the rect gets reset when a new bitmap is set.
+        if (mLayoutRect.right == mWidth && mLayoutRect.bottom == mHeight) {
+            return;
+        }
+
+        setScaleType(ScaleType.MATRIX);
+
+        mLayoutRect.set(0, 0, mWidth, mHeight);
+        mLayoutNextMatrix.setRectToRect(mLayoutRect, mLayoutRect, Matrix.ScaleToFit.CENTER);
+        setImageMatrix(mLayoutNextMatrix);
+
+        final Matrix swapReferenceMatrix = mLayoutCurrentMatrix;
+        mLayoutCurrentMatrix = mLayoutNextMatrix;
+        mLayoutNextMatrix = swapReferenceMatrix;
     }
 
     @Override
@@ -82,18 +117,6 @@ public class TopSitesThumbnailView extends ImageView {
         mResize = false;
     }
 
-    @Override
-    protected void onLayout(boolean changed, int left, int top, int right, int bottom) {
-        super.onLayout(changed, left, top, right, bottom);
-        if (HardwareUtils.isTablet() && mResize) {
-            setScaleType(ScaleType.MATRIX);
-            RectF rect = new RectF(0, 0, mWidth, mHeight);
-            Matrix matrix = new Matrix();
-            matrix.setRectToRect(rect, rect, Matrix.ScaleToFit.CENTER);
-            setImageMatrix(matrix);
-        }
-    }
-
     /**
      * Measure the view to determine the measured width and height.
      * The height is constrained by the measured width.
@@ -110,6 +133,8 @@ public class TopSitesThumbnailView extends ImageView {
         mWidth = getMeasuredWidth();
         mHeight = (int) (mWidth * ThumbnailHelper.THUMBNAIL_ASPECT_RATIO);
         setMeasuredDimension(mWidth, mHeight);
+
+        updateImageMatrix();
     }
 
     /**
diff --git a/mobile/android/base/locales/en-US/android_strings.dtd b/mobile/android/base/locales/en-US/android_strings.dtd
index 171157c7f2d..d803c466028 100644
--- a/mobile/android/base/locales/en-US/android_strings.dtd
+++ b/mobile/android/base/locales/en-US/android_strings.dtd
@@ -81,6 +81,7 @@
 
 <!ENTITY settings "Settings">
 <!ENTITY settings_title "Settings">
+<!ENTITY pref_category_input_options "Input options">
 <!ENTITY pref_category_advanced "Advanced">
 <!ENTITY pref_category_customize "Customize">
 <!ENTITY pref_category_customize_summary "Home, search, tabs, import">
@@ -136,7 +137,7 @@
 <!ENTITY pref_category_display "Display">
 <!ENTITY pref_category_display_summary "Text, title bar, full-screen browsing">
 <!ENTITY pref_category_privacy_short "Privacy">
-<!ENTITY pref_category_privacy_summary "Control passwords, cookies, tracking, data">
+<!ENTITY pref_category_privacy_summary2 "Control logins, cookies, tracking, data">
 <!ENTITY pref_category_vendor "&vendorShortName;">
 <!ENTITY pref_category_vendor_summary "About &brandShortName;, FAQs, data choices">
 <!ENTITY pref_category_datareporting "Data choices">
@@ -155,7 +156,7 @@
 <!ENTITY pref_category_devtools "Developer tools">
 <!ENTITY pref_developer_remotedebugging "Remote debugging">
 <!ENTITY pref_category_logins "Logins">
-<!ENTITY pref_remember_signons "Remember passwords">
+<!ENTITY pref_remember_signons2 "Remember logins">
 <!ENTITY pref_open_external_urls_privately_title "Open links in Private browsing">
 <!ENTITY pref_open_external_urls_privately_summary "For all external links opened in &brandShortName;">
 <!ENTITY pref_manage_logins "Manage logins">
@@ -250,10 +251,14 @@ size. -->
 <!ENTITY pref_media_autoplay_enabled_summary "Control if websites can autoplay videos and other media content">
 <!ENTITY pref_zoom_force_enabled "Always enable zoom">
 <!ENTITY pref_zoom_force_enabled_summary "Force override so you can zoom any page">
+<!ENTITY pref_voice_input "Voice input">
+<!ENTITY pref_voice_input_summary "Allow voice dictation in the title bar">
+<!ENTITY pref_qrcode_enabled "QR code reader">
+<!ENTITY pref_qrcode_enabled_summary "Allow QR scanner in the title bar">
 
 <!ENTITY pref_use_master_password "Use master password">
 <!ENTITY pref_sync "Sync">
-<!ENTITY pref_sync_summary "Sync your tabs, bookmarks, passwords, history">
+<!ENTITY pref_sync_summary2 "Sync your tabs, bookmarks, logins, history">
 <!ENTITY pref_search_suggestions "Show search suggestions">
 <!ENTITY pref_import_android "Import from Android">
 <!ENTITY pref_import_android_summary "Import bookmarks and history from the native browser">
@@ -261,7 +266,7 @@ size. -->
 <!ENTITY pref_private_data_searchHistory "Search history">
 <!ENTITY pref_private_data_formdata2 "Form history">
 <!ENTITY pref_private_data_cookies2 "Cookies &amp; active logins">
-<!ENTITY pref_private_data_passwords "Saved passwords">
+<!ENTITY pref_private_data_passwords2 "Saved logins">
 <!ENTITY pref_private_data_cache "Cache">
 <!ENTITY pref_private_data_offlineApps "Offline website data">
 <!ENTITY pref_private_data_siteSettings2 "Site settings">
@@ -610,7 +615,7 @@ just addresses the organization to follow, e.g. "This site is run by " -->
 <!ENTITY guest_session_dialog_continue "Continue">
 <!ENTITY guest_session_dialog_cancel "Cancel">
 <!ENTITY new_guest_session_title "&brandShortName; will now restart">
-<!ENTITY new_guest_session_text "The person using it will not be able to see any of your personal browsing data (like saved passwords, history or bookmarks).\n\nWhen your guest is done, their browsing data will be deleted and your session will be restored.">
+<!ENTITY new_guest_session_text2 "The person using it will not be able to see any of your personal browsing data (like saved logins, history or bookmarks).\n\nWhen your guest is done, their browsing data will be deleted and your session will be restored.">
 <!ENTITY guest_browsing_notification_title "Guest browsing is enabled">
 <!ENTITY guest_browsing_notification_text "Tap to exit">
 
diff --git a/mobile/android/base/locales/en-US/sync_strings.dtd b/mobile/android/base/locales/en-US/sync_strings.dtd
index 584226f61e1..98c1750b981 100644
--- a/mobile/android/base/locales/en-US/sync_strings.dtd
+++ b/mobile/android/base/locales/en-US/sync_strings.dtd
@@ -62,7 +62,7 @@
 <!ENTITY sync.configure.engines.title.label 'What to sync'>
 <!ENTITY sync.configure.engines.sync.my.title.label 'Sync your…'>
 <!ENTITY sync.configure.engines.title.bookmarks 'Bookmarks'>
-<!ENTITY sync.configure.engines.title.passwords 'Passwords'>
+<!ENTITY sync.configure.engines.title.passwords2 'Logins'>
 <!ENTITY sync.configure.engines.title.history 'History'>
 <!ENTITY sync.configure.engines.title.tabs 'Tabs'>
 
@@ -141,7 +141,7 @@
 <!ENTITY fxaccount_policy_linkprivacy 'Privacy Notice'>
 
 <!ENTITY fxaccount_getting_started_welcome_to_sync 'Welcome to &syncBrand.shortName.label;'>
-<!ENTITY fxaccount_getting_started_description 'Sign in to sync your tabs, bookmarks, passwords &amp; more.'>
+<!ENTITY fxaccount_getting_started_description2 'Sign in to sync your tabs, bookmarks, logins &amp; more.'>
 <!ENTITY fxaccount_getting_started_get_started 'Get started'>
 <!ENTITY fxaccount_getting_started_old_firefox 'Using an older version of &syncBrand.shortName.label;?'>
 
@@ -212,7 +212,7 @@
 <!ENTITY fxaccount_status_needs_finish_migrating 'Tap to sign in to your new Firefox Account.'>
 <!ENTITY fxaccount_status_bookmarks 'Bookmarks'>
 <!ENTITY fxaccount_status_history 'History'>
-<!ENTITY fxaccount_status_passwords 'Passwords'>
+<!ENTITY fxaccount_status_passwords2 'Logins'>
 <!ENTITY fxaccount_status_tabs 'Open tabs'>
 <!ENTITY fxaccount_status_legal 'Legal' >
 <!-- Localization note: when tapped, the following two strings link to
diff --git a/mobile/android/base/moz.build b/mobile/android/base/moz.build
index 6c267a5fda3..60a2cdc7c4e 100644
--- a/mobile/android/base/moz.build
+++ b/mobile/android/base/moz.build
@@ -86,6 +86,7 @@ gujar.sources += [
     'util/HardwareUtils.java',
     'util/INIParser.java',
     'util/INISection.java',
+    'util/InputOptionsUtils.java',
     'util/IOUtils.java',
     'util/JSONUtils.java',
     'util/MenuUtils.java',
@@ -99,6 +100,7 @@ gujar.sources += [
     'util/StringUtils.java',
     'util/ThreadUtils.java',
     'util/UIAsyncTask.java',
+    'util/WeakReferenceHandler.java',
     'util/WebActivityMapper.java',
     'util/WindowUtils.java',
 ]
diff --git a/mobile/android/base/preferences/GeckoPreferences.java b/mobile/android/base/preferences/GeckoPreferences.java
index d8ac3578449..3f8c3274eab 100644
--- a/mobile/android/base/preferences/GeckoPreferences.java
+++ b/mobile/android/base/preferences/GeckoPreferences.java
@@ -26,7 +26,6 @@ import org.mozilla.gecko.GeckoApplication;
 import org.mozilla.gecko.GeckoEvent;
 import org.mozilla.gecko.GeckoProfile;
 import org.mozilla.gecko.GeckoSharedPrefs;
-import org.mozilla.gecko.GuestSession;
 import org.mozilla.gecko.LocaleManager;
 import org.mozilla.gecko.Locales;
 import org.mozilla.gecko.PrefsHelper;
@@ -43,10 +42,10 @@ import org.mozilla.gecko.updater.UpdateServiceHelper;
 import org.mozilla.gecko.util.GeckoEventListener;
 import org.mozilla.gecko.util.HardwareUtils;
 import org.mozilla.gecko.util.ThreadUtils;
+import org.mozilla.gecko.util.InputOptionsUtils;
 import org.mozilla.gecko.widget.FloatingHintEditText;
 
 import android.app.ActionBar;
-import android.app.Activity;
 import android.app.AlertDialog;
 import android.app.Dialog;
 import android.app.Fragment;
@@ -128,6 +127,8 @@ OnSharedPreferenceChangeListener
     private static final String PREFS_TRACKING_PROTECTION = "privacy.trackingprotection.enabled";
     private static final String PREFS_TRACKING_PROTECTION_LEARN_MORE = NON_PREF_PREFIX + "trackingprotection.learn_more";
     public static final String PREFS_OPEN_URLS_IN_PRIVATE = NON_PREF_PREFIX + "openExternalURLsPrivately";
+    public static final String PREFS_VOICE_INPUT_ENABLED = NON_PREF_PREFIX + "voice_input_enabled";
+    public static final String PREFS_QRCODE_ENABLED = NON_PREF_PREFIX + "qrcode_enabled";
 
     private static final String ACTION_STUMBLER_UPLOAD_PREF = AppConstants.ANDROID_PACKAGE_NAME + ".STUMBLER_PREF";
 
@@ -685,6 +686,14 @@ OnSharedPreferenceChangeListener
                     // Only change the customize pref screen summary on nightly builds with the tab queue build flag.
                     pref.setSummary(getString(R.string.pref_category_customize_alt_summary));
                 }
+                if (getResources().getString(R.string.pref_category_input_options).equals(key)) {
+                    if (!AppConstants.NIGHTLY_BUILD || (!InputOptionsUtils.supportsVoiceRecognizer(getApplicationContext(), getResources().getString(R.string.voicesearch_prompt)) &&
+                            !InputOptionsUtils.supportsQrCodeReader(getApplicationContext()))) {
+                        preferences.removePreference(pref);
+                        i--;
+                        continue;
+                    }
+                }
                 setupPreferences((PreferenceGroup) pref, prefs);
             } else {
                 pref.setOnPreferenceChangeListener(this);
@@ -787,6 +796,18 @@ OnSharedPreferenceChangeListener
                     preferences.removePreference(pref);
                     i--;
                     continue;
+                } else if (PREFS_VOICE_INPUT_ENABLED.equals(key) &&
+                           (!AppConstants.NIGHTLY_BUILD || !InputOptionsUtils.supportsVoiceRecognizer(getApplicationContext(), getResources().getString(R.string.voicesearch_prompt)))) {
+                    // Remove UI for voice input on non nightly builds.
+                    preferences.removePreference(pref);
+                    i--;
+                    continue;
+                } else if (PREFS_QRCODE_ENABLED.equals(key) &&
+                         (!AppConstants.NIGHTLY_BUILD || !InputOptionsUtils.supportsQrCodeReader(getApplicationContext()))) {
+                    // Remove UI for qr code input on non nightly builds
+                    preferences.removePreference(pref);
+                    i--;
+                    continue;
                 }
 
                 // Some Preference UI elements are not actually preferences,
diff --git a/mobile/android/base/resources/color-large-v11/new_tablet_tab_strip_item_bg.xml b/mobile/android/base/resources/color-large-v11/new_tablet_tab_strip_item_bg.xml
index 4ecf92efc3b..eda4552c6b1 100644
--- a/mobile/android/base/resources/color-large-v11/new_tablet_tab_strip_item_bg.xml
+++ b/mobile/android/base/resources/color-large-v11/new_tablet_tab_strip_item_bg.xml
@@ -13,7 +13,7 @@
 
     <item android:state_checked="true"
           gecko:state_private="true"
-          android:color="@color/private_toolbar_grey" />
+          android:color="@color/tabs_tray_grey_pressed" />
 
     <item android:state_pressed="true"
           gecko:state_private="true"
diff --git a/mobile/android/base/resources/drawable-hdpi/ab_qrcode.png b/mobile/android/base/resources/drawable-hdpi/ab_qrcode.png
new file mode 100644
index 00000000000..727201a2c79
Binary files /dev/null and b/mobile/android/base/resources/drawable-hdpi/ab_qrcode.png differ
diff --git a/mobile/android/base/resources/drawable-hdpi/url_bar_entry_default_pb.9.png b/mobile/android/base/resources/drawable-hdpi/url_bar_entry_default_pb.9.png
index 001f03779a1..0bd6115fcf9 100644
Binary files a/mobile/android/base/resources/drawable-hdpi/url_bar_entry_default_pb.9.png and b/mobile/android/base/resources/drawable-hdpi/url_bar_entry_default_pb.9.png differ
diff --git a/mobile/android/base/resources/drawable-hdpi/url_bar_entry_pressed_pb.9.png b/mobile/android/base/resources/drawable-hdpi/url_bar_entry_pressed_pb.9.png
index ffd2249dc0d..6b076e75eaf 100644
Binary files a/mobile/android/base/resources/drawable-hdpi/url_bar_entry_pressed_pb.9.png and b/mobile/android/base/resources/drawable-hdpi/url_bar_entry_pressed_pb.9.png differ
diff --git a/mobile/android/base/resources/drawable-large-v11/new_tablet_url_bar_nav_button.xml b/mobile/android/base/resources/drawable-large-v11/new_tablet_url_bar_nav_button.xml
index f9bd50bd74c..c71774713e1 100644
--- a/mobile/android/base/resources/drawable-large-v11/new_tablet_url_bar_nav_button.xml
+++ b/mobile/android/base/resources/drawable-large-v11/new_tablet_url_bar_nav_button.xml
@@ -28,7 +28,7 @@
 
     <!-- private browsing mode -->
     <item gecko:state_private="true"
-          android:drawable="@color/private_toolbar_grey"/>
+          android:drawable="@color/tabs_tray_grey_pressed"/>
 
     <!-- normal mode -->
     <item android:drawable="@color/toolbar_grey"/>
diff --git a/mobile/android/base/resources/drawable-mdpi/ab_qrcode.png b/mobile/android/base/resources/drawable-mdpi/ab_qrcode.png
new file mode 100644
index 00000000000..30c0059a707
Binary files /dev/null and b/mobile/android/base/resources/drawable-mdpi/ab_qrcode.png differ
diff --git a/mobile/android/base/resources/drawable-mdpi/url_bar_entry_default_pb.9.png b/mobile/android/base/resources/drawable-mdpi/url_bar_entry_default_pb.9.png
index 9b1f2011266..9bcb08e9d2a 100644
Binary files a/mobile/android/base/resources/drawable-mdpi/url_bar_entry_default_pb.9.png and b/mobile/android/base/resources/drawable-mdpi/url_bar_entry_default_pb.9.png differ
diff --git a/mobile/android/base/resources/drawable-mdpi/url_bar_entry_pressed_pb.9.png b/mobile/android/base/resources/drawable-mdpi/url_bar_entry_pressed_pb.9.png
index 342d6afc7d6..a112cee1888 100644
Binary files a/mobile/android/base/resources/drawable-mdpi/url_bar_entry_pressed_pb.9.png and b/mobile/android/base/resources/drawable-mdpi/url_bar_entry_pressed_pb.9.png differ
diff --git a/mobile/android/base/resources/drawable-xhdpi/ab_qrcode.png b/mobile/android/base/resources/drawable-xhdpi/ab_qrcode.png
new file mode 100644
index 00000000000..d0d4c3a0cab
Binary files /dev/null and b/mobile/android/base/resources/drawable-xhdpi/ab_qrcode.png differ
diff --git a/mobile/android/base/resources/drawable-xhdpi/url_bar_entry_default_pb.9.png b/mobile/android/base/resources/drawable-xhdpi/url_bar_entry_default_pb.9.png
index 96cf1b331e3..5ee5fb5ba66 100644
Binary files a/mobile/android/base/resources/drawable-xhdpi/url_bar_entry_default_pb.9.png and b/mobile/android/base/resources/drawable-xhdpi/url_bar_entry_default_pb.9.png differ
diff --git a/mobile/android/base/resources/drawable-xhdpi/url_bar_entry_pressed_pb.9.png b/mobile/android/base/resources/drawable-xhdpi/url_bar_entry_pressed_pb.9.png
index 344d08e123d..b6ca36532cd 100644
Binary files a/mobile/android/base/resources/drawable-xhdpi/url_bar_entry_pressed_pb.9.png and b/mobile/android/base/resources/drawable-xhdpi/url_bar_entry_pressed_pb.9.png differ
diff --git a/mobile/android/base/resources/drawable-xxhdpi/ab_qrcode.png b/mobile/android/base/resources/drawable-xxhdpi/ab_qrcode.png
new file mode 100644
index 00000000000..8ad7859749f
Binary files /dev/null and b/mobile/android/base/resources/drawable-xxhdpi/ab_qrcode.png differ
diff --git a/mobile/android/base/resources/drawable-xxhdpi/url_bar_entry_default_pb.9.png b/mobile/android/base/resources/drawable-xxhdpi/url_bar_entry_default_pb.9.png
index 19270ef429f..b5b5a8d3281 100644
Binary files a/mobile/android/base/resources/drawable-xxhdpi/url_bar_entry_default_pb.9.png and b/mobile/android/base/resources/drawable-xxhdpi/url_bar_entry_default_pb.9.png differ
diff --git a/mobile/android/base/resources/drawable-xxhdpi/url_bar_entry_pressed_pb.9.png b/mobile/android/base/resources/drawable-xxhdpi/url_bar_entry_pressed_pb.9.png
index ab5d4e6671b..1253672ee32 100644
Binary files a/mobile/android/base/resources/drawable-xxhdpi/url_bar_entry_pressed_pb.9.png and b/mobile/android/base/resources/drawable-xxhdpi/url_bar_entry_pressed_pb.9.png differ
diff --git a/mobile/android/base/resources/drawable/url_bar_bg.xml b/mobile/android/base/resources/drawable/url_bar_bg.xml
index 7b1732b3031..52954c1cec0 100644
--- a/mobile/android/base/resources/drawable/url_bar_bg.xml
+++ b/mobile/android/base/resources/drawable/url_bar_bg.xml
@@ -7,7 +7,7 @@
           xmlns:gecko="http://schemas.android.com/apk/res-auto">
 
     <!-- private browsing mode -->
-    <item gecko:state_private="true" android:drawable="@color/private_toolbar_grey"/>
+    <item gecko:state_private="true" android:drawable="@color/tabs_tray_grey_pressed"/>
 
     <!-- normal mode -->
     <item android:drawable="@color/toolbar_grey"/>
diff --git a/mobile/android/base/resources/layout/overlay_share_dialog.xml b/mobile/android/base/resources/layout/overlay_share_dialog.xml
index 5fe7ecc7f0a..78195be7460 100644
--- a/mobile/android/base/resources/layout/overlay_share_dialog.xml
+++ b/mobile/android/base/resources/layout/overlay_share_dialog.xml
@@ -5,16 +5,12 @@
    - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
 
 <!-- Serves to position the content on the screen (bottom, centered) and provide the drop-shadow -->
-<FrameLayout
-    xmlns:android="http://schemas.android.com/apk/res/android"
-    xmlns:gecko="http://schemas.android.com/apk/res-auto"
-    android:id="@+id/sharedialog"
-    android:layout_width="match_parent"
-    android:layout_height="match_parent"
-    android:clipChildren="false"
-    android:clipToPadding="false">
 
+<merge
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:gecko="http://schemas.android.com/apk/res-auto">
     <LinearLayout
+        android:id="@+id/sharedialog"
         android:layout_width="300dp"
         android:layout_height="wrap_content"
         android:layout_gravity="bottom|center"
@@ -79,5 +75,4 @@
             gecko:disabledText="@string/overlay_share_bookmark_btn_label_already"/>
 
     </LinearLayout>
-
-</FrameLayout>
+</merge>
diff --git a/mobile/android/base/resources/layout/tab_queue_prompt.xml b/mobile/android/base/resources/layout/tab_queue_prompt.xml
index d31e274046f..f2a973fb2d2 100644
--- a/mobile/android/base/resources/layout/tab_queue_prompt.xml
+++ b/mobile/android/base/resources/layout/tab_queue_prompt.xml
@@ -4,19 +4,17 @@
    - License, v. 2.0. If a copy of the MPL was not distributed with this
    - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
 
-<!-- (lint: UselessParent) The second-outermost layout doesn't have a parent to position itself
-     against and would take up the whole screen without the outermost layout. -->
-<FrameLayout
+<merge
     xmlns:android="http://schemas.android.com/apk/res/android"
     xmlns:tools="http://schemas.android.com/tools"
     android:id="@+id/tab_queue_container"
     android:layout_width="match_parent"
     android:layout_height="match_parent"
     android:clipChildren="false"
-    android:clipToPadding="false"
-    tools:ignore="UselessParent">
+    android:clipToPadding="false">
 
     <LinearLayout
+        android:id="@+id/tab_queue_container"
         android:layout_width="@dimen/tab_queue_container_width"
         android:layout_height="wrap_content"
         android:layout_gravity="bottom|center"
@@ -119,5 +117,4 @@
         </FrameLayout>
 
     </LinearLayout>
-
-</FrameLayout>
\ No newline at end of file
+</merge>
diff --git a/mobile/android/base/resources/layout/toolbar_edit_layout.xml b/mobile/android/base/resources/layout/toolbar_edit_layout.xml
index 712a26817be..707a083a6b0 100644
--- a/mobile/android/base/resources/layout/toolbar_edit_layout.xml
+++ b/mobile/android/base/resources/layout/toolbar_edit_layout.xml
@@ -21,9 +21,20 @@
           android:imeOptions="actionGo|flagNoExtractUi|flagNoFullscreen"
           android:selectAllOnFocus="true"
           android:contentDescription="@string/url_bar_default_text"
-          android:drawableRight="@drawable/ab_mic"
           android:drawablePadding="12dp"
           android:paddingRight="8dp"
           gecko:autoUpdateTheme="false"/>
 
+    <ImageButton android:id="@+id/qrcode"
+                 android:layout_width="@dimen/page_action_button_width"
+                 android:layout_height="match_parent"
+                 android:src="@drawable/ab_qrcode"
+                 android:background="@android:color/transparent"/>
+
+    <ImageButton android:id="@+id/mic"
+                 android:layout_width="@dimen/page_action_button_width"
+                 android:layout_height="match_parent"
+                 android:src="@drawable/ab_mic"
+                 android:background="@android:color/transparent"/>
+
 </merge>
diff --git a/mobile/android/base/resources/values/colors.xml b/mobile/android/base/resources/values/colors.xml
index 77eb36fe0d3..e821655d56b 100644
--- a/mobile/android/base/resources/values/colors.xml
+++ b/mobile/android/base/resources/values/colors.xml
@@ -27,11 +27,14 @@
   <color name="toolbar_grey">#EBEBF0</color>
   <color name="about_page_header_grey">#F5F5F5</color>
 
+  <color name="url_bar_shadow_private">#7878A5</color>
+
   <!-- Non-palette colors -->
 
   <!-- Synced w/ toolbar_grey -->
   <color name="background_normal_lwt">#DDEBEBF0</color>
 
+  <color name="background_tabs">#FF363B40</color>
   <color name="highlight">#33000000</color>
   <color name="highlight_focused">#1A000000</color>
   <color name="highlight_dark">#33FFFFFF</color>
diff --git a/mobile/android/base/resources/xml/preferences_display.xml b/mobile/android/base/resources/xml/preferences_display.xml
index 475b012a3a3..c35a946659b 100644
--- a/mobile/android/base/resources/xml/preferences_display.xml
+++ b/mobile/android/base/resources/xml/preferences_display.xml
@@ -33,6 +33,21 @@
                         android:title="@string/pref_zoom_force_enabled"
                         android:summary="@string/pref_zoom_force_enabled_summary" />
 
+    <PreferenceCategory android:title="@string/pref_category_input_options"
+                        android:key="@string/pref_category_input_options">
+
+        <CheckBoxPreference android:key="android.not_a_preference.voice_input_enabled"
+                            android:title="@string/pref_voice_input"
+                            android:summary="@string/pref_voice_input_summary"
+                            android:defaultValue="true"/>
+
+        <CheckBoxPreference android:key="android.not_a_preference.qrcode_enabled"
+                            android:title="@string/pref_qrcode_enabled"
+                            android:summary="@string/pref_qrcode_enabled_summary"
+                            android:defaultValue="true"/>
+
+    </PreferenceCategory>
+
     <PreferenceCategory android:title="@string/pref_category_advanced">
 
         <CheckBoxPreference
diff --git a/mobile/android/base/strings.xml.in b/mobile/android/base/strings.xml.in
index 1865fb8f251..36de7c036a2 100644
--- a/mobile/android/base/strings.xml.in
+++ b/mobile/android/base/strings.xml.in
@@ -124,6 +124,7 @@
 
   <string name="settings">&settings;</string>
   <string name="settings_title">&settings_title;</string>
+  <string name="pref_category_input_options">&pref_category_input_options;</string>
   <string name="pref_category_advanced">&pref_category_advanced;</string>
   <string name="pref_category_customize">&pref_category_customize;</string>
   <string name="pref_category_customize_summary">&pref_category_customize_summary;</string>
@@ -134,7 +135,7 @@
   <string name="pref_category_display">&pref_category_display;</string>
   <string name="pref_category_display_summary">&pref_category_display_summary;</string>
   <string name="pref_category_privacy_short">&pref_category_privacy_short;</string>
-  <string name="pref_category_privacy_summary">&pref_category_privacy_summary;</string>
+  <string name="pref_category_privacy_summary">&pref_category_privacy_summary2;</string>
   <string name="pref_category_vendor">&pref_category_vendor;</string>
   <string name="pref_category_vendor_summary">&pref_category_vendor_summary;</string>
   <string name="pref_category_datareporting">&pref_category_datareporting;</string>
@@ -176,7 +177,7 @@
   <string name="pref_learn_more">&pref_learn_more;</string>
 
   <string name="pref_category_logins">&pref_category_logins;</string>
-  <string name="pref_remember_signons">&pref_remember_signons;</string>
+  <string name="pref_remember_signons">&pref_remember_signons2;</string>
 
   <string name="pref_open_external_urls_privately_title">&pref_open_external_urls_privately_title;</string>
   <string name="pref_open_external_urls_privately_summary">&pref_open_external_urls_privately_summary;</string>
@@ -218,18 +219,22 @@
   <string name="pref_media_autoplay_enabled_summary">&pref_media_autoplay_enabled_summary;</string>
   <string name="pref_zoom_force_enabled">&pref_zoom_force_enabled;</string>
   <string name="pref_zoom_force_enabled_summary">&pref_zoom_force_enabled_summary;</string>
+  <string name="pref_voice_input">&pref_voice_input;</string>
+  <string name="pref_voice_input_summary">&pref_voice_input_summary;</string>
+  <string name="pref_qrcode_enabled">&pref_qrcode_enabled;</string>
+  <string name="pref_qrcode_enabled_summary">&pref_qrcode_enabled_summary;</string>
   <string name="pref_reflow_on_zoom">&pref_reflow_on_zoom4;</string>
   <string name="pref_restore">&pref_restore;</string>
   <string name="pref_restore_always">&pref_restore_always;</string>
   <string name="pref_restore_quit">&pref_restore_quit;</string>
   <string name="pref_sync">&pref_sync;</string>
-  <string name="pref_sync_summary">&pref_sync_summary;</string>
+  <string name="pref_sync_summary">&pref_sync_summary2;</string>
   <string name="pref_search_suggestions">&pref_search_suggestions;</string>
   <string name="pref_private_data_history2">&pref_private_data_history2;</string>
   <string name="pref_private_data_searchHistory">&pref_private_data_searchHistory;</string>
   <string name="pref_private_data_formdata2">&pref_private_data_formdata2;</string>
   <string name="pref_private_data_cookies2">&pref_private_data_cookies2;</string>
-  <string name="pref_private_data_passwords">&pref_private_data_passwords;</string>
+  <string name="pref_private_data_passwords">&pref_private_data_passwords2;</string>
   <string name="pref_private_data_cache">&pref_private_data_cache;</string>
   <string name="pref_private_data_offlineApps">&pref_private_data_offlineApps;</string>
   <string name="pref_private_data_siteSettings">&pref_private_data_siteSettings2;</string>
@@ -513,7 +518,7 @@
   <string name="guest_session_dialog_continue">&guest_session_dialog_continue;</string>
   <string name="guest_session_dialog_cancel">&guest_session_dialog_cancel;</string>
   <string name="new_guest_session_title">&new_guest_session_title;</string>
-  <string name="new_guest_session_text">&new_guest_session_text;</string>
+  <string name="new_guest_session_text">&new_guest_session_text2;</string>
   <string name="guest_browsing_notification_title">&guest_browsing_notification_title;</string>
   <string name="guest_browsing_notification_text">&guest_browsing_notification_text;</string>
 
diff --git a/mobile/android/base/toolbar/BrowserToolbar.java b/mobile/android/base/toolbar/BrowserToolbar.java
index 8934a1485ad..70b8b5344a0 100644
--- a/mobile/android/base/toolbar/BrowserToolbar.java
+++ b/mobile/android/base/toolbar/BrowserToolbar.java
@@ -133,6 +133,8 @@ public abstract class BrowserToolbar extends ThemedRelativeLayout
     protected TabHistoryController tabHistoryController;
 
     private final Paint shadowPaint;
+    private final int shadowColor;
+    private final int shadowPrivateColor;
     private final int shadowSize;
 
     private final ToolbarPrefs prefs;
@@ -200,7 +202,9 @@ public abstract class BrowserToolbar extends ThemedRelativeLayout
         shadowSize = res.getDimensionPixelSize(R.dimen.browser_toolbar_shadow_size);
 
         shadowPaint = new Paint();
-        shadowPaint.setColor(res.getColor(R.color.url_bar_shadow));
+        shadowColor = res.getColor(R.color.url_bar_shadow);
+        shadowPrivateColor = res.getColor(R.color.url_bar_shadow_private);
+        shadowPaint.setColor(shadowColor);
         shadowPaint.setStrokeWidth(0.0f);
 
         setUIMode(UIMode.DISPLAY);
@@ -347,6 +351,10 @@ public abstract class BrowserToolbar extends ThemedRelativeLayout
         canvas.drawRect(0, height - shadowSize, getWidth(), height, shadowPaint);
     }
 
+    public void onParentFocus() {
+        urlEditLayout.onParentFocus();
+    }
+
     public void setProgressBar(ToolbarProgressView progressBar) {
         this.progressBar = progressBar;
     }
@@ -837,6 +845,8 @@ public abstract class BrowserToolbar extends ThemedRelativeLayout
         tabsButton.setPrivateMode(isPrivate);
         menuButton.setPrivateMode(isPrivate);
         urlEditLayout.setPrivateMode(isPrivate);
+
+        shadowPaint.setColor(isPrivate ? shadowPrivateColor : shadowColor);
     }
 
     public void show() {
@@ -903,7 +913,7 @@ public abstract class BrowserToolbar extends ThemedRelativeLayout
         }
 
         final StateListDrawable stateList = new StateListDrawable();
-        stateList.addState(PRIVATE_STATE_SET, getColorDrawable(R.color.private_toolbar_grey));
+        stateList.addState(PRIVATE_STATE_SET, getColorDrawable(R.color.tabs_tray_grey_pressed));
         stateList.addState(EMPTY_STATE_SET, drawable);
 
         setBackgroundDrawable(stateList);
diff --git a/mobile/android/base/toolbar/NavButton.java b/mobile/android/base/toolbar/NavButton.java
index b60cef20abe..5e300023dd7 100644
--- a/mobile/android/base/toolbar/NavButton.java
+++ b/mobile/android/base/toolbar/NavButton.java
@@ -72,7 +72,7 @@ abstract class NavButton extends ShapedButton {
         stateList.addState(PRESSED_ENABLED_STATE_SET, getColorDrawable(R.color.toolbar_grey_pressed));
         stateList.addState(PRIVATE_FOCUSED_STATE_SET, getColorDrawable(R.color.text_and_tabs_tray_grey));
         stateList.addState(FOCUSED_STATE_SET, getColorDrawable(R.color.new_tablet_highlight_focused));
-        stateList.addState(PRIVATE_STATE_SET, getColorDrawable(R.color.private_toolbar_grey));
+        stateList.addState(PRIVATE_STATE_SET, getColorDrawable(R.color.tabs_tray_grey_pressed));
         stateList.addState(EMPTY_STATE_SET, drawable);
 
         setBackgroundDrawable(stateList);
diff --git a/mobile/android/base/toolbar/ToolbarEditLayout.java b/mobile/android/base/toolbar/ToolbarEditLayout.java
index f2be1fb4303..16a0cf5652f 100644
--- a/mobile/android/base/toolbar/ToolbarEditLayout.java
+++ b/mobile/android/base/toolbar/ToolbarEditLayout.java
@@ -5,22 +5,38 @@
 
 package org.mozilla.gecko.toolbar;
 
+import android.app.Activity;
+import android.app.AlertDialog;
+import android.content.DialogInterface;
+import android.content.Intent;
+import android.speech.RecognizerIntent;
+import android.widget.Button;
+import android.widget.ImageButton;
+import org.mozilla.gecko.ActivityHandlerHelper;
+import org.mozilla.gecko.AppConstants;
+import org.mozilla.gecko.GeckoAppShell;
+import org.mozilla.gecko.GeckoSharedPrefs;
 import org.mozilla.gecko.R;
 import org.mozilla.gecko.animation.PropertyAnimator;
 import org.mozilla.gecko.animation.PropertyAnimator.PropertyAnimationListener;
+import org.mozilla.gecko.preferences.GeckoPreferences;
 import org.mozilla.gecko.toolbar.BrowserToolbar.OnCommitListener;
 import org.mozilla.gecko.toolbar.BrowserToolbar.OnDismissListener;
 import org.mozilla.gecko.toolbar.BrowserToolbar.OnFilterListener;
 import org.mozilla.gecko.toolbar.BrowserToolbar.TabEditingState;
+import org.mozilla.gecko.util.ActivityResultHandler;
+import org.mozilla.gecko.util.StringUtils;
+import org.mozilla.gecko.util.InputOptionsUtils;
 import org.mozilla.gecko.widget.ThemedLinearLayout;
 
 import android.content.Context;
 import android.util.AttributeSet;
-import android.view.KeyEvent;
 import android.view.LayoutInflater;
 import android.view.View;
 import android.view.inputmethod.InputMethodManager;
 
+import java.util.List;
+
 /**
 * {@code ToolbarEditLayout} is the UI for when the toolbar is in
 * edit state. It controls a text entry ({@code ToolbarEditText})
@@ -31,8 +47,13 @@ public class ToolbarEditLayout extends ThemedLinearLayout {
 
     private final ToolbarEditText mEditText;
 
+    private final ImageButton mVoiceInput;
+    private final ImageButton mQrCode;
+
     private OnFocusChangeListener mFocusChangeListener;
 
+    private boolean showKeyboardOnFocus = false; // Indicates if we need to show the keyboard after the app resumes
+
     public ToolbarEditLayout(Context context, AttributeSet attrs) {
         super(context, attrs);
 
@@ -40,6 +61,9 @@ public class ToolbarEditLayout extends ThemedLinearLayout {
 
         LayoutInflater.from(context).inflate(R.layout.toolbar_edit_layout, this);
         mEditText = (ToolbarEditText) findViewById(R.id.url_edit_text);
+
+        mVoiceInput = (ImageButton) findViewById(R.id.mic);
+        mQrCode = (ImageButton) findViewById(R.id.qrcode);
     }
 
     @Override
@@ -49,9 +73,38 @@ public class ToolbarEditLayout extends ThemedLinearLayout {
             public void onFocusChange(View v, boolean hasFocus) {
                 if (mFocusChangeListener != null) {
                     mFocusChangeListener.onFocusChange(ToolbarEditLayout.this, hasFocus);
+
+                    // Checking if voice and QR code input are enabled each time the user taps on the title bar
+                    if (hasFocus) {
+                        if (voiceIsEnabled(getContext(), getResources().getString(R.string.voicesearch_prompt))) {
+                            mVoiceInput.setVisibility(View.VISIBLE);
+                        } else {
+                            mVoiceInput.setVisibility(View.GONE);
+                        }
+
+                        if (qrCodeIsEnabled(getContext())) {
+                            mQrCode.setVisibility(View.VISIBLE);
+                        } else {
+                            mQrCode.setVisibility(View.GONE);
+                        }
+                    }
                 }
             }
         });
+
+        mVoiceInput.setOnClickListener(new Button.OnClickListener() {
+            @Override
+            public void onClick(View v) {
+                launchVoiceRecognizer();
+            }
+        });
+
+        mQrCode.setOnClickListener(new Button.OnClickListener() {
+            @Override
+            public void onClick(View v) {
+                launchQRCodeReader();
+            }
+        });
     }
 
     @Override
@@ -71,6 +124,30 @@ public class ToolbarEditLayout extends ThemedLinearLayout {
         mEditText.setPrivateMode(isPrivate);
     }
 
+    /**
+     * Called when the parent gains focus (on app launch and resume)
+     */
+    public void onParentFocus() {
+        if (showKeyboardOnFocus) {
+            showKeyboardOnFocus = false;
+
+            Activity activity = GeckoAppShell.getGeckoInterface().getActivity();
+            activity.runOnUiThread(new Runnable() {
+                public void run() {
+                    mEditText.requestFocus();
+                    showSoftInput();
+                }
+            });
+        }
+
+        // Checking if qr code is supported after resuming the app
+        if (qrCodeIsEnabled(getContext())) {
+            mQrCode.setVisibility(View.VISIBLE);
+        } else {
+            mQrCode.setVisibility(View.GONE);
+        }
+    }
+
     void setToolbarPrefs(final ToolbarPrefs prefs) {
         mEditText.setToolbarPrefs(prefs);
     }
@@ -139,4 +216,125 @@ public class ToolbarEditLayout extends ThemedLinearLayout {
         mEditText.setText(editingState.lastEditingText);
         mEditText.setSelection(editingState.selectionStart, editingState.selectionEnd);
     }
+
+    private boolean voiceIsEnabled(Context context, String prompt) {
+        // Voice input is enabled for nightly only
+        if(!AppConstants.NIGHTLY_BUILD) {
+            return false;
+        }
+        final boolean voiceIsSupported = InputOptionsUtils.supportsVoiceRecognizer(context, prompt);
+        if (!voiceIsSupported) {
+            return false;
+        }
+        return GeckoSharedPrefs.forApp(context)
+                .getBoolean(GeckoPreferences.PREFS_VOICE_INPUT_ENABLED, true);
+    }
+
+    private void launchVoiceRecognizer() {
+        final Intent intent = InputOptionsUtils.createVoiceRecognizerIntent(getResources().getString(R.string.voicesearch_prompt));
+
+        Activity activity = GeckoAppShell.getGeckoInterface().getActivity();
+        ActivityHandlerHelper.startIntentForActivity(activity, intent, new ActivityResultHandler() {
+            @Override
+            public void onActivityResult(int resultCode, Intent data) {
+                switch (resultCode) {
+                    case RecognizerIntent.RESULT_CLIENT_ERROR:
+                    case RecognizerIntent.RESULT_NETWORK_ERROR:
+                    case RecognizerIntent.RESULT_SERVER_ERROR:
+                        // We have an temporarily unrecoverable error.
+                        handleVoiceSearchError(false);
+                        break;
+                    case RecognizerIntent.RESULT_AUDIO_ERROR:
+                    case RecognizerIntent.RESULT_NO_MATCH:
+                        // Maybe the user can say it differently?
+                        handleVoiceSearchError(true);
+                        break;
+                    case Activity.RESULT_CANCELED:
+                        break;
+                }
+
+                if (resultCode != Activity.RESULT_OK) {
+                    return;
+                }
+
+                // We have RESULT_OK, not RESULT_NO_MATCH so it should be safe to assume that
+                // we have at least one match. We only need one: this will be
+                // used for showing the user search engines with this search term in it.
+                List<String> voiceStrings = data.getStringArrayListExtra(RecognizerIntent.EXTRA_RESULTS);
+                String text = voiceStrings.get(0);
+                mEditText.setText(text);
+                mEditText.setSelection(0, text.length());
+
+                final InputMethodManager imm =
+                        (InputMethodManager) getContext().getSystemService(Context.INPUT_METHOD_SERVICE);
+                imm.showSoftInput(mEditText, InputMethodManager.SHOW_IMPLICIT);
+            }
+        });
+    }
+
+    private void handleVoiceSearchError(boolean offerRetry) {
+        AlertDialog.Builder builder = new AlertDialog.Builder(getContext())
+                .setTitle(R.string.voicesearch_failed_title)
+                .setIcon(R.drawable.icon).setNeutralButton(android.R.string.cancel, new DialogInterface.OnClickListener() {
+                    @Override
+                    public void onClick(DialogInterface dialog, int which) {
+                        dialog.dismiss();
+                    }
+                });
+
+        if (offerRetry) {
+            builder.setMessage(R.string.voicesearch_failed_message_recoverable)
+                    .setNegativeButton(R.string.voicesearch_failed_retry, new DialogInterface.OnClickListener() {
+                        @Override
+                        public void onClick(DialogInterface dialog, int which) {
+                            launchVoiceRecognizer();
+                        }
+                    });
+        } else {
+            builder.setMessage(R.string.voicesearch_failed_message);
+        }
+
+        AlertDialog dialog = builder.create();
+
+        dialog.show();
+    }
+
+    private boolean qrCodeIsEnabled(Context context) {
+        // QR code is enabled for nightly only
+        if(!AppConstants.NIGHTLY_BUILD) {
+            return false;
+        }
+        final boolean qrCodeIsSupported = InputOptionsUtils.supportsQrCodeReader(context);
+        if (!qrCodeIsSupported) {
+            return false;
+        }
+        return GeckoSharedPrefs.forApp(context)
+                .getBoolean(GeckoPreferences.PREFS_QRCODE_ENABLED, true);
+    }
+
+    private void launchQRCodeReader() {
+        final Intent intent = InputOptionsUtils.createQRCodeReaderIntent();
+
+        Activity activity = GeckoAppShell.getGeckoInterface().getActivity();
+        ActivityHandlerHelper.startIntentForActivity(activity, intent, new ActivityResultHandler() {
+            @Override
+            public void onActivityResult(int resultCode, Intent intent) {
+                if (resultCode == Activity.RESULT_OK) {
+                    String text = intent.getStringExtra("SCAN_RESULT");
+                    if (!StringUtils.isSearchQuery(text, false)) {
+                        mEditText.setText(text);
+                        mEditText.selectAll();
+
+                        // Queuing up the keyboard show action.
+                        // At this point the app has not resumed yet, and trying to show
+                        // the keyboard will fail.
+                        showKeyboardOnFocus = true;
+                    }
+                }
+                // We can get the SCAN_RESULT_FORMAT, SCAN_RESULT_BYTES,
+                // SCAN_RESULT_ORIENTATION and SCAN_RESULT_ERROR_CORRECTION_LEVEL
+                // as well as the actual result, which may hold a URL.
+            }
+        });
+    }
 }
diff --git a/mobile/android/base/toolbar/ToolbarEditText.java b/mobile/android/base/toolbar/ToolbarEditText.java
index 364c3639da9..0138d0a845b 100644
--- a/mobile/android/base/toolbar/ToolbarEditText.java
+++ b/mobile/android/base/toolbar/ToolbarEditText.java
@@ -5,28 +5,17 @@
 
 package org.mozilla.gecko.toolbar;
 
-import org.mozilla.gecko.ActivityHandlerHelper;
-import org.mozilla.gecko.AppConstants;
 import org.mozilla.gecko.AppConstants.Versions;
 import org.mozilla.gecko.CustomEditText;
-import org.mozilla.gecko.GeckoAppShell;
 import org.mozilla.gecko.InputMethods;
-import org.mozilla.gecko.R;
 import org.mozilla.gecko.toolbar.BrowserToolbar.OnCommitListener;
 import org.mozilla.gecko.toolbar.BrowserToolbar.OnDismissListener;
 import org.mozilla.gecko.toolbar.BrowserToolbar.OnFilterListener;
-import org.mozilla.gecko.util.ActivityResultHandler;
 import org.mozilla.gecko.util.GamepadUtils;
 import org.mozilla.gecko.util.StringUtils;
 
-import android.app.Activity;
-import android.app.AlertDialog;
 import android.content.Context;
-import android.content.DialogInterface;
-import android.content.Intent;
 import android.graphics.Rect;
-import android.graphics.drawable.Drawable;
-import android.speech.RecognizerIntent;
 import android.text.Editable;
 import android.text.NoCopySpan;
 import android.text.Selection;
@@ -37,19 +26,15 @@ import android.text.style.BackgroundColorSpan;
 import android.util.AttributeSet;
 import android.util.Log;
 import android.view.KeyEvent;
-import android.view.MotionEvent;
 import android.view.View;
 import android.view.inputmethod.BaseInputConnection;
 import android.view.inputmethod.EditorInfo;
 import android.view.inputmethod.InputConnection;
 import android.view.inputmethod.InputConnectionWrapper;
 import android.view.inputmethod.InputMethodManager;
-import android.view.ViewParent;
 import android.view.accessibility.AccessibilityEvent;
 import android.widget.TextView;
 
-import java.util.List;
-
 /**
 * {@code ToolbarEditText} is the text entry used when the toolbar
 * is in edit state. It handles all the necessary input method machinery.
@@ -103,7 +88,6 @@ public class ToolbarEditText extends CustomEditText
         setOnKeyPreImeListener(new KeyPreImeListener());
         setOnSelectionChangedListener(new SelectionChangeListener());
         addTextChangedListener(new TextChangeListener());
-        configureCompoundDrawables();
     }
 
     @Override
@@ -470,102 +454,6 @@ public class ToolbarEditText extends CustomEditText
         };
     }
 
-    /**
-     * Detect if we are able to enable the 'buttons' made from compound drawables.
-     *
-     * Currently, only voice input.
-     */
-    private void configureCompoundDrawables() {
-        if (!AppConstants.NIGHTLY_BUILD || !supportsVoiceRecognizer()) {
-            // Remove the mic button if we can't support the voice recognizer.
-            setCompoundDrawablesWithIntrinsicBounds(null, null, null, null);
-            return;
-        }
-        setOnTouchListener(new VoiceSearchOnTouchListener());
-    }
-
-    private boolean supportsVoiceRecognizer() {
-        final Intent intent = createVoiceRecognizerIntent();
-        return intent.resolveActivity(getContext().getPackageManager()) != null;
-    }
-
-    private Intent createVoiceRecognizerIntent() {
-        final Intent intent = new Intent(RecognizerIntent.ACTION_RECOGNIZE_SPEECH);
-        intent.putExtra(RecognizerIntent.EXTRA_LANGUAGE_MODEL, RecognizerIntent.LANGUAGE_MODEL_WEB_SEARCH);
-        intent.putExtra(RecognizerIntent.EXTRA_MAX_RESULTS, 1);
-        intent.putExtra(RecognizerIntent.EXTRA_PROMPT, getResources().getString(R.string.voicesearch_prompt));
-        return intent;
-    }
-
-    private void launchVoiceRecognizer() {
-        final Intent intent = createVoiceRecognizerIntent();
-
-        Activity activity = GeckoAppShell.getGeckoInterface().getActivity();
-        ActivityHandlerHelper.startIntentForActivity(activity, intent, new ActivityResultHandler() {
-            @Override
-            public void onActivityResult(int resultCode, Intent data) {
-                switch (resultCode) {
-                    case RecognizerIntent.RESULT_CLIENT_ERROR:
-                    case RecognizerIntent.RESULT_NETWORK_ERROR:
-                    case RecognizerIntent.RESULT_SERVER_ERROR:
-                        // We have an temporarily unrecoverable error.
-                        handleVoiceSearchError(false);
-                        break;
-                    case RecognizerIntent.RESULT_AUDIO_ERROR:
-                    case RecognizerIntent.RESULT_NO_MATCH:
-                        // Maybe the user can say it differently?
-                        handleVoiceSearchError(true);
-                        break;
-                    case Activity.RESULT_CANCELED:
-                        break;
-                }
-
-                if (resultCode != Activity.RESULT_OK) {
-                    return;
-                }
-
-                // We have RESULT_OK, not RESULT_NO_MATCH so it should be safe to assume that
-                // we have at least one match. We only need one: this will be
-                // used for showing the user search engines with this search term in it.
-                List<String> voiceStrings = data.getStringArrayListExtra(RecognizerIntent.EXTRA_RESULTS);
-                String text = voiceStrings.get(0);
-                setText(text);
-                setSelection(0, text.length());
-
-                final InputMethodManager imm =
-                        (InputMethodManager) getContext().getSystemService(Context.INPUT_METHOD_SERVICE);
-                imm.showSoftInput(ToolbarEditText.this, InputMethodManager.SHOW_IMPLICIT);
-            }
-        });
-    }
-
-    private void handleVoiceSearchError(boolean offerRetry) {
-        AlertDialog.Builder builder = new AlertDialog.Builder(getContext())
-                .setTitle(R.string.voicesearch_failed_title)
-                .setIcon(R.drawable.icon).setNeutralButton(android.R.string.cancel, new DialogInterface.OnClickListener() {
-                    @Override
-                    public void onClick(DialogInterface dialog, int which) {
-                        dialog.dismiss();
-                    }
-                });
-
-        if (offerRetry) {
-            builder.setMessage(R.string.voicesearch_failed_message_recoverable)
-                   .setNegativeButton(R.string.voicesearch_failed_retry, new DialogInterface.OnClickListener() {
-                       @Override
-                       public void onClick(DialogInterface dialog, int which) {
-                           launchVoiceRecognizer();
-                       }
-                   });
-        } else {
-            builder.setMessage(R.string.voicesearch_failed_message);
-        }
-
-        AlertDialog dialog = builder.create();
-
-        dialog.show();
-    }
-
     private class SelectionChangeListener implements OnSelectionChangedListener {
         @Override
         public void onSelectionChanged(final int selStart, final int selEnd) {
@@ -709,40 +597,4 @@ public class ToolbarEditText extends CustomEditText
             return false;
         }
     }
-
-    private class VoiceSearchOnTouchListener implements View.OnTouchListener {
-        private int mVoiceSearchIconIndex = -1;
-        private Drawable mVoiceSearchIcon;
-
-        public VoiceSearchOnTouchListener() {
-            Drawable[] drawables = getCompoundDrawables();
-            for (int i = 0; i < drawables.length; i++) {
-                if (drawables[i] != null) {
-                    mVoiceSearchIcon = drawables[i];
-                    mVoiceSearchIconIndex = i;
-                }
-            }
-        }
-
-        @Override
-        public boolean onTouch(View v, MotionEvent event) {
-            boolean tapped;
-            final int action = event.getActionMasked();
-
-            switch (mVoiceSearchIconIndex) {
-                case 0:
-                    tapped = event.getX() < (getPaddingLeft() + mVoiceSearchIcon.getIntrinsicWidth());
-                    break;
-                case 2:
-                    tapped = event.getX() > (getWidth() - getPaddingRight() - mVoiceSearchIcon.getIntrinsicWidth());
-                    break;
-                default:
-                    tapped = false;
-            }
-            if (tapped && (action == MotionEvent.ACTION_DOWN)) {
-                launchVoiceRecognizer();
-            }
-            return tapped;
-        }
-    }
 }
diff --git a/mobile/android/base/toolbar/ToolbarProgressView.java b/mobile/android/base/toolbar/ToolbarProgressView.java
index 4e4c3a837ad..1003ce9aa13 100644
--- a/mobile/android/base/toolbar/ToolbarProgressView.java
+++ b/mobile/android/base/toolbar/ToolbarProgressView.java
@@ -17,9 +17,14 @@
 package org.mozilla.gecko.toolbar;
 
 import org.mozilla.gecko.AppConstants.Versions;
+import org.mozilla.gecko.R;
+import org.mozilla.gecko.widget.ThemedImageView;
+import org.mozilla.gecko.util.WeakReferenceHandler;
 
 import android.content.Context;
 import android.graphics.Canvas;
+import android.graphics.PorterDuff;
+import android.graphics.PorterDuffColorFilter;
 import android.graphics.Rect;
 import android.graphics.drawable.Drawable;
 import android.os.Handler;
@@ -27,7 +32,6 @@ import android.os.Message;
 import android.util.AttributeSet;
 import android.view.View;
 import android.view.animation.Animation;
-import android.widget.ImageView;
 
 /**
  * Progress view used for page loads.
@@ -36,7 +40,7 @@ import android.widget.ImageView;
  * bar also includes incremental animation between each step to improve
  * perceived performance.
  */
-public class ToolbarProgressView extends ImageView {
+public class ToolbarProgressView extends ThemedImageView {
     private static final int MAX_PROGRESS = 10000;
     private static final int MSG_UPDATE = 0;
     private static final int MSG_HIDE = 1;
@@ -49,6 +53,8 @@ public class ToolbarProgressView extends ImageView {
     private Handler mHandler;
     private int mCurrentProgress;
 
+    private PorterDuffColorFilter mPrivateBrowsingColorFilter;
+
     public ToolbarProgressView(Context context, AttributeSet attrs, int defStyle) {
         super(context, attrs, defStyle);
         init(context);
@@ -59,39 +65,14 @@ public class ToolbarProgressView extends ImageView {
         init(context);
     }
 
-    public ToolbarProgressView(Context context) {
-        super(context);
-        init(context);
-    }
-
     private void init(Context ctx) {
         mBounds = new Rect(0,0,0,0);
         mTargetProgress = 0;
 
-        mHandler = new Handler() {
-            @Override
-            public void handleMessage(Message msg) {
-                switch (msg.what) {
-                    case MSG_UPDATE:
-                        mCurrentProgress = Math.min(mTargetProgress, mCurrentProgress + mIncrement);
+        mPrivateBrowsingColorFilter =
+                new PorterDuffColorFilter(R.color.private_browsing_purple, PorterDuff.Mode.SRC_IN);
 
-                        updateBounds();
-
-                        if (mCurrentProgress < mTargetProgress) {
-                            final int delay = (mTargetProgress < MAX_PROGRESS) ? DELAY : DELAY / 4;
-                            sendMessageDelayed(mHandler.obtainMessage(msg.what), delay);
-                        } else if (mCurrentProgress == MAX_PROGRESS) {
-                            sendMessageDelayed(mHandler.obtainMessage(MSG_HIDE), DELAY);
-                        }
-                        break;
-
-                    case MSG_HIDE:
-                        setVisibility(View.GONE);
-                        break;
-                }
-            }
-
-        };
+        mHandler = new ToolbarProgressHandler(this);
     }
 
     @Override
@@ -186,4 +167,49 @@ public class ToolbarProgressView extends ImageView {
         mBounds.right = getWidth() * mCurrentProgress / MAX_PROGRESS;
         invalidate();
     }
+
+    @Override
+    public void setPrivateMode(final boolean isPrivate) {
+        super.setPrivateMode(isPrivate);
+
+        // Note: android:tint is better but ColorStateLists are not supported until API 21.
+        if (isPrivate) {
+            setColorFilter(mPrivateBrowsingColorFilter);
+        } else {
+            clearColorFilter();
+        }
+    }
+
+    private static class ToolbarProgressHandler extends WeakReferenceHandler<ToolbarProgressView> {
+        public ToolbarProgressHandler(final ToolbarProgressView that) {
+            super(that);
+        }
+
+        @Override
+        public void handleMessage(Message msg) {
+            final ToolbarProgressView that = mTarget.get();
+            if (that == null) {
+                return;
+            }
+
+            switch (msg.what) {
+                case MSG_UPDATE:
+                    that.mCurrentProgress = Math.min(that.mTargetProgress, that.mCurrentProgress + that.mIncrement);
+
+                    that.updateBounds();
+
+                    if (that.mCurrentProgress < that.mTargetProgress) {
+                        final int delay = (that.mTargetProgress < MAX_PROGRESS) ? DELAY : DELAY / 4;
+                        sendMessageDelayed(that.mHandler.obtainMessage(msg.what), delay);
+                    } else if (that.mCurrentProgress == MAX_PROGRESS) {
+                        sendMessageDelayed(that.mHandler.obtainMessage(MSG_HIDE), DELAY);
+                    }
+                    break;
+
+                case MSG_HIDE:
+                    that.setVisibility(View.GONE);
+                    break;
+            }
+        }
+    };
 }
diff --git a/mobile/android/base/util/InputOptionsUtils.java b/mobile/android/base/util/InputOptionsUtils.java
new file mode 100644
index 00000000000..684c42d8c42
--- /dev/null
+++ b/mobile/android/base/util/InputOptionsUtils.java
@@ -0,0 +1,42 @@
+/* -*- Mode: Java; c-basic-offset: 4; tab-width: 4; indent-tabs-mode: nil; -*-
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+package org.mozilla.gecko.util;
+
+import android.content.Context;
+import android.content.Intent;
+import android.speech.RecognizerIntent;
+
+public class InputOptionsUtils {
+    public static boolean supportsVoiceRecognizer(Context context, String prompt) {
+        final Intent intent = createVoiceRecognizerIntent(prompt);
+        return intent.resolveActivity(context.getPackageManager()) != null;
+    }
+
+    public static Intent createVoiceRecognizerIntent(String prompt) {
+        final Intent intent = new Intent(RecognizerIntent.ACTION_RECOGNIZE_SPEECH);
+        intent.putExtra(RecognizerIntent.EXTRA_LANGUAGE_MODEL, RecognizerIntent.LANGUAGE_MODEL_WEB_SEARCH);
+        intent.putExtra(RecognizerIntent.EXTRA_MAX_RESULTS, 1);
+        intent.putExtra(RecognizerIntent.EXTRA_PROMPT, prompt);
+        return intent;
+    }
+
+    public static boolean supportsIntent(Intent intent, Context context) {
+        return intent.resolveActivity(context.getPackageManager()) != null;
+    }
+
+    public static boolean supportsQrCodeReader(Context context) {
+        final Intent intent = createQRCodeReaderIntent();
+        return supportsIntent(intent, context);
+    }
+
+    public static Intent createQRCodeReaderIntent() {
+        // Bug 602818 enables QR code input if you have the particular app below installed in your device
+        Intent intent = new Intent("com.google.zxing.client.android.SCAN");
+        intent.putExtra("SCAN_MODE", "QR_CODE_MODE");
+        intent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TOP);
+        return intent;
+    }
+}
diff --git a/mobile/android/base/util/WeakReferenceHandler.java b/mobile/android/base/util/WeakReferenceHandler.java
new file mode 100644
index 00000000000..3e8508bcebf
--- /dev/null
+++ b/mobile/android/base/util/WeakReferenceHandler.java
@@ -0,0 +1,27 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+package org.mozilla.gecko.util;
+
+import android.os.Handler;
+
+import java.lang.ref.WeakReference;
+
+/**
+ * A Handler to help prevent memory leaks when using Handlers as inner classes.
+ *
+ * To use, extend the Handler, if it's an inner class, make it static,
+ * and reference `this` via the associated WeakReference.
+ *
+ * For additional context, see the "HandlerLeak" android lint item and this post by Romain Guy:
+ *   https://groups.google.com/forum/#!msg/android-developers/1aPZXZG6kWk/lIYDavGYn5UJ
+ */
+public class WeakReferenceHandler<T> extends Handler {
+    public final WeakReference<T> mTarget;
+
+    public WeakReferenceHandler(final T that) {
+        super();
+        mTarget = new WeakReference<>(that);
+    }
+}
diff --git a/mobile/android/chrome/content/.eslintrc b/mobile/android/chrome/content/.eslintrc
new file mode 100644
index 00000000000..949e1312f8f
--- /dev/null
+++ b/mobile/android/chrome/content/.eslintrc
@@ -0,0 +1,24 @@
+globals:
+    # TODO: Maybe this should be by file
+    BrowserApp: false
+    Cc: false
+    Ci: false
+    Cu: false
+    NativeWindow: false
+    PageActions: false
+    ReaderMode: false
+    SimpleServiceDiscovery: false
+    TabMirror: false
+    MediaPlayerApp: false
+    MatchstickApp: false
+    RokuApp: false
+    SearchEngines: false
+    ConsoleAPI: true
+    Point: false
+    Rect: false
+
+rules:
+    # Disabled stuff
+    no-console: 0 # TODO: Can we use console?
+    no-cond-assign: 0
+    no-fallthrough: 0
diff --git a/mobile/android/chrome/content/Reader.js b/mobile/android/chrome/content/Reader.js
index b3e341dccd2..bf793d47131 100644
--- a/mobile/android/chrome/content/Reader.js
+++ b/mobile/android/chrome/content/Reader.js
@@ -5,6 +5,8 @@
 
 "use strict";
 
+/*globals MAX_URI_LENGTH, MAX_TITLE_LENGTH */
+
 let Reader = {
   // These values should match those defined in BrowserContract.java.
   STATUS_UNFETCHED: 0,
diff --git a/mobile/android/chrome/content/WebappRT.js b/mobile/android/chrome/content/WebappRT.js
index e56bf8ec67b..3f65ab28319 100644
--- a/mobile/android/chrome/content/WebappRT.js
+++ b/mobile/android/chrome/content/WebappRT.js
@@ -1,6 +1,9 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*globals PermissionsInstaller */
+
 let Cc = Components.classes;
 let Ci = Components.interfaces;
 let Cu = Components.utils;
diff --git a/mobile/android/chrome/content/aboutAddons.js b/mobile/android/chrome/content/aboutAddons.js
index 7740c45e8e5..c6a634158e1 100644
--- a/mobile/android/chrome/content/aboutAddons.js
+++ b/mobile/android/chrome/content/aboutAddons.js
@@ -4,6 +4,8 @@
 
 "use strict";
 
+/*globals gChromeWin */
+
 let Ci = Components.interfaces, Cc = Components.classes, Cu = Components.utils;
 
 Cu.import("resource://gre/modules/Services.jsm")
@@ -14,14 +16,14 @@ const AMO_ICON = "chrome://browser/skin/images/amo-logo.png";
 
 let gStringBundle = Services.strings.createBundle("chrome://browser/locale/aboutAddons.properties");
 
-XPCOMUtils.defineLazyGetter(window, "gChromeWin", function()
+XPCOMUtils.defineLazyGetter(window, "gChromeWin", function() {
   window.QueryInterface(Ci.nsIInterfaceRequestor)
     .getInterface(Ci.nsIWebNavigation)
     .QueryInterface(Ci.nsIDocShellTreeItem)
     .rootTreeItem
     .QueryInterface(Ci.nsIInterfaceRequestor)
     .getInterface(Ci.nsIDOMWindow)
-    .QueryInterface(Ci.nsIDOMChromeWindow));
+    .QueryInterface(Ci.nsIDOMChromeWindow)});
 
 var ContextMenus = {
   target: null,
@@ -100,7 +102,6 @@ function init() {
   Addons.init();
   showList();
   ContextMenus.init();
-
 }
 
 
@@ -109,14 +110,9 @@ function uninit() {
   AddonManager.removeAddonListener(Addons);
 }
 
-function openLink(aEvent) {
-  try {
-    let formatter = Cc["@mozilla.org/toolkit/URLFormatterService;1"].getService(Ci.nsIURLFormatter);
-
-    let url = formatter.formatURLPref(aEvent.currentTarget.getAttribute("pref"));
-    let BrowserApp = gChromeWin.BrowserApp;
-    BrowserApp.addTab(url, { selected: true, parentId: BrowserApp.selectedTab.id });
-  } catch (ex) {}
+function openLink(url) {
+  let BrowserApp = gChromeWin.BrowserApp;
+  BrowserApp.addTab(url, { selected: true, parentId: BrowserApp.selectedTab.id });
 }
 
 function onPopState(aEvent) {
@@ -192,8 +188,14 @@ var Addons = {
     let outer = document.createElement("div");
     outer.className = "addon-item list-item";
     outer.setAttribute("role", "button");
-    outer.setAttribute("pref", "extensions.getAddons.browseAddons");
-    outer.addEventListener("click", openLink, true);
+    outer.addEventListener("click", function(event) {
+      try {
+        let formatter = Cc["@mozilla.org/toolkit/URLFormatterService;1"].getService(Ci.nsIURLFormatter);
+        openLink(formatter.formatURLPref("extensions.getAddons.browseAddons"));
+      } catch (e) {
+        Cu.reportError(e);
+      }
+    }, true);
 
     let img = document.createElement("img");
     img.className = "icon";
@@ -234,6 +236,7 @@ var Addons = {
 
     let item = this._createItem(aAddon);
     item.setAttribute("isDisabled", !aAddon.isActive);
+    item.setAttribute("isUnsigned", aAddon.signedState <= AddonManager.SIGNEDSTATE_MISSING);
     item.setAttribute("opType", opType);
     item.setAttribute("updateable", updateable);
     if (blocked)
@@ -274,6 +277,10 @@ var Addons = {
     document.getElementById("cancel-btn").addEventListener("click", Addons.cancelUninstall.bind(this), false);
     document.getElementById("disable-btn").addEventListener("click", Addons.disable.bind(this), false);
     document.getElementById("enable-btn").addEventListener("click", Addons.enable.bind(this), false);
+
+    document.getElementById("unsigned-learn-more").addEventListener("click", function() {
+      openLink(Services.urlFormatter.formatURLPref("app.support.baseURL") + "unsigned-addons");
+    }, false);
   },
 
   _getOpTypeForOperations: function _getOpTypeForOperations(aOperations) {
@@ -305,6 +312,7 @@ var Addons = {
 
     let detailItem = document.querySelector("#addons-details > .addon-item");
     detailItem.setAttribute("isDisabled", aListItem.getAttribute("isDisabled"));
+    detailItem.setAttribute("isUnsigned", aListItem.getAttribute("isUnsigned"));
     detailItem.setAttribute("opType", aListItem.getAttribute("opType"));
     detailItem.setAttribute("optionsURL", aListItem.getAttribute("optionsURL"));
     let addon = detailItem.addon = aListItem.addon;
diff --git a/mobile/android/chrome/content/aboutAddons.xhtml b/mobile/android/chrome/content/aboutAddons.xhtml
index f5f00eb87ec..42d9cfa9c10 100644
--- a/mobile/android/chrome/content/aboutAddons.xhtml
+++ b/mobile/android/chrome/content/aboutAddons.xhtml
@@ -47,6 +47,7 @@
         <div class="options-header">&aboutAddons.options;</div>
         <div class="options-box"></div>
       </div>
+      <div class="warn-unsigned">&addonUnsigned.message; <a id="unsigned-learn-more">&addonUnsigned.learnMore;</a></div>
       <div class="status status-uninstalled show-on-uninstall"></div>
       <div class="buttons">
         <button id="enable-btn" class="show-on-disable hide-on-enable hide-on-uninstall" >&addonAction.enable;</button>
diff --git a/mobile/android/chrome/content/aboutApps.js b/mobile/android/chrome/content/aboutApps.js
index defe88bdaa1..f2daaff6739 100644
--- a/mobile/android/chrome/content/aboutApps.js
+++ b/mobile/android/chrome/content/aboutApps.js
@@ -6,6 +6,8 @@
  *
  * ***** END LICENSE BLOCK ***** */
 
+/*globals gChromeWin */
+
 let Ci = Components.interfaces, Cc = Components.classes, Cu = Components.utils;
 
 Cu.import("resource://gre/modules/Services.jsm")
@@ -18,14 +20,14 @@ const DEFAULT_ICON = "chrome://browser/skin/images/default-app-icon.png";
 
 let gStrings = Services.strings.createBundle("chrome://browser/locale/aboutApps.properties");
 
-XPCOMUtils.defineLazyGetter(window, "gChromeWin", function()
+XPCOMUtils.defineLazyGetter(window, "gChromeWin", function() {
   window.QueryInterface(Ci.nsIInterfaceRequestor)
     .getInterface(Ci.nsIWebNavigation)
     .QueryInterface(Ci.nsIDocShellTreeItem)
     .rootTreeItem
     .QueryInterface(Ci.nsIInterfaceRequestor)
     .getInterface(Ci.nsIDOMWindow)
-    .QueryInterface(Ci.nsIDOMChromeWindow));
+    .QueryInterface(Ci.nsIDOMChromeWindow)});
 
 document.addEventListener("DOMContentLoaded", onLoad, false);
 
diff --git a/mobile/android/chrome/content/browser.js b/mobile/android/chrome/content/browser.js
index f12b40f5ae0..f1f1141b2a8 100644
--- a/mobile/android/chrome/content/browser.js
+++ b/mobile/android/chrome/content/browser.js
@@ -603,6 +603,13 @@ var BrowserApp = {
         InitLater(() => WebcompatReporter.init());
       }
 
+      InitLater(function () {
+        // title == 0 and url == 1. See:
+        //   https://mxr.mozilla.org/mozilla-central/source/mobile/android/base/resources/values/arrays.xml?rev=861e4bd9e7fe#153
+        const titleInTitlebarEnabled = Services.prefs.getIntPref("browser.chrome.titlebarMode") == 0;
+        Telemetry.addData("FENNEC_TITLE_IN_TITLEBAR_ENABLED", titleInTitlebarEnabled);
+      });
+
       InitLater(() => LightWeightThemeWebInstaller.init());
       InitLater(() => SpatialNavigation.init(BrowserApp.deck, null), window, "SpatialNavigation");
       InitLater(() => CastingApps.init(), window, "CastingApps");
diff --git a/mobile/android/components/AboutRedirector.js b/mobile/android/components/AboutRedirector.js
index 97559689ef7..b9969797cc3 100644
--- a/mobile/android/components/AboutRedirector.js
+++ b/mobile/android/components/AboutRedirector.js
@@ -22,7 +22,9 @@ let modules = {
     privileged: true,
     hide: true
   },
-  get firefox() this.fennec,
+  get firefox() {
+    return this.fennec
+  },
 
   // about:blank has some bad loading behavior we can avoid, if we use an alias
   empty: {
diff --git a/mobile/android/components/BlocklistPrompt.js b/mobile/android/components/BlocklistPrompt.js
index 81bf52ad7f7..ce7b8e011ed 100644
--- a/mobile/android/components/BlocklistPrompt.js
+++ b/mobile/android/components/BlocklistPrompt.js
@@ -48,7 +48,7 @@ BlocklistPrompt.prototype = {
     // Disable softblocked items automatically
     for (let i = 0; i < aAddons.length; i++) {
       if (aAddons[i].item instanceof Ci.nsIPluginTag)
-        addonList[i].item.disabled = true;
+        aAddons[i].item.disabled = true;
       else
         aAddons[i].item.userDisabled = true;
     }
diff --git a/mobile/android/components/ContentDispatchChooser.js b/mobile/android/components/ContentDispatchChooser.js
index 951fe19d3d7..62cfa2af6a4 100644
--- a/mobile/android/components/ContentDispatchChooser.js
+++ b/mobile/android/components/ContentDispatchChooser.js
@@ -5,6 +5,7 @@
 const Ci = Components.interfaces;
 const Cu = Components.utils;
 const Cc = Components.classes;
+const Cr = Components.results;
 
 Cu.import("resource://gre/modules/XPCOMUtils.jsm");
 Cu.import("resource://gre/modules/Services.jsm");
diff --git a/mobile/android/components/HelperAppDialog.js b/mobile/android/components/HelperAppDialog.js
index fdb5c4e1d52..67953c79f83 100644
--- a/mobile/android/components/HelperAppDialog.js
+++ b/mobile/android/components/HelperAppDialog.js
@@ -3,6 +3,8 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+/*globals ContentAreaUtils */
+
 const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
 
 const APK_MIME_TYPE = "application/vnd.android.package-archive";
@@ -20,6 +22,12 @@ Cu.import("resource://gre/modules/XPCOMUtils.jsm");
 // HelperApp Launcher Dialog
 // -----------------------------------------------------------------------
 
+XPCOMUtils.defineLazyGetter(this, "ContentAreaUtils", function() {
+  let ContentAreaUtils = {};
+  Services.scriptloader.loadSubScript("chrome://global/content/contentAreaUtils.js", ContentAreaUtils);
+  return ContentAreaUtils;
+});
+
 function HelperAppLauncherDialog() { }
 
 HelperAppLauncherDialog.prototype = {
diff --git a/mobile/android/components/LoginManagerPrompter.js b/mobile/android/components/LoginManagerPrompter.js
index d2fce47489f..be0596d0a2a 100644
--- a/mobile/android/components/LoginManagerPrompter.js
+++ b/mobile/android/components/LoginManagerPrompter.js
@@ -6,9 +6,10 @@
 const Cc = Components.classes;
 const Ci = Components.interfaces;
 const Cr = Components.results;
+const Cu = Components.utils;
 
-Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
-Components.utils.import("resource://gre/modules/Services.jsm");
+Cu.import("resource://gre/modules/XPCOMUtils.jsm");
+Cu.import("resource://gre/modules/Services.jsm");
 
 /* Constants for password prompt telemetry.
  * Mirrored in nsLoginManagerPrompter.js */
@@ -443,7 +444,7 @@ LoginManagerPrompter.prototype = {
 
         // If the URI explicitly specified a port, only include it when
         // it's not the default. (We never want "http://foo.com:80")
-        port = uri.port;
+        let port = uri.port;
         if (port != -1) {
             var handler = Services.io.getProtocolHandler(scheme);
             if (port != handler.defaultPort)
diff --git a/mobile/android/components/PromptService.js b/mobile/android/components/PromptService.js
index ab009e4d01c..798cc5f3769 100644
--- a/mobile/android/components/PromptService.js
+++ b/mobile/android/components/PromptService.js
@@ -374,11 +374,11 @@ InternalPrompt.prototype = {
   },
 
   nsIAuthPrompt_promptUsernameAndPassword : function (aTitle, aText, aPasswordRealm, aSavePassword, aUser, aPass) {
-    return nsIAuthPrompt_loginPrompt(aTitle, aText, aPasswordRealm, aSavePassword, aUser, aPass);
+    return this.nsIAuthPrompt_loginPrompt(aTitle, aText, aPasswordRealm, aSavePassword, aUser, aPass);
   },
 
   nsIAuthPrompt_promptPassword : function (aTitle, aText, aPasswordRealm, aSavePassword, aPass) {
-    return nsIAuthPrompt_loginPrompt(aTitle, aText, aPasswordRealm, aSavePassword, null, aPass);
+    return this.nsIAuthPrompt_loginPrompt(aTitle, aText, aPasswordRealm, aSavePassword, null, aPass);
   },
 
   nsIAuthPrompt_loginPrompt: function(aTitle, aPasswordRealm, aSavePassword, aUser, aPass) {
@@ -394,11 +394,12 @@ InternalPrompt.prototype = {
       [checkMsg, check] = PromptUtils.getUsernameAndPassword(foundLogins, aUser, aPass);
     }
 
+    // (eslint-disable: see bug 1177904)
     let ok = false;
     if (aUser)
-      ok = this.nsIPrompt_promptUsernameAndPassword(aTitle, aText, aUser, aPass, checkMsg, check);
+      ok = this.nsIPrompt_promptUsernameAndPassword(aTitle, aText, aUser, aPass, checkMsg, check); // eslint-disable-line no-undef
     else
-      ok = this.nsIPrompt_promptPassword(aTitle, aText, aPass, checkMsg, check);
+      ok = this.nsIPrompt_promptPassword(aTitle, aText, aPass, checkMsg, check); // eslint-disable-line no-undef
 
     if (ok && canSave && check.value)
       PromptUtils.savePassword(hostname, realm, aUser, aPass);
@@ -803,7 +804,7 @@ let PromptUtils = {
 
     // If the URI explicitly specified a port, only include it when
     // it's not the default. (We never want "http://foo.com:80")
-    port = uri.port;
+    let port = uri.port;
     if (port != -1) {
       let handler = Services.io.getProtocolHandler(scheme);
       if (port != handler.defaultPort)
diff --git a/mobile/android/components/Snippets.js b/mobile/android/components/Snippets.js
index a7a0edcebf6..c46ab012721 100644
--- a/mobile/android/components/Snippets.js
+++ b/mobile/android/components/Snippets.js
@@ -251,7 +251,7 @@ function removeSnippet(snippetId) {
 function writeStat(snippetId, timestamp) {
   let data = gEncoder.encode(snippetId + "," + timestamp + ";");
 
-  Task.spawn(function() {
+  Task.spawn(function* () {
     try {
       let file = yield OS.File.open(gStatsPath, { append: true, write: true });
       try {
diff --git a/mobile/android/gradle/base/lint.xml b/mobile/android/gradle/base/lint.xml
index 38007536ca9..b1cc083dee2 100644
--- a/mobile/android/gradle/base/lint.xml
+++ b/mobile/android/gradle/base/lint.xml
@@ -2,4 +2,7 @@
 <lint>
     <!-- Enable relevant checks disabled by default -->
     <issue id="NegativeMargin" severity="warning" />
+
+    <!-- We have a custom menu and don't conform to the recommended styles. -->
+    <issue id="IconColors" severity="ignore" />
 </lint>
diff --git a/mobile/android/locales/en-US/chrome/aboutAddons.dtd b/mobile/android/locales/en-US/chrome/aboutAddons.dtd
index 05405bbb2cc..d4c89146b72 100644
--- a/mobile/android/locales/en-US/chrome/aboutAddons.dtd
+++ b/mobile/android/locales/en-US/chrome/aboutAddons.dtd
@@ -10,3 +10,6 @@
 <!ENTITY addonAction.disable                    "Disable">
 <!ENTITY addonAction.uninstall                  "Uninstall">
 <!ENTITY addonAction.undo                       "Undo">
+
+<!ENTITY addonUnsigned.message                  "This add-on could not be verified by &brandShortName;.">
+<!ENTITY addonUnsigned.learnMore                "Learn more">
diff --git a/mobile/android/modules/DelayedInit.jsm b/mobile/android/modules/DelayedInit.jsm
index 301f432516e..3f9be3aa62d 100644
--- a/mobile/android/modules/DelayedInit.jsm
+++ b/mobile/android/modules/DelayedInit.jsm
@@ -3,6 +3,8 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 "use strict"
 
+/*globals MessageLoop */
+
 const { classes: Cc, interfaces: Ci, utils: Cu } = Components;
 
 this.EXPORTED_SYMBOLS = ["DelayedInit"];
diff --git a/mobile/android/modules/HelperApps.jsm b/mobile/android/modules/HelperApps.jsm
index 2d6fa98ebe6..0ac478da09c 100644
--- a/mobile/android/modules/HelperApps.jsm
+++ b/mobile/android/modules/HelperApps.jsm
@@ -3,6 +3,8 @@
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 "use strict";
 
+/* globals ContentAreaUtils */
+
 const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
 
 Cu.import("resource://gre/modules/XPCOMUtils.jsm");
diff --git a/mobile/android/modules/HomeProvider.jsm b/mobile/android/modules/HomeProvider.jsm
index bca8fa526ef..7d302274202 100644
--- a/mobile/android/modules/HomeProvider.jsm
+++ b/mobile/android/modules/HomeProvider.jsm
@@ -5,6 +5,8 @@
 
 "use strict";
 
+/*globals gSyncCheckIntervalSecs, gUpdateTimerManager, Sqlite, DB_PATH */
+
 this.EXPORTED_SYMBOLS = [ "HomeProvider" ];
 
 const { utils: Cu, classes: Cc, interfaces: Ci } = Components;
@@ -125,18 +127,18 @@ function syncTimerCallback(timer) {
   }
 }
 
-this.HomeStorage = function(datasetId) {
+let HomeStorage = function(datasetId) {
   this.datasetId = datasetId;
 };
 
-this.ValidationError = function(message) {
+let ValidationError = function(message) {
   this.name = "ValidationError";
   this.message = message;
 };
 ValidationError.prototype = new Error();
 ValidationError.prototype.constructor = ValidationError;
 
-this.HomeProvider = Object.freeze({
+let HomeProvider = Object.freeze({
   ValidationError: ValidationError,
 
   /**
@@ -213,7 +215,7 @@ var gDatabaseEnsured = false;
  * Creates the database schema.
  */
 function createDatabase(db) {
-  return Task.spawn(function create_database_task() {
+  return Task.spawn(function* create_database_task() {
     yield db.execute(SQL.createItemsTable);
   });
 }
@@ -222,7 +224,7 @@ function createDatabase(db) {
  * Migrates the database schema to a new version.
  */
 function upgradeDatabase(db, oldVersion, newVersion) {
-  return Task.spawn(function upgrade_database_task() {
+  return Task.spawn(function* upgrade_database_task() {
     switch (oldVersion) {
       case 1:
         // Migration from v1 to latest:
@@ -251,7 +253,7 @@ function upgradeDatabase(db, oldVersion, newVersion) {
  * @resolves Handle on an opened SQLite database.
  */
 function getDatabaseConnection() {
-  return Task.spawn(function get_database_connection_task() {
+  return Task.spawn(function* get_database_connection_task() {
     let db = yield Sqlite.openConnection({ path: DB_PATH });
     if (gDatabaseEnsured) {
       throw new Task.Result(db);
@@ -350,10 +352,10 @@ HomeStorage.prototype = {
         ": you cannot save more than " + MAX_SAVE_COUNT + " items at once";
     }
 
-    return Task.spawn(function save_task() {
+    return Task.spawn(function* save_task() {
       let db = yield getDatabaseConnection();
       try {
-        yield db.executeTransaction(function save_transaction() {
+        yield db.executeTransaction(function* save_transaction() {
           if (options && options.replace) {
             yield db.executeCached(SQL.deleteFromDataset, { dataset_id: this.datasetId });
           }
@@ -392,7 +394,7 @@ HomeStorage.prototype = {
    * @resolves When the operation has completed.
    */
   deleteAll: function() {
-    return Task.spawn(function delete_all_task() {
+    return Task.spawn(function* delete_all_task() {
       let db = yield getDatabaseConnection();
       try {
         let params = { dataset_id: this.datasetId };
diff --git a/mobile/android/modules/Notifications.jsm b/mobile/android/modules/Notifications.jsm
index 9dde00cfd75..aa1e64fa038 100644
--- a/mobile/android/modules/Notifications.jsm
+++ b/mobile/android/modules/Notifications.jsm
@@ -19,7 +19,7 @@ let _handlersMap = {};
 
 function Notification(aId, aOptions) {
   this._id = aId;
-  this._when = (new Date).getTime();
+  this._when = (new Date()).getTime();
   this.fillWithOptions(aOptions);
 }
 
diff --git a/mobile/android/modules/Sanitizer.jsm b/mobile/android/modules/Sanitizer.jsm
index 4c78bb42e1c..4096a1e48db 100644
--- a/mobile/android/modules/Sanitizer.jsm
+++ b/mobile/android/modules/Sanitizer.jsm
@@ -3,6 +3,8 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+/*globals LoadContextInfo, FormHistory, Accounts */
+
 let Cc = Components.classes;
 let Ci = Components.interfaces;
 let Cu = Components.utils;
diff --git a/mobile/android/modules/SharedPreferences.jsm b/mobile/android/modules/SharedPreferences.jsm
index f0170d66116..ee50b0ffdfd 100644
--- a/mobile/android/modules/SharedPreferences.jsm
+++ b/mobile/android/modules/SharedPreferences.jsm
@@ -61,7 +61,7 @@ let SharedPreferences = {
  */
 function SharedPreferencesImpl(options = {}) {
   if (!(this instanceof SharedPreferencesImpl)) {
-    return new SharedPreferencesImpl(level);
+    return new SharedPreferencesImpl(options);
   }
 
   if (options.scope == null || options.scope == undefined) {
diff --git a/mobile/android/modules/WebappManagerWorker.js b/mobile/android/modules/WebappManagerWorker.js
index 86386a75264..4f04d666d6e 100644
--- a/mobile/android/modules/WebappManagerWorker.js
+++ b/mobile/android/modules/WebappManagerWorker.js
@@ -10,7 +10,8 @@ let Log = require("resource://gre/modules/AndroidLog.jsm");
 // the "debug" priority and a log tag.
 let log = Log.d.bind(null, "WebappManagerWorker");
 
-onmessage = function(event) {
+// (eslint-disable: see bug 1177901)
+onmessage = function(event) { // eslint-disable-line no-undef
   let { url, path } = event.data;
 
   let file = OS.File.open(path, { truncate: true });
diff --git a/mobile/android/search/java/org/mozilla/search/SearchActivity.java b/mobile/android/search/java/org/mozilla/search/SearchActivity.java
index 7d79e764887..fea38333c55 100644
--- a/mobile/android/search/java/org/mozilla/search/SearchActivity.java
+++ b/mobile/android/search/java/org/mozilla/search/SearchActivity.java
@@ -19,6 +19,7 @@ import org.mozilla.search.providers.SearchEngineManager;
 import org.mozilla.search.providers.SearchEngineManager.SearchEngineCallback;
 
 import android.content.AsyncQueryHandler;
+import android.content.ContentResolver;
 import android.content.ContentValues;
 import android.content.Intent;
 import android.graphics.Rect;
@@ -92,6 +93,16 @@ public class SearchActivity extends Locales.LocaleAwareFragmentActivity
     private int cardPaddingX;
     private int cardPaddingY;
 
+    /**
+     * An empty implementation of AsyncQueryHandler to avoid the "HandlerLeak" warning from Android
+     * Lint. See also {@see org.mozilla.gecko.util.WeakReferenceHandler}.
+     */
+    private static class AsyncQueryHandlerImpl extends AsyncQueryHandler {
+        public AsyncQueryHandlerImpl(final ContentResolver that) {
+            super(that);
+        }
+    }
+
     @Override
     protected void onCreate(Bundle savedInstanceState) {
         GeckoAppShell.ensureCrashHandling();
@@ -108,7 +119,7 @@ public class SearchActivity extends Locales.LocaleAwareFragmentActivity
         // Initialize the fragments with the selected search engine.
         searchEngineManager.getEngine(this);
 
-        queryHandler = new AsyncQueryHandler(getContentResolver()) {};
+        queryHandler = new AsyncQueryHandlerImpl(getContentResolver());
 
         searchBar = (SearchBar) findViewById(R.id.search_bar);
         searchBar.setOnClickListener(new View.OnClickListener() {
diff --git a/mobile/android/services/strings.xml.in b/mobile/android/services/strings.xml.in
index 668fc873a40..4e78ef64ecb 100644
--- a/mobile/android/services/strings.xml.in
+++ b/mobile/android/services/strings.xml.in
@@ -55,7 +55,7 @@
   <string name="sync_configure_engines_title">&sync.configure.engines.title.label;</string>
   <string name="sync_configure_engines_sync_my_title">&sync.configure.engines.sync.my.title.label;</string>
   <string name="sync_configure_engines_title_bookmarks">&sync.configure.engines.title.bookmarks;</string>
-  <string name="sync_configure_engines_title_passwords">&sync.configure.engines.title.passwords;</string>
+  <string name="sync_configure_engines_title_passwords">&sync.configure.engines.title.passwords2;</string>
   <string name="sync_configure_engines_title_history">&sync.configure.engines.title.history;</string>
   <string name="sync_configure_engines_title_tabs">&sync.configure.engines.title.tabs;</string>
 
@@ -132,7 +132,7 @@
 <string name="fxaccount_policy_linkprivacy">&fxaccount_policy_linkprivacy;</string>
 
 <string name="fxaccount_getting_started_welcome_to_sync">&fxaccount_getting_started_welcome_to_sync;</string>
-<string name="fxaccount_getting_started_description">&fxaccount_getting_started_description;</string>
+<string name="fxaccount_getting_started_description">&fxaccount_getting_started_description2;</string>
 <string name="fxaccount_getting_started_get_started">&fxaccount_getting_started_get_started;</string>
 <string name="fxaccount_getting_started_old_firefox">&fxaccount_getting_started_old_firefox;</string>
 
@@ -203,7 +203,7 @@
 <string name="fxaccount_status_needs_finish_migrating">&fxaccount_status_needs_finish_migrating;</string>
 <string name="fxaccount_status_bookmarks">&fxaccount_status_bookmarks;</string>
 <string name="fxaccount_status_history">&fxaccount_status_history;</string>
-<string name="fxaccount_status_passwords">&fxaccount_status_passwords;</string>
+<string name="fxaccount_status_passwords">&fxaccount_status_passwords2;</string>
 <string name="fxaccount_status_tabs">&fxaccount_status_tabs;</string>
 <string name="fxaccount_status_reading_list">&reading_list_title;</string>
 <string name="fxaccount_status_legal">&fxaccount_status_legal;</string>
diff --git a/mobile/android/stumbler/java/org/mozilla/mozstumbler/service/stumblerthread/scanners/cellscanner/CellScanner.java b/mobile/android/stumbler/java/org/mozilla/mozstumbler/service/stumblerthread/scanners/cellscanner/CellScanner.java
index 83e7ef95d38..193de992345 100644
--- a/mobile/android/stumbler/java/org/mozilla/mozstumbler/service/stumblerthread/scanners/cellscanner/CellScanner.java
+++ b/mobile/android/stumbler/java/org/mozilla/mozstumbler/service/stumblerthread/scanners/cellscanner/CellScanner.java
@@ -17,6 +17,7 @@ import android.util.Log;
 import org.mozilla.mozstumbler.service.AppGlobals;
 import org.mozilla.mozstumbler.service.AppGlobals.ActiveOrPassiveStumbling;
 
+import java.lang.ref.WeakReference;
 import java.util.ArrayList;
 import java.util.HashSet;
 import java.util.List;
@@ -72,13 +73,7 @@ public class CellScanner {
                 new IntentFilter(Reporter.ACTION_NEW_BUNDLE));
 
         // This is to ensure the broadcast happens from the same thread the CellScanner start() is on
-        mBroadcastScannedHandler = new Handler() {
-            @Override
-            public void handleMessage(Message msg) {
-                Intent intent = (Intent) msg.obj;
-                LocalBroadcastManager.getInstance(mContext).sendBroadcastSync(intent);
-            }
-        };
+        mBroadcastScannedHandler = new BroadcastScannedHandler(this);
 
         mCellScannerImplementation.start();
 
@@ -159,4 +154,25 @@ public class CellScanner {
             mReportWasFlushed.set(true);
         }
     }
+
+    // Note: this reimplements org.mozilla.gecko.util.WeakReferenceHandler because it's not available here.
+    private static class BroadcastScannedHandler extends Handler {
+        private WeakReference<CellScanner> mTarget;
+
+        public BroadcastScannedHandler(final CellScanner that) {
+            super();
+            mTarget = new WeakReference<>(that);
+        }
+
+        @Override
+        public void handleMessage(Message msg) {
+            final CellScanner that = mTarget.get();
+            if (that == null) {
+                return;
+            }
+
+            final Intent intent = (Intent) msg.obj;
+            LocalBroadcastManager.getInstance(that.mContext).sendBroadcastSync(intent);
+        }
+    };
 }
diff --git a/mobile/android/tests/.eslintrc b/mobile/android/tests/.eslintrc
new file mode 100644
index 00000000000..6784be2d6ef
--- /dev/null
+++ b/mobile/android/tests/.eslintrc
@@ -0,0 +1,18 @@
+globals:
+    # TODO: Verify that these are correct.
+    Point: false
+    SpecialPowers: false
+    XPCNativeWrapper: false
+    add_task: false
+    add_test: false
+    do_check_eq: false
+    do_check_false: false
+    do_check_neq: false
+    do_check_true: false
+    do_print: false
+    do_register_cleanup: false
+    do_report_result: false
+    do_test_finished: false
+    do_test_pending: false
+    do_throw: false
+    run_next_test: false
diff --git a/mobile/android/tests/browser/robocop/StringHelper.java b/mobile/android/tests/browser/robocop/StringHelper.java
index 084922d079b..67366e34622 100644
--- a/mobile/android/tests/browser/robocop/StringHelper.java
+++ b/mobile/android/tests/browser/robocop/StringHelper.java
@@ -133,6 +133,8 @@ public class StringHelper {
     public final String TEXT_SIZE_LABEL;
     public final String TITLE_BAR_LABEL = "Title bar";
     public final String SCROLL_TITLE_BAR_LABEL;
+    public final String VOICE_INPUT_TITLE_LABEL;
+    public final String VOICE_INPUT_SUMMARY_LABEL;
     public final String TEXT_REFLOW_LABEL;
     public final String CHARACTER_ENCODING_LABEL;
     public final String PLUGINS_LABEL;
@@ -145,7 +147,7 @@ public class StringHelper {
     public final String TRACKING_PROTECTION_LABEL;
     public final String DNT_LABEL;
     public final String COOKIES_LABEL;
-    public final String REMEMBER_PASSWORDS_LABEL;
+    public final String REMEMBER_LOGINS_LABEL;
     public final String MANAGE_LOGINS_LABEL;
     public final String MASTER_PASSWORD_LABEL;
     public final String CLEAR_PRIVATE_DATA_LABEL;
@@ -318,6 +320,8 @@ public class StringHelper {
         // Display
         TEXT_SIZE_LABEL = res.getString(R.string.pref_text_size);
         SCROLL_TITLE_BAR_LABEL = res.getString(R.string.pref_scroll_title_bar2);
+        VOICE_INPUT_TITLE_LABEL = res.getString(R.string.pref_voice_input);
+        VOICE_INPUT_SUMMARY_LABEL = res.getString(R.string.pref_voice_input_summary);
         TEXT_REFLOW_LABEL = res.getString(R.string.pref_reflow_on_zoom);
         CHARACTER_ENCODING_LABEL = res.getString(R.string.pref_char_encoding);
         PLUGINS_LABEL = res.getString(R.string.pref_plugins);
@@ -326,7 +330,7 @@ public class StringHelper {
         TRACKING_PROTECTION_LABEL = res.getString(R.string.pref_tracking_protection_title);
         DNT_LABEL = res.getString(R.string.pref_donottrack_title);
         COOKIES_LABEL = res.getString(R.string.pref_cookies_menu);
-        REMEMBER_PASSWORDS_LABEL = res.getString(R.string.pref_remember_signons);
+        REMEMBER_LOGINS_LABEL = res.getString(R.string.pref_remember_signons);
         MANAGE_LOGINS_LABEL = res.getString(R.string.pref_manage_logins);
         MASTER_PASSWORD_LABEL = res.getString(R.string.pref_use_master_password);
         CLEAR_PRIVATE_DATA_LABEL = res.getString(R.string.pref_clear_private_data);
diff --git a/mobile/android/tests/browser/robocop/testAboutLogins.js b/mobile/android/tests/browser/robocop/testAboutLogins.js
index 1d987ce4603..8118da24eb1 100644
--- a/mobile/android/tests/browser/robocop/testAboutLogins.js
+++ b/mobile/android/tests/browser/robocop/testAboutLogins.js
@@ -43,7 +43,7 @@ function add_login(login) {
 add_test(function password_setup() {
   add_login(LOGIN_FIELDS);
 
-  // Load about:passwords.
+  // Load about:logins.
   BrowserApp = Services.wm.getMostRecentWindow("navigator:browser").BrowserApp;
   browser = BrowserApp.addTab("about:logins", { selected: true, parentId: BrowserApp.selectedTab.id }).browser;
 
diff --git a/mobile/android/tests/browser/robocop/testAndroidLog.js b/mobile/android/tests/browser/robocop/testAndroidLog.js
index 9a8b74875d3..a235219a8ac 100644
--- a/mobile/android/tests/browser/robocop/testAndroidLog.js
+++ b/mobile/android/tests/browser/robocop/testAndroidLog.js
@@ -3,6 +3,8 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+/*globals AndroidLog */
+
 const TAG = "AndroidLogTest";
 
 const VERBOSE_MESSAGE = "This is a verbose message.";
diff --git a/mobile/android/tests/browser/robocop/testReadingListCache.js b/mobile/android/tests/browser/robocop/testReadingListCache.js
index df118fcc8a6..3a6e9c9933f 100644
--- a/mobile/android/tests/browser/robocop/testReadingListCache.js
+++ b/mobile/android/tests/browser/robocop/testReadingListCache.js
@@ -3,6 +3,8 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+/*globals ReaderMode */
+
 const { utils: Cu } = Components;
 
 Cu.import("resource://gre/modules/ReaderMode.jsm");
diff --git a/mobile/android/tests/browser/robocop/testSettingsMenuItems.java b/mobile/android/tests/browser/robocop/testSettingsMenuItems.java
index 21dde507a80..43c498ae83c 100644
--- a/mobile/android/tests/browser/robocop/testSettingsMenuItems.java
+++ b/mobile/android/tests/browser/robocop/testSettingsMenuItems.java
@@ -7,8 +7,11 @@ import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
 
+import org.mozilla.gecko.R;
+import org.mozilla.gecko.Actions;
 import org.mozilla.gecko.AppConstants;
 import org.mozilla.gecko.util.HardwareUtils;
+import org.mozilla.gecko.util.InputOptionsUtils;
 
 /** This patch tests the Sections present in the Settings Menu and the
  *  default values for them
@@ -99,10 +102,10 @@ public class testSettingsMenuItems extends PixelTest {
                 TRACKING_PROTECTION_LABEL_ARR,
                 { mStringHelper.DNT_LABEL },
                 { mStringHelper.COOKIES_LABEL, "Enabled", "Enabled, excluding 3rd party", "Disabled" },
-                { mStringHelper.REMEMBER_PASSWORDS_LABEL },
+                { mStringHelper.REMEMBER_LOGINS_LABEL },
                 MANAGE_LOGINS_ARR,
                 { mStringHelper.MASTER_PASSWORD_LABEL },
-                { mStringHelper.CLEAR_PRIVATE_DATA_LABEL, "", "Browsing history", "Search history", "Downloads", "Form history", "Cookies & active logins", "Saved passwords", "Cache", "Offline website data", "Site settings", "Clear data" },
+                { mStringHelper.CLEAR_PRIVATE_DATA_LABEL, "", "Browsing history", "Search history", "Downloads", "Form history", "Cookies & active logins", mStringHelper.CLEAR_PRIVATE_DATA_LABEL, "Cache", "Offline website data", "Site settings", "Clear data" },
         };
 
         PATH_MOZILLA = new String[] { mStringHelper.MOZILLA_SECTION_LABEL };
@@ -225,6 +228,12 @@ public class testSettingsMenuItems extends PixelTest {
         if (HardwareUtils.isTablet()) {
             settingsMap.get(PATH_DISPLAY).remove(TITLE_BAR_LABEL_ARR);
         }
+
+        // Voice input
+        if (AppConstants.NIGHTLY_BUILD && InputOptionsUtils.supportsVoiceRecognizer(this.getActivity().getApplicationContext(), this.getActivity().getResources().getString(R.string.voicesearch_prompt))) {
+            String[] voiceInputUi = { mStringHelper.VOICE_INPUT_TITLE_LABEL, mStringHelper.VOICE_INPUT_SUMMARY_LABEL };
+            settingsMap.get(PATH_DISPLAY).add(voiceInputUi);
+        }
     }
 
     public void checkMenuHierarchy(Map<String[], List<String[]>> settingsMap) {
diff --git a/mobile/android/tests/browser/robocop/testSimpleDiscovery.js b/mobile/android/tests/browser/robocop/testSimpleDiscovery.js
index c5fd1c9994a..a226f41e3f2 100644
--- a/mobile/android/tests/browser/robocop/testSimpleDiscovery.js
+++ b/mobile/android/tests/browser/robocop/testSimpleDiscovery.js
@@ -4,6 +4,8 @@
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 "use strict";
 
+/*globals SimpleServiceDiscovery */
+
 const { classes: Cc, interfaces: Ci, utils: Cu } = Components;
 
 Cu.import("resource://gre/modules/Services.jsm");
diff --git a/mobile/android/tests/browser/robocop/testVideoDiscovery.js b/mobile/android/tests/browser/robocop/testVideoDiscovery.js
index 0b158d6b70d..29f78750776 100644
--- a/mobile/android/tests/browser/robocop/testVideoDiscovery.js
+++ b/mobile/android/tests/browser/robocop/testVideoDiscovery.js
@@ -5,6 +5,8 @@
 
 "use strict";
 
+/*globals SimpleServiceDiscovery */
+
 const { classes: Cc, interfaces: Ci, utils: Cu } = Components;
 
 Cu.import("resource://gre/modules/Services.jsm");
diff --git a/mobile/android/themes/core/aboutAddons.css b/mobile/android/themes/core/aboutAddons.css
index 83e11f19cd2..69f2e51ea75 100644
--- a/mobile/android/themes/core/aboutAddons.css
+++ b/mobile/android/themes/core/aboutAddons.css
@@ -5,6 +5,15 @@
 %filter substitution
 %include defines.inc
 
+a {
+  text-decoration: none;
+  color: #0096DD;
+}
+
+a:active {
+  color: #0082C6;
+}
+
 .details {
   width: 100%;
 }
@@ -25,6 +34,21 @@
   text-overflow: ellipsis;
 }
 
+.warn-unsigned {
+  border-top: 1px solid @color_about_item_border@;
+  padding: 1em;
+  -moz-padding-start: calc(var(--icon-size) + var(--icon-margin) * 2);
+  background-image: url("chrome://browser/skin/images/grey-caution.svg");
+  background-size: var(--icon-size);
+  background-position: var(--icon-margin);
+  background-repeat: no-repeat;
+  display: none;
+}
+
+.addon-item[isUnsigned] .warn-unsigned {
+  display: block;
+}
+
 .status {
   border-top: 1px solid @color_about_item_border@;
   font-weight: bold;
diff --git a/mobile/android/themes/core/aboutPrivateBrowsing.css b/mobile/android/themes/core/aboutPrivateBrowsing.css
index 9378cdcb059..02625b70b3d 100644
--- a/mobile/android/themes/core/aboutPrivateBrowsing.css
+++ b/mobile/android/themes/core/aboutPrivateBrowsing.css
@@ -20,7 +20,7 @@ div.contentSection {
 }
 
 body.private {
-  background-color: #292c29;
+  background-color: #45494E; /* tabs_tray_grey_pressed */
   color: #afb1b3; /* tabs_tray_icon_grey */
 }
 
diff --git a/mobile/android/themes/core/images/grey-caution.svg b/mobile/android/themes/core/images/grey-caution.svg
new file mode 100644
index 00000000000..1b810214fff
--- /dev/null
+++ b/mobile/android/themes/core/images/grey-caution.svg
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg width="60px" height="60px" viewBox="0 0 60 60" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:sketch="http://www.bohemiancoding.com/sketch/ns">
+    <!-- Generator: Sketch 3.3.2 (12043) - http://www.bohemiancoding.com/sketch -->
+    <title>Rectangle 62</title>
+    <desc>Created with Sketch.</desc>
+    <defs/>
+    <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd" sketch:type="MSPage">
+        <g id="Artboard-16" sketch:type="MSArtboardGroup" transform="translate(-62.000000, -310.000000)" fill="#AFB1B3">
+            <g id="Insecure-icon-Copy" sketch:type="MSLayerGroup" transform="translate(60.000000, 308.000000)">
+                <path d="M34.6570853,3.89861537 L61.6191658,57.8227763 C62.6631009,60.0994422 61.4905756,62 58.9609325,62 L5.03677158,62 C2.50636943,62 1.33487292,60.0971201 2.37853829,57.8227763 L29.3406187,3.89861537 C30.6694576,1.36596731 33.3285163,1.36828938 34.6570853,3.89861537 Z M28.2013759,23.6360478 C28.2013759,21.5439751 29.9058314,19.8480151 31.998852,19.8480151 C34.0961402,19.8480151 35.7963281,21.5419679 35.7963281,23.6360478 L35.7963281,38.844839 C35.7963281,40.9369118 34.0918726,42.6328718 31.998852,42.6328718 C29.9015639,42.6328718 28.2013759,40.938919 28.2013759,38.844839 L28.2013759,23.6360478 Z M31.998852,54.7847954 C34.0961402,54.7847954 35.7963281,53.0846074 35.7963281,50.9873193 C35.7963281,48.8900311 34.0961402,47.1898431 31.998852,47.1898431 C29.9015639,47.1898431 28.2013759,48.8900311 28.2013759,50.9873193 C28.2013759,53.0846074 29.9015639,54.7847954 31.998852,54.7847954 Z" id="Rectangle-62" sketch:type="MSShapeGroup"/>
+            </g>
+        </g>
+    </g>
+</svg>
\ No newline at end of file
diff --git a/mobile/android/themes/core/jar.mn b/mobile/android/themes/core/jar.mn
index e9f966d10b4..088d8e68a6a 100644
--- a/mobile/android/themes/core/jar.mn
+++ b/mobile/android/themes/core/jar.mn
@@ -73,6 +73,7 @@ chrome.jar:
   skin/images/errorpage-warning.png         (images/errorpage-warning.png)
   skin/images/exitfullscreen-hdpi.png       (images/exitfullscreen-hdpi.png)
   skin/images/fullscreen-hdpi.png           (images/fullscreen-hdpi.png)
+  skin/images/grey-caution.svg              (images/grey-caution.svg)
   skin/images/certerror-warning.png         (images/certerror-warning.png)
   skin/images/errorpage-larry-white.png     (images/errorpage-larry-white.png)
   skin/images/errorpage-larry-black.png     (images/errorpage-larry-black.png)
diff --git a/security/manager/ssl/StaticHPKPins.h b/security/manager/ssl/StaticHPKPins.h
index 4c7a9c61e1d..0e99c66476b 100644
--- a/security/manager/ssl/StaticHPKPins.h
+++ b/security/manager/ssl/StaticHPKPins.h
@@ -786,6 +786,7 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
   { "glass.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "gmail.com", false, false, false, -1, &kPinset_google_root_pems },
   { "goo.gl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google", true, false, false, -1, &kPinset_google_root_pems },
   { "google-analytics.com", true, false, false, -1, &kPinset_google_root_pems },
   { "google.ac", true, false, false, -1, &kPinset_google_root_pems },
   { "google.ad", true, false, false, -1, &kPinset_google_root_pems },
@@ -1092,8 +1093,8 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
   { "ytimg.com", true, false, false, -1, &kPinset_google_root_pems },
 };
 
-// Pinning Preload List Length = 353;
+// Pinning Preload List Length = 354;
 
 static const int32_t kUnknownId = -1;
 
-static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1443263062798000);
+static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1443867905693000);
diff --git a/security/manager/ssl/nsSTSPreloadList.errors b/security/manager/ssl/nsSTSPreloadList.errors
index 11be864bd3c..b3ec3e22d8b 100644
--- a/security/manager/ssl/nsSTSPreloadList.errors
+++ b/security/manager/ssl/nsSTSPreloadList.errors
@@ -2,12 +2,15 @@
 56ct.com: could not connect to host
 activiti.alfresco.com: did not receive HSTS header
 adamkostecki.de: could not connect to host
+adamstas.com: could not connect to host
 admin.google.com: did not receive HSTS header (error ignored - included regardless)
 adsfund.org: could not connect to host
+aes256.ru: could not connect to host
 afp548.tk: could not connect to host
 agrimap.com: did not receive HSTS header
 airbnb.com: did not receive HSTS header
 aiticon.de: did not receive HSTS header
+akselimedia.fi: did not receive HSTS header
 alpha.irccloud.com: did not receive HSTS header
 alphabit-secure.com: could not connect to host
 altmv.com: max-age too low: 7776000
@@ -31,12 +34,14 @@ au.search.yahoo.com: did not receive HSTS header
 aurainfosec.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 134"  data: no]
 auraredeye.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 134"  data: no]
 auraredshield.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 134"  data: no]
+auszeit.bio: did not receive HSTS header
 auth.mail.ru: did not receive HSTS header
 auto4trade.nl: did not receive HSTS header
+av.de: did not receive HSTS header
 az.search.yahoo.com: did not receive HSTS header
 azabani.com: did not receive HSTS header
 azprep.us: could not connect to host
-baldwinkoo.com: did not receive HSTS header
+baldwinkoo.com: could not connect to host
 barcodeberlin.com: did not receive HSTS header
 bassh.net: could not connect to host
 bccx.com: could not connect to host
@@ -83,17 +88,19 @@ chippy.ch: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_
 chit.search.yahoo.com: did not receive HSTS header
 chm.vn: did not receive HSTS header
 chontalpa.pw: did not receive HSTS header
+chriswarrick.com: did not receive HSTS header
 chrome-devtools-frontend.appspot.com: did not receive HSTS header (error ignored - included regardless)
 chrome.google.com: did not receive HSTS header (error ignored - included regardless)
 cimballa.com: did not receive HSTS header
 cl.search.yahoo.com: did not receive HSTS header
 climaprecio.es: did not receive HSTS header
+cloudns.com.au: could not connect to host
 cn.search.yahoo.com: did not receive HSTS header
 co.search.yahoo.com: did not receive HSTS header
 code.google.com: did not receive HSTS header (error ignored - included regardless)
 codereview.chromium.org: did not receive HSTS header (error ignored - included regardless)
 coding.net: did not receive HSTS header
-coffeeetc.co.uk: did not receive HSTS header
+coffeeetc.co.uk: could not connect to host
 console.python.org: did not receive HSTS header
 copperhead.co: max-age too low: 0
 coursella.com: did not receive HSTS header
@@ -118,6 +125,7 @@ devh.de: did not receive HSTS header
 diedrich.co: did not receive HSTS header
 digitaldaddy.net: could not connect to host
 discovery.lookout.com: did not receive HSTS header
+dixmag.com: could not connect to host
 dk.search.yahoo.com: did not receive HSTS header
 dl.google.com: did not receive HSTS header (error ignored - included regardless)
 do.search.yahoo.com: did not receive HSTS header
@@ -145,7 +153,6 @@ esec.rs: did not receive HSTS header
 espanol.search.yahoo.com: did not receive HSTS header
 espra.com: could not connect to host
 etsysecure.com: could not connect to host
-exiahost.com: did not receive HSTS header
 ezimoeko.net: did not receive HSTS header
 eztv.ch: did not receive HSTS header
 fabianfischer.de: did not receive HSTS header
@@ -170,8 +177,8 @@ gl.search.yahoo.com: did not receive HSTS header
 glass.google.com: did not receive HSTS header (error ignored - included regardless)
 gm.search.yahoo.com: did not receive HSTS header
 gmail.com: did not receive HSTS header (error ignored - included regardless)
-gmantra.org: could not connect to host
 goodwin43.ru: did not receive HSTS header
+google: could not connect to host (error ignored - included regardless)
 googlemail.com: did not receive HSTS header (error ignored - included regardless)
 googleplex.com: could not connect to host
 googleplex.com: could not connect to host (error ignored - included regardless)
@@ -180,17 +187,17 @@ gotowned.org: did not receive HSTS header
 gparent.org: did not receive HSTS header
 gr.search.yahoo.com: did not receive HSTS header
 grandmascookieblog.com: did not receive HSTS header
+greensolid.biz: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 134"  data: no]
 greplin.com: could not connect to host
 groups.google.com: did not receive HSTS header (error ignored - included regardless)
 gtraxapp.com: could not connect to host
-guidetoiceland.is: did not receive HSTS header
 gvt2.com: could not connect to host
 gvt2.com: could not connect to host (error ignored - included regardless)
 gvt3.com: could not connect to host
 gvt3.com: could not connect to host (error ignored - included regardless)
 hangouts.google.com: did not receive HSTS header (error ignored - included regardless)
 hatoko.net: could not connect to host
-history.google.com: did not receive HSTS header (error ignored - included regardless)
+hda.me: did not receive HSTS header
 hk.search.yahoo.com: did not receive HSTS header
 hn.search.yahoo.com: did not receive HSTS header
 hoerbuecher-und-hoerspiele.de: did not receive HSTS header
@@ -255,10 +262,10 @@ li.search.yahoo.com: did not receive HSTS header
 library.linode.com: did not receive HSTS header
 libraryfreedomproject.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 134"  data: no]
 lifeguard.aecom.com: max-age too low: 86400
+linguaquote.com: did not receive HSTS header
 lists.fedoraproject.org: did not receive HSTS header
 login.corp.google.com: max-age too low: 7776000 (error ignored - included regardless)
 logotype.se: did not receive HSTS header
-lolicore.ch: could not connect to host
 lovelycorral.com: did not receive HSTS header
 lt.search.yahoo.com: did not receive HSTS header
 lu.search.yahoo.com: did not receive HSTS header
@@ -284,6 +291,7 @@ megashur.se: did not receive HSTS header
 megaxchange.com: did not receive HSTS header
 meinebo.it: could not connect to host
 micropple.net: could not connect to host
+miketabor.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 134"  data: no]
 minikneet.nl: could not connect to host
 minora.io: did not receive HSTS header
 mirindadomo.ru: did not receive HSTS header
@@ -305,8 +313,8 @@ mykolab.com: did not receive HSTS header
 mykreuzfahrt.de: did not receive HSTS header
 myni.io: could not connect to host
 neftaly.com: did not receive HSTS header
+nemovement.org: did not receive HSTS header
 neonisi.com: could not connect to host
-netrelay.email: did not receive HSTS header
 netzbit.de: did not receive HSTS header
 netzpolitik.org: did not receive HSTS header
 netztest.at: did not receive HSTS header
@@ -320,9 +328,11 @@ nijm.nl: max-age too low: 0
 nl.search.yahoo.com: did not receive HSTS header
 no.search.yahoo.com: did not receive HSTS header
 noexpect.org: could not connect to host
+noobs-r-us.co.uk: did not receive HSTS header
 np.search.yahoo.com: did not receive HSTS header
 npw.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 134"  data: no]
-null-sec.ru: could not connect to host
+null-sec.ru: did not receive HSTS header
+nwa.xyz: could not connect to host
 nz.search.yahoo.com: did not receive HSTS header
 nzb.cat: did not receive HSTS header
 offshore-firma.org: could not connect to host
@@ -348,7 +358,6 @@ pl.search.yahoo.com: did not receive HSTS header
 platform.lookout.com: could not connect to host
 play.google.com: did not receive HSTS header (error ignored - included regardless)
 poiema.com.sg: did not receive HSTS header
-polymathematician.com: could not connect to host
 popcorntime.ws: max-age too low: 2592000
 powerplannerapp.com: did not receive HSTS header
 pr.search.yahoo.com: did not receive HSTS header
@@ -370,11 +379,12 @@ rid-wan.com: max-age too low: 0
 riseup.net: did not receive HSTS header
 rme.li: did not receive HSTS header
 ro.search.yahoo.com: did not receive HSTS header
-roan24.pl: did not receive HSTS header
+roan24.pl: max-age too low: 0
 roddis.net: did not receive HSTS header
 ru.search.yahoo.com: did not receive HSTS header
 rw.search.yahoo.com: did not receive HSTS header
 sah3.net: could not connect to host
+sanatfilan.com: could not connect to host
 saturngames.co.uk: could not connect to host
 savetheinternet.eu: did not receive HSTS header
 script.google.com: did not receive HSTS header (error ignored - included regardless)
@@ -390,6 +400,7 @@ seowarp.net: max-age too low: 1576800
 serverdensity.io: did not receive HSTS header
 sg.search.yahoo.com: did not receive HSTS header
 shiinko.com: could not connect to host
+shoprose.ru: did not receive HSTS header
 shops.neonisi.com: could not connect to host
 siammedia.co: did not receive HSTS header
 silentcircle.org: could not connect to host
@@ -398,7 +409,7 @@ simplyfixit.co.uk: [Exception... "Component returned failure code: 0x80004005 (N
 sistemy48.ru: did not receive HSTS header
 sites.google.com: did not receive HSTS header (error ignored - included regardless)
 smartlend.se: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 134"  data: no]
-sockeye.cc: did not receive HSTS header
+soccergif.com: could not connect to host
 sol.io: could not connect to host
 souyar.de: could not connect to host
 souyar.net: could not connect to host
@@ -416,19 +427,18 @@ sunshinepress.org: could not connect to host
 surfeasy.com: did not receive HSTS header
 suzukikenichi.com: did not receive HSTS header
 sv.search.yahoo.com: did not receive HSTS header
-sylaps.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 134"  data: no]
 syzygy-tables.info: did not receive HSTS header
 t.facebook.com: did not receive HSTS header
 tablet.facebook.com: did not receive HSTS header
+taglondon.org: did not receive HSTS header
 talk.google.com: could not connect to host
 talk.google.com: could not connect to host (error ignored - included regardless)
-talkgadget.google.com: did not receive HSTS header (error ignored - included regardless)
 tallr.se: could not connect to host
 tandarts-haarlem.nl: did not receive HSTS header
 tapka.cz: did not receive HSTS header
-taskotron.fedoraproject.org: could not connect to host
 taxsquirrel.com: could not connect to host
 tc-bonito.de: did not receive HSTS header
+tdrs.info: could not connect to host
 tektoria.de: did not receive HSTS header
 temehu.com: did not receive HSTS header
 temp.pm: did not receive HSTS header
@@ -450,6 +460,7 @@ translate.googleapis.com: did not receive HSTS header (error ignored - included
 translatoruk.co.uk: did not receive HSTS header
 triop.se: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 134"  data: no]
 tuturulianda.com: did not receive HSTS header
+tuxgeo.com: did not receive HSTS header
 tv.search.yahoo.com: could not connect to host
 tw.search.yahoo.com: did not receive HSTS header
 tzappa.net: did not receive HSTS header
@@ -460,6 +471,7 @@ unbanthe.net: did not receive HSTS header
 univz.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 134"  data: no]
 uonstaffhub.com: could not connect to host
 uprotect.it: could not connect to host
+ust.space: did not receive HSTS header
 ustr.gov: max-age too low: 86400
 uy.search.yahoo.com: did not receive HSTS header
 uz.search.yahoo.com: did not receive HSTS header
@@ -472,7 +484,7 @@ webeau.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR
 webmail.mayfirst.org: did not receive HSTS header
 when-release.com: did not receive HSTS header
 wikidsystems.com: did not receive HSTS header
-withustrading.com: did not receive HSTS header
+withustrading.com: could not connect to host
 wiz.biz: could not connect to host
 wohnungsbau-ludwigsburg.de: did not receive HSTS header
 www.apollo-auto.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 134"  data: no]
diff --git a/security/manager/ssl/nsSTSPreloadList.inc b/security/manager/ssl/nsSTSPreloadList.inc
index 22631404c57..181c7c59d52 100644
--- a/security/manager/ssl/nsSTSPreloadList.inc
+++ b/security/manager/ssl/nsSTSPreloadList.inc
@@ -8,7 +8,7 @@
 /*****************************************************************************/
 
 #include <stdint.h>
-const PRTime gPreloadListExpirationTime = INT64_C(1445682256437000);
+const PRTime gPreloadListExpirationTime = INT64_C(1446287099409000);
 
 class nsSTSPreload
 {
@@ -75,7 +75,6 @@ static const nsSTSPreload kSTSPreloadList[] = {
   { "aiticon.com", true },
   { "ajouin.com", true },
   { "akachanikuji.com", true },
-  { "akselimedia.fi", true },
   { "akselinurmio.fi", true },
   { "al-shami.net", true },
   { "aladdinschools.appspot.com", true },
@@ -162,10 +161,8 @@ static const nsSTSPreload kSTSPreloadList[] = {
   { "aurainfosec.com.au", true },
   { "auraredeye.com", true },
   { "auraredshield.com", true },
-  { "auszeit.bio", true },
   { "authentication.io", true },
   { "autoledky.sk", true },
-  { "av.de", true },
   { "axka.com", false },
   { "azirevpn.com", true },
   { "badges.fedoraproject.org", true },
@@ -326,7 +323,6 @@ static const nsSTSPreload kSTSPreloadList[] = {
   { "cheesetart.my", false },
   { "chrisirwin.ca", true },
   { "chrisjean.com", true },
-  { "chriswarrick.com", true },
   { "chrome-devtools-frontend.appspot.com", true },
   { "chrome.com", false },
   { "chrome.google.com", true },
@@ -560,6 +556,7 @@ static const nsSTSPreload kSTSPreloadList[] = {
   { "everhome.de", true },
   { "eveshamglass.co.uk", true },
   { "evstatus.com", true },
+  { "exiahost.com", false },
   { "exon.io", true },
   { "expatads.com", true },
   { "explodie.org", true },
@@ -701,6 +698,7 @@ static const nsSTSPreload kSTSPreloadList[] = {
   { "gokmenguresci.com", true },
   { "goldendata.io", true },
   { "golfscape.com", false },
+  { "google", true },
   { "googlemail.com", false },
   { "googleplex.com", true },
   { "gopay.cz", true },
@@ -726,6 +724,7 @@ static const nsSTSPreload kSTSPreloadList[] = {
   { "gtraxapp.com", true },
   { "gudini.net", true },
   { "gugga.dk", false },
+  { "guidetoiceland.is", true },
   { "gunnarhafdal.com", true },
   { "guphi.net", true },
   { "guru-naradi.cz", true },
@@ -754,7 +753,6 @@ static const nsSTSPreload kSTSPreloadList[] = {
   { "hausverbrauch.de", true },
   { "haveibeenpwned.com", true },
   { "hboeck.de", true },
-  { "hda.me", true },
   { "healthcare.gov", false },
   { "heartlandrentals.com", true },
   { "heavystresser.com", true },
@@ -778,7 +776,7 @@ static const nsSTSPreload kSTSPreloadList[] = {
   { "hg.python.org", true },
   { "hicn.gq", true },
   { "hicoria.com", true },
-  { "history.google.com", true },
+  { "history.google.com", false },
   { "hiv.gov", true },
   { "hledejpravnika.cz", true },
   { "hobbyspeed.com", true },
@@ -1013,7 +1011,6 @@ static const nsSTSPreload kSTSPreloadList[] = {
   { "limitededitionsolutions.com", true },
   { "limpid.nl", true },
   { "lingolia.com", true },
-  { "linguaquote.com", true },
   { "linode.com", false },
   { "linorman1997.me", true },
   { "linux-admin-california.com", true },
@@ -1232,11 +1229,11 @@ static const nsSTSPreload kSTSPreloadList[] = {
   { "nellacms.com", true },
   { "nellacms.org", true },
   { "nellafw.org", true },
-  { "nemovement.org", true },
   { "nerven.se", true },
   { "net-safe.info", true },
   { "netbox.cc", true },
   { "netera.se", true },
+  { "netrelay.email", true },
   { "netrider.net.au", true },
   { "newstarnootropics.com", true },
   { "nextend.net", true },
@@ -1250,7 +1247,6 @@ static const nsSTSPreload kSTSPreloadList[] = {
   { "nodari.com.ar", true },
   { "noemax.com", true },
   { "noob-box.net", true },
-  { "noobs-r-us.co.uk", true },
   { "nopex.no", true },
   { "northernmuscle.ca", true },
   { "nos-oignons.net", true },
@@ -1271,7 +1267,6 @@ static const nsSTSPreload kSTSPreloadList[] = {
   { "nu3.fr", true },
   { "nu3.no", true },
   { "nu3.se", true },
-  { "null-sec.ru", true },
   { "null.tips", true },
   { "nutsandboltsmedia.com", true },
   { "nuvini.com", true },
@@ -1547,7 +1542,7 @@ static const nsSTSPreload kSTSPreloadList[] = {
   { "security-carpet.com", true },
   { "security.google.com", true },
   { "securityheaders.com", true },
-  { "securitysnobs.com", true },
+  { "securitysnobs.com", false },
   { "secuvera.de", true },
   { "seifried.org", true },
   { "sellocdn.com", true },
@@ -1570,7 +1565,6 @@ static const nsSTSPreload kSTSPreloadList[] = {
   { "shipard.com", true },
   { "shodan.io", true },
   { "shopontarget.com", true },
-  { "shoprose.ru", true },
   { "shortdiary.me", true },
   { "sidium.de", true },
   { "siewert-kau.de", true },
@@ -1615,6 +1609,7 @@ static const nsSTSPreload kSTSPreloadList[] = {
   { "sny.no", true },
   { "soccergif.com", true },
   { "soci.ml", true },
+  { "sockeye.cc", true },
   { "soia.ca", true },
   { "solihullcarnival.co.uk", true },
   { "solihulllionsclub.org.uk", true },
@@ -1691,7 +1686,6 @@ static const nsSTSPreload kSTSPreloadList[] = {
   { "t23m-navi.jp", false },
   { "tadigitalstore.com", true },
   { "tageau.com", true },
-  { "taglondon.org", true },
   { "taken.pl", true },
   { "talideon.com", true },
   { "talk.google.com", true },
@@ -1819,7 +1813,6 @@ static const nsSTSPreload kSTSPreloadList[] = {
   { "tucuxi.org", true },
   { "tuitle.com", true },
   { "tunebitfm.de", true },
-  { "tuxgeo.com", true },
   { "tuxplace.nl", true },
   { "twentymilliseconds.com", true },
   { "twisto.cz", true },
@@ -1851,7 +1844,6 @@ static const nsSTSPreload kSTSPreloadList[] = {
   { "usaa.com", false },
   { "uscntalk.com", true },
   { "uspsoig.gov", true },
-  { "ust.space", true },
   { "utilityapi.com", true },
   { "utleieplassen.no", true },
   { "vaddder.com", true },
@@ -1934,7 +1926,7 @@ static const nsSTSPreload kSTSPreloadList[] = {
   { "whitestagforge.com", true },
   { "whocalld.com", true },
   { "whonix.org", true },
-  { "widememory.com", true },
+  { "widememory.com", false },
   { "wieninternational.at", true },
   { "wifirst.net", true },
   { "wiki.python.org", true },
diff --git a/testing/mozharness/mozharness.json b/testing/mozharness/mozharness.json
index 05ac8458228..39f3525224c 100644
--- a/testing/mozharness/mozharness.json
+++ b/testing/mozharness/mozharness.json
@@ -1,4 +1,4 @@
 {
     "repo": "https://hg.mozilla.org/build/mozharness",
-    "revision": "4135b4ce5aa1"
+    "revision": "30d82783408b"
 }
diff --git a/testing/talos/talos.json b/testing/talos/talos.json
index a2ea2fcd55c..f02270f7454 100644
--- a/testing/talos/talos.json
+++ b/testing/talos/talos.json
@@ -5,7 +5,7 @@
     },
     "global": {
         "talos_repo": "https://hg.mozilla.org/build/talos",
-        "talos_revision": "39db01f6dabb"
+        "talos_revision": "33449734f99f"
     },
     "extra_options": {
         "android": [ "--apkPath=%(apk_path)s" ]
diff --git a/toolkit/components/passwordmgr/LoginManagerContent.jsm b/toolkit/components/passwordmgr/LoginManagerContent.jsm
index 4807bc4ec67..b06b4fb0dfd 100644
--- a/toolkit/components/passwordmgr/LoginManagerContent.jsm
+++ b/toolkit/components/passwordmgr/LoginManagerContent.jsm
@@ -8,12 +8,14 @@ this.EXPORTED_SYMBOLS = [ "LoginManagerContent",
                           "UserAutoCompleteResult" ];
 
 const { classes: Cc, interfaces: Ci, results: Cr, utils: Cu } = Components;
+const PASSWORD_INPUT_ADDED_COALESCING_THRESHOLD_MS = 1;
 
 Cu.import("resource://gre/modules/XPCOMUtils.jsm");
 Cu.import("resource://gre/modules/Services.jsm");
 Cu.import("resource://gre/modules/PrivateBrowsingUtils.jsm");
 Cu.import("resource://gre/modules/Promise.jsm");
 
+XPCOMUtils.defineLazyModuleGetter(this, "DeferredTask", "resource://gre/modules/DeferredTask.jsm");
 XPCOMUtils.defineLazyModuleGetter(this, "LoginRecipesContent",
                                   "resource://gre/modules/LoginRecipes.jsm");
 
@@ -93,6 +95,30 @@ var LoginManagerContent = {
   _messages: [ "RemoteLogins:loginsFound",
                "RemoteLogins:loginsAutoCompleted" ],
 
+  /**
+   * WeakMap of the root element of a FormLike to the FormLike representing its fields.
+   *
+   * This is used to be able to lookup an existing FormLike for a given root element since multiple
+   * calls to FormLikeFactory won't give the exact same object. When batching fills we don't always
+   * want to use the most recent list of elements for a FormLike since we may end up doing multiple
+   * fills for the same set of elements when a field gets added between arming and running the
+   * DeferredTask.
+   *
+   * @type {WeakMap}
+   */
+  _formLikeByRootElement: new WeakMap(),
+
+  /**
+   * WeakMap of the root element of a WeakMap to the DeferredTask to fill its fields.
+   *
+   * This is used to be able to throttle fills for a FormLike since onDOMInputPasswordAdded gets
+   * dispatched for each password field added to a document but we only want to fill once per
+   * FormLike when multiple fields are added at once.
+   *
+   * @type {WeakMap}
+   */
+  _deferredPasswordAddedTasksByRootElement: new WeakMap(),
+
   // Map from form login requests to information about that request.
   _requests: new Map(),
 
@@ -219,6 +245,11 @@ var LoginManagerContent = {
     let form = aElement.form;
     let win = doc.defaultView;
 
+    if (!form) {
+      return Promise.reject("Bug 1173583: _autoCompleteSearchAsync needs to be " +
+                            "updated to work outside of <form>");
+    }
+
     let formOrigin = LoginUtils._getPasswordOrigin(doc.documentURI);
     let actionOrigin = LoginUtils._getActionOrigin(form);
 
@@ -246,7 +277,69 @@ var LoginManagerContent = {
     }
 
     let form = event.target;
+    let formLike = FormLikeFactory.createFromForm(form);
+    log("onDOMFormHasPassword:", form, formLike);
+    this._fetchLoginsFromParentAndFillForm(formLike, window);
+  },
 
+  onDOMInputPasswordAdded(event, window) {
+    if (!event.isTrusted) {
+      return;
+    }
+
+    let pwField = event.target;
+    if (pwField.form) {
+      // Handled by onDOMFormHasPassword which is already throttled.
+      return;
+    }
+
+    let formLike = FormLikeFactory.createFromPasswordField(pwField);
+    log("onDOMInputPasswordAdded:", pwField, formLike);
+
+    let deferredTask = this._deferredPasswordAddedTasksByRootElement.get(formLike.rootElement);
+    if (!deferredTask) {
+      log("Creating a DeferredTask to call _fetchLoginsFromParentAndFillForm soon");
+      this._formLikeByRootElement.set(formLike.rootElement, formLike);
+
+      deferredTask = new DeferredTask(function* deferredInputProcessing() {
+        // Get the updated formLike instead of the one at the time of creating the DeferredTask via
+        // a closure since it could be stale since FormLike.elements isn't live.
+        let formLike2 = this._formLikeByRootElement.get(formLike.rootElement);
+        log("Running deferred processing of onDOMInputPasswordAdded", formLike2);
+        this._deferredPasswordAddedTasksByRootElement.delete(formLike2.rootElement);
+        this._fetchLoginsFromParentAndFillForm(formLike2, window);
+        this._formLikeByRootElement.delete(formLike.rootElement);
+      }.bind(this), PASSWORD_INPUT_ADDED_COALESCING_THRESHOLD_MS);
+
+      this._deferredPasswordAddedTasksByRootElement.set(formLike.rootElement, deferredTask);
+    }
+
+    if (deferredTask.isArmed) {
+      log("DeferredTask is already armed so just updating the FormLike");
+      // We update the FormLike so it (most important .elements) is fresh when the task eventually
+      // runs since changes to the elements could affect our field heuristics.
+      this._formLikeByRootElement.set(formLike.rootElement, formLike);
+    } else {
+      if (window.document.readyState == "complete") {
+        log("Arming the DeferredTask we just created since document.readyState == 'complete'");
+        deferredTask.arm();
+      } else {
+        window.addEventListener("DOMContentLoaded", function armPasswordAddedTask() {
+          window.removeEventListener("DOMContentLoaded", armPasswordAddedTask);
+          log("Arming the onDOMInputPasswordAdded DeferredTask due to DOMContentLoaded");
+          deferredTask.arm();
+        });
+      }
+    }
+  },
+
+  /**
+   * Fetch logins from the parent for a given form and then attempt to fill it.
+   *
+   * @param {FormLike} form to fetch the logins for then try autofill.
+   * @param {Window} window
+   */
+  _fetchLoginsFromParentAndFillForm(form, window) {
     // Always record the most recently added form with a password field.
     this.stateForDocument(form.ownerDocument).loginForm = form;
 
@@ -259,7 +352,6 @@ var LoginManagerContent = {
       return;
     }
 
-    log("onDOMFormHasPassword for", form.ownerDocument.documentURI);
     this._getLoginDataFromParent(form, { showMasterPassword: true })
         .then(this.loginsFound.bind(this))
         .then(null, Cu.reportError);
@@ -402,7 +494,7 @@ var LoginManagerContent = {
     if (!this._isUsernameFieldType(acInputField))
       return;
 
-    var acForm = acInputField.form;
+    var acForm = acInputField.form; // XXX: Bug 1173583 - This doesn't work outside of <form>.
     if (!acForm)
       return;
 
@@ -515,8 +607,10 @@ var LoginManagerContent = {
         fieldOverrideRecipe.passwordSelector
       );
       if (pwOverrideField) {
+        // The field from the password override may be in a different FormLike.
+        let formLike = FormLikeFactory.createFromPasswordField(pwOverrideField);
         pwFields = [{
-          index   : [...pwOverrideField.form.elements].indexOf(pwOverrideField),
+          index   : [...formLike.elements].indexOf(pwOverrideField),
           element : pwOverrideField,
         }];
       }
@@ -557,15 +651,15 @@ var LoginManagerContent = {
     if (!usernameField)
       log("(form -- no username field found)");
     else
-      log("Username field id/name/value is: ", usernameField.id, " / ",
-          usernameField.name, " / ", usernameField.value);
+      log("Username field ", usernameField, "has name/value:",
+          usernameField.name, "/", usernameField.value);
 
     // If we're not submitting a form (it's a page load), there are no
     // password field values for us to use for identifying fields. So,
     // just assume the first password field is the one to be filled in.
     if (!isSubmission || pwFields.length == 1) {
       var passwordField = pwFields[0].element;
-      log("Password field id/name is: ", passwordField.id, " / ", passwordField.name);
+      log("Password field", passwordField, "has name: ", passwordField.name);
       return [usernameField, passwordField, null];
     }
 
@@ -907,13 +1001,14 @@ var LoginManagerContent = {
         passwordField.setUserInput(selectedLogin.password);
       }
 
+      log("_fillForm succeeded");
       recordAutofillResult(AUTOFILL_RESULT.FILLED);
       let doc = form.ownerDocument;
       let win = doc.defaultView;
       let messageManager = messageManagerFromWindow(win);
       messageManager.sendAsyncMessage("LoginStats:LoginFillSuccessful");
     } finally {
-      Services.obs.notifyObservers(form, "passwordmgr-processed-form", null);
+      Services.obs.notifyObservers(form.rootElement, "passwordmgr-processed-form", null);
     }
   },
 
@@ -1088,6 +1183,7 @@ let FormLikeFactory = {
       formLike[prop] = aForm[prop];
     }
 
+    this._addToJSONProperty(formLike);
     return formLike;
   },
 
@@ -1117,7 +1213,7 @@ let FormLikeFactory = {
 
     let doc = aPasswordField.ownerDocument;
     log("Created non-form FormLike for rootElement:", doc.documentElement);
-    return {
+    let formLike = {
       action: LoginUtils._getPasswordOrigin(doc.baseURI),
       autocomplete: "on",
       // Exclude elements inside the rootElement that are already in a <form> as
@@ -1126,5 +1222,54 @@ let FormLikeFactory = {
       ownerDocument: doc,
       rootElement: doc.documentElement,
     };
+
+    this._addToJSONProperty(formLike);
+    return formLike;
+  },
+
+  /**
+   * Add a `toJSON` property to a FormLike so logging which ends up going
+   * through dump doesn't include usless garbage from DOM objects.
+   */
+  _addToJSONProperty(aFormLike) {
+    function prettyElementOutput(aElement) {
+      let idText = aElement.id ? "#" + aElement.id : "";
+      let classText = [for (className of aElement.classList) "." + className].join("");
+      return `<${aElement.nodeName + idText + classText}>`;
+    }
+
+    Object.defineProperty(aFormLike, "toJSON", {
+      value: () => {
+        let cleansed = {};
+        for (let key of Object.keys(aFormLike)) {
+          let value = aFormLike[key];
+          let cleansedValue = value;
+
+          switch (key) {
+            case "elements": {
+              cleansedValue = [for (element of value) prettyElementOutput(element)];
+              break;
+            }
+
+            case "ownerDocument": {
+              cleansedValue = {
+                location: {
+                  href: value.location.href,
+                },
+              };
+              break;
+            }
+
+            case "rootElement": {
+              cleansedValue = prettyElementOutput(value);
+              break;
+            }
+          }
+
+          cleansed[key] = cleansedValue;
+        }
+        return cleansed;
+      }
+    });
   },
 };
diff --git a/toolkit/components/passwordmgr/LoginRecipes.jsm b/toolkit/components/passwordmgr/LoginRecipes.jsm
index 45782d9a171..518b025c6d0 100644
--- a/toolkit/components/passwordmgr/LoginRecipes.jsm
+++ b/toolkit/components/passwordmgr/LoginRecipes.jsm
@@ -33,17 +33,8 @@ function LoginRecipesParent(aOptions = { defaults: true }) {
   if (Services.appinfo.processType != Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT) {
     throw new Error("LoginRecipesParent should only be used from the main process");
   }
-
-  this._recipesByHost = new Map();
-
-  if (aOptions.defaults) {
-    // XXX: Bug 1134850 will handle reading recipes from a file.
-    this.initializationPromise = this.load(DEFAULT_RECIPES).then(resolve => {
-      return this;
-    });
-  } else {
-    this.initializationPromise = Promise.resolve(this);
-  }
+  this._defaults = aOptions.defaults;
+  this.reset();
 }
 
 LoginRecipesParent.prototype = {
@@ -54,6 +45,11 @@ LoginRecipesParent.prototype = {
    */
   initializationPromise: null,
 
+  /**
+   * @type {bool} Whether default recipes were loaded at construction time.
+   */
+  _defaults: null,
+
   /**
    * @type {Map} Map of hosts (including non-default port numbers) to Sets of recipes.
    *             e.g. "example.com:8080" => Set({...})
@@ -84,6 +80,23 @@ LoginRecipesParent.prototype = {
     return Promise.resolve();
   },
 
+  /**
+   * Reset the set of recipes to the ones from the time of construction.
+   */
+  reset() {
+    log.debug("Resetting recipes with defaults:", this._defaults);
+    this._recipesByHost = new Map();
+
+    if (this._defaults) {
+      // XXX: Bug 1134850 will handle reading recipes from a file.
+      this.initializationPromise = this.load(DEFAULT_RECIPES).then(resolve => {
+        return this;
+      });
+    } else {
+      this.initializationPromise = Promise.resolve(this);
+    }
+  },
+
   /**
    * Validate the recipe is sane and then add it to the set of recipes.
    *
diff --git a/toolkit/components/passwordmgr/test/chrome.ini b/toolkit/components/passwordmgr/test/chrome.ini
index 31754515dab..7530842ae7e 100644
--- a/toolkit/components/passwordmgr/test/chrome.ini
+++ b/toolkit/components/passwordmgr/test/chrome.ini
@@ -5,6 +5,7 @@ support-files =
   notification_common.js
   pwmgr_common.js
 
+[test_formless_autofill.html]
 [test_formless_submit.html]
 [test_privbrowsing_perwindowpb.html]
 skip-if = true # Bug 1173337
diff --git a/toolkit/components/passwordmgr/test/pwmgr_common.js b/toolkit/components/passwordmgr/test/pwmgr_common.js
index 6c4eed670a5..a501911785b 100644
--- a/toolkit/components/passwordmgr/test/pwmgr_common.js
+++ b/toolkit/components/passwordmgr/test/pwmgr_common.js
@@ -182,11 +182,11 @@ function commonInit(selfFilling) {
         form.appendChild(password);
 
         var observer = SpecialPowers.wrapCallback(function(subject, topic, data) {
-            var form = subject.QueryInterface(SpecialPowers.Ci.nsIDOMNode);
-            if (form.id !== 'observerforcer')
+            var formLikeRoot = subject.QueryInterface(SpecialPowers.Ci.nsIDOMNode);
+            if (formLikeRoot.id !== 'observerforcer')
                 return;
             SpecialPowers.removeObserver(observer, "passwordmgr-processed-form");
-            form.parentNode.removeChild(form);
+            formLikeRoot.remove();
             SimpleTest.executeSoon(() => {
                 var event = new Event("runTests");
                 window.dispatchEvent(event);
@@ -259,6 +259,23 @@ function dumpLogin(label, login) {
     ok(true, label + loginText);
 }
 
+/**
+ * Resolves when a specified number of forms have been processed.
+ */
+function promiseFormsProcessed(expectedCount = 1) {
+  var processedCount = 0;
+  return new Promise((resolve, reject) => {
+    function onProcessedForm(subject, topic, data) {
+      processedCount++;
+      if (processedCount == expectedCount) {
+        SpecialPowers.removeObserver(onProcessedForm, "passwordmgr-processed-form");
+        resolve(subject, data);
+      }
+    }
+    SpecialPowers.addObserver(onProcessedForm, "passwordmgr-processed-form", false);
+  });
+}
+
 // Code to run when loaded as a chrome script in tests via loadChromeScript
 if (this.addMessageListener) {
   const { classes: Cc, interfaces: Ci, results: Cr, utils: Cu } = Components;
@@ -285,4 +302,12 @@ if (this.addMessageListener) {
   globalMM.addMessageListener("RemoteLogins:onFormSubmit", function onFormSubmit(message) {
     sendAsyncMessage("formSubmissionProcessed", message.data, message.objects);
   });
+} else {
+  // Code to only run in the mochitest pages (not in the chrome script).
+  SimpleTest.registerCleanupFunction(() => {
+    var { LoginManagerParent } = SpecialPowers.Cu.import("resource://gre/modules/LoginManagerParent.jsm", {});
+    return LoginManagerParent.recipeParentPromise.then((recipeParent) => {
+      SpecialPowers.wrap(recipeParent).reset();
+    });
+  });
 }
diff --git a/toolkit/components/passwordmgr/test/test_formless_autofill.html b/toolkit/components/passwordmgr/test/test_formless_autofill.html
new file mode 100644
index 00000000000..51cb11e532e
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/test_formless_autofill.html
@@ -0,0 +1,148 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Test autofilling of fields outside of a form</title>
+  <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
+  <script src="pwmgr_common.js"></script>
+  <link rel="stylesheet" href="chrome://mochikit/content/tests/SimpleTest/test.css" />
+</head>
+<body>
+<script type="application/javascript;version=1.8">
+SimpleTest.waitForExplicitFinish();
+
+const { classes: Cc, interfaces: Ci, results: Cr, utils: Cu } = Components;
+Cu.import("resource://gre/modules/Task.jsm");
+const LMCBackstagePass = Cu.import("resource://gre/modules/LoginManagerContent.jsm");
+const { LoginManagerContent, FormLikeFactory } = LMCBackstagePass;
+
+let parentScriptURL = SimpleTest.getTestFileURL("pwmgr_common.js");
+let mm = SpecialPowers.loadChromeScript(parentScriptURL);
+
+document.addEventListener("DOMContentLoaded", () => {
+  document.getElementById("loginFrame").addEventListener("load", (evt) => {
+    // Tell the parent to setup test logins.
+    mm.sendAsyncMessage("setupParent");
+  });
+});
+
+// When the setup is done, load a recipe for this test.
+mm.addMessageListener("doneSetup", function doneSetup() {
+  mm.sendAsyncMessage("loadRecipes", {
+    siteRecipes: [{
+      hosts: ["mochi.test:8888"],
+      usernameSelector: "input[name='recipeuname']",
+      passwordSelector: "input[name='recipepword']",
+    }],
+  });
+});
+
+mm.addMessageListener("loadedRecipes", () => runTest());
+
+const DEFAULT_ORIGIN = "http://mochi.test:8888";
+const TESTCASES = [
+  {
+    // Inputs
+    document: `<input type=password>`,
+
+    // Expected outputs
+    expectedInputValues: ["testpass"],
+  },
+  {
+    document: `<input>
+      <input type=password>`,
+    expectedInputValues: ["testuser", "testpass"],
+  },
+  {
+    document: `<input>
+      <input type=password>
+      <input type=password>`,
+    expectedInputValues: ["testuser", "testpass", ""],
+  },
+  {
+    document: `<input>
+      <input type=password>
+      <input type=password>
+      <input type=password>`,
+    expectedInputValues: ["testuser", "testpass", "", ""],
+  },
+  {
+    document: `<input>
+      <input type=password form="form1">
+      <input type=password>
+      <form id="form1">
+        <input>
+        <input type=password>
+      </form>`,
+    expectedFormCount: 2,
+    expectedInputValues: ["testuser", "testpass", "testpass", "", ""],
+  },
+  {
+    document: `<!-- formless password field selector recipe test -->
+      <input>
+      <input type=password>
+      <input>
+      <input type=password name="recipepword">`,
+    expectedInputValues: ["", "", "testuser", "testpass"],
+  },
+  {
+    document: `<!-- formless username and password field selector recipe test -->
+      <input name="recipeuname">
+      <input>
+      <input type=password>
+      <input type=password name="recipepword">`,
+    expectedInputValues: ["testuser", "", "", "testpass"],
+  },
+  {
+    document: `<!-- form and formless recipe field selector test -->
+      <input name="recipeuname">
+      <input>
+      <input type=password form="form1"> <!-- not filled since recipe affects both FormLikes -->
+      <input type=password>
+      <input type=password name="recipepword">
+      <form id="form1">
+        <input>
+        <input type=password>
+      </form>`,
+    expectedFormCount: 2,
+    expectedInputValues: ["testuser", "", "", "", "testpass", "", ""],
+  },
+];
+
+let runTest = Task.async(function*() {
+  let loginFrame = document.getElementById("loginFrame");
+  let frameDoc = loginFrame.contentWindow.document;
+
+  for (let tc of TESTCASES) {
+    info("Starting testcase: " + JSON.stringify(tc));
+
+    let numFormLikesExpected = tc.expectedFormCount || 1;
+
+    let processedFormPromise = promiseFormsProcessed(numFormLikesExpected);
+
+    frameDoc.documentElement.innerHTML = tc.document;
+    info("waiting for " + numFormLikesExpected + " processed form(s)");
+    yield processedFormPromise;
+
+    let testInputs = frameDoc.documentElement.querySelectorAll("input");
+    is(testInputs.length, tc.expectedInputValues.length, "Check number of inputs");
+    for (let i = 0; i < tc.expectedInputValues.length; i++) {
+      let expectedValue = tc.expectedInputValues[i];
+      is(testInputs[i].value, expectedValue,
+         "Check expected input value " + i + ": " + expectedValue);
+    }
+  }
+
+  SimpleTest.finish();
+});
+
+</script>
+
+<p id="display"></p>
+
+<div id="content">
+  <iframe id="loginFrame" src="http://mochi.test:8888/tests/toolkit/components/passwordmgr/test/blank.html"></iframe>
+</div>
+<pre id="test"></pre>
+</body>
+</html>
diff --git a/toolkit/components/passwordmgr/test/test_formless_submit.html b/toolkit/components/passwordmgr/test/test_formless_submit.html
index 7df2a6191f1..9eb1a4552dd 100644
--- a/toolkit/components/passwordmgr/test/test_formless_submit.html
+++ b/toolkit/components/passwordmgr/test/test_formless_submit.html
@@ -4,6 +4,7 @@
   <meta charset="utf-8">
   <title>Test capturing of fields outside of a form</title>
   <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
+  <script src="pwmgr_common.js"></script>
   <link rel="stylesheet" href="chrome://mochikit/content/tests/SimpleTest/test.css" />
 </head>
 <body>
@@ -15,8 +16,6 @@ Cu.import("resource://gre/modules/Task.jsm");
 const LMCBackstagePass = Cu.import("resource://gre/modules/LoginManagerContent.jsm");
 const { LoginManagerContent, FormLikeFactory } = LMCBackstagePass;
 
-SpecialPowers.Services.prefs.setBoolPref("signon.debug", true);
-
 let parentScriptURL = SimpleTest.getTestFileURL("pwmgr_common.js");
 let mm = SpecialPowers.loadChromeScript(parentScriptURL);
 
@@ -31,21 +30,20 @@ document.addEventListener("DOMContentLoaded", () => {
 mm.addMessageListener("doneSetup", function doneSetup() {
   mm.sendAsyncMessage("loadRecipes", {
     siteRecipes: [{
-      hosts: ["mochi.test:8888"],
-      usernameSelector: "input[name='uname1']",
-      passwordSelector: "input[name='pword2']",
+      hosts: ["test1.mochi.test:8888"],
+      usernameSelector: "input[name='recipeuname']",
+      passwordSelector: "input[name='recipepword']",
     }],
   });
 });
 
 mm.addMessageListener("loadedRecipes", () => runTest());
 
-const DEFAULT_ORIGIN = "http://mochi.test:8888";
+const DEFAULT_ORIGIN = "http://test1.mochi.test:8888";
 const TESTCASES = [
   {
     // Inputs
     document: `<input type=password value="pass1">`,
-    //documentURL: DEFAULT_ORIGIN,
     inputIndexForFormLike: 0,
 
     // Expected outputs similar to RemoteLogins:onFormSubmit
@@ -103,6 +101,19 @@ const TESTCASES = [
     newPasswordFieldValue: "pass1",
     oldPasswordFieldValue: null,
   },
+  {
+    document: `<!-- recipe field override -->
+      <input name="recipeuname" value="username from recipe">
+      <input value="default field username">
+      <input type=password value="pass1">
+      <input name="recipepword" type=password value="pass2">`,
+    inputIndexForFormLike: 2,
+    hostname: DEFAULT_ORIGIN,
+    formSubmitURL: DEFAULT_ORIGIN,
+    usernameFieldValue: "username from recipe",
+    newPasswordFieldValue: "pass2",
+    oldPasswordFieldValue: null,
+  },
 ];
 
 function getSubmitMessage() {
@@ -160,7 +171,7 @@ let runTest = Task.async(function*() {
 <p id="display"></p>
 
 <div id="content">
-  <iframe id="loginFrame" src="http://mochi.test:8888/tests/toolkit/components/passwordmgr/test/blank.html"></iframe>
+  <iframe id="loginFrame" src="http://test1.mochi.test:8888/tests/toolkit/components/passwordmgr/test/blank.html"></iframe>
 </div>
 <pre id="test"></pre>
 </body>
diff --git a/toolkit/components/places/UnifiedComplete.js b/toolkit/components/places/UnifiedComplete.js
index 20c29613ab3..76af4013f99 100644
--- a/toolkit/components/places/UnifiedComplete.js
+++ b/toolkit/components/places/UnifiedComplete.js
@@ -1038,7 +1038,7 @@ Search.prototype = {
   _addSearchEngineMatch(match, query, suggestion) {
     let actionURLParams = {
       engineName: match.engineName,
-      input: this._originalSearchString,
+      input: suggestion || this._originalSearchString,
       searchQuery: query,
     };
     if (suggestion)
@@ -1190,8 +1190,9 @@ Search.prototype = {
     if (this._searchSuggestionController) {
       let [match, suggestion] = this._searchSuggestionController.consume();
       if (suggestion) {
-        this._addSearchEngineMatch(match, this._originalSearchString,
-                                   suggestion);
+        // Don't include the restrict token, if present.
+        let searchString = this._searchTokens.join(" ");
+        this._addSearchEngineMatch(match, searchString, suggestion);
         return true;
       }
     }
diff --git a/toolkit/components/places/tests/unifiedcomplete/test_searchSuggestions.js b/toolkit/components/places/tests/unifiedcomplete/test_searchSuggestions.js
index 777107194e0..f0500575ead 100644
--- a/toolkit/components/places/tests/unifiedcomplete/test_searchSuggestions.js
+++ b/toolkit/components/places/tests/unifiedcomplete/test_searchSuggestions.js
@@ -6,12 +6,21 @@ const SUGGEST_PREF = "browser.urlbar.suggest.searches";
 const SUGGEST_ENABLED_PREF = "browser.search.suggest.enabled";
 const SUGGEST_RESTRICT_TOKEN = "$";
 
-// Set this to some other function to change how the server converts search
-// strings into suggestions.
-let suggestionsFromSearchString = searchStr => {
-  let suffixes = ["foo", "bar"];
-  return suffixes.map(s => searchStr + " " + s);
-};
+let suggestionsFn;
+let previousSuggestionsFn;
+
+function setSuggestionsFn(fn) {
+  previousSuggestionsFn = suggestionsFn;
+  suggestionsFn = fn;
+}
+
+function* cleanUpSuggestions() {
+  yield cleanup();
+  if (previousSuggestionsFn) {
+    suggestionsFn = previousSuggestionsFn;
+    previousSuggestionsFn = null;
+  }
+}
 
 add_task(function* setUp() {
   // Set up a server that provides some suggestions by appending strings onto
@@ -21,19 +30,21 @@ add_task(function* setUp() {
     // URL query params are x-www-form-urlencoded, which converts spaces into
     // plus signs, so un-convert any plus signs back to spaces.
     let searchStr = decodeURIComponent(req.queryString.replace(/\+/g, " "));
-    let suggestions = suggestionsFromSearchString(searchStr);
+    let suggestions = suggestionsFn(searchStr);
     let data = [searchStr, suggestions];
     resp.setHeader("Content-Type", "application/json", false);
     resp.write(JSON.stringify(data));
   });
+  setSuggestionsFn(searchStr => {
+    let suffixes = ["foo", "bar"];
+    return suffixes.map(s => searchStr + " " + s);
+  });
 
   // Install the test engine.
   let oldCurrentEngine = Services.search.currentEngine;
   do_register_cleanup(() => Services.search.currentEngine = oldCurrentEngine);
   let engine = yield addTestEngine(ENGINE_NAME, server);
   Services.search.currentEngine = engine;
-
-  yield cleanup();
 });
 
 add_task(function* disabled() {
@@ -42,21 +53,20 @@ add_task(function* disabled() {
     search: "hello",
     matches: [],
   });
-  yield cleanup();
+  yield cleanUpSuggestions();
 });
 
 add_task(function* singleWordQuery() {
   Services.prefs.setBoolPref(SUGGEST_PREF, true);
   Services.prefs.setBoolPref(SUGGEST_ENABLED_PREF, true);
 
-  let searchStr = "hello";
   yield check_autocomplete({
-    search: searchStr,
+    search: "hello",
     matches: [{
       uri: makeActionURI(("searchengine"), {
         engineName: ENGINE_NAME,
-        input: searchStr,
-        searchQuery: searchStr,
+        input: "hello foo",
+        searchQuery: "hello",
         searchSuggestion: "hello foo",
       }),
       title: ENGINE_NAME,
@@ -65,8 +75,8 @@ add_task(function* singleWordQuery() {
     }, {
       uri: makeActionURI(("searchengine"), {
         engineName: ENGINE_NAME,
-        input: searchStr,
-        searchQuery: searchStr,
+        input: "hello bar",
+        searchQuery: "hello",
         searchSuggestion: "hello bar",
       }),
       title: ENGINE_NAME,
@@ -75,21 +85,20 @@ add_task(function* singleWordQuery() {
     }],
   });
 
-  yield cleanup();
+  yield cleanUpSuggestions();
 });
 
 add_task(function* multiWordQuery() {
   Services.prefs.setBoolPref(SUGGEST_PREF, true);
   Services.prefs.setBoolPref(SUGGEST_ENABLED_PREF, true);
 
-  let searchStr = "hello world";
   yield check_autocomplete({
-    search: searchStr,
+    search: "hello world",
     matches: [{
       uri: makeActionURI(("searchengine"), {
         engineName: ENGINE_NAME,
-        input: searchStr,
-        searchQuery: searchStr,
+        input: "hello world foo",
+        searchQuery: "hello world",
         searchSuggestion: "hello world foo",
       }),
       title: ENGINE_NAME,
@@ -98,8 +107,8 @@ add_task(function* multiWordQuery() {
     }, {
       uri: makeActionURI(("searchengine"), {
         engineName: ENGINE_NAME,
-        input: searchStr,
-        searchQuery: searchStr,
+        input: "hello world bar",
+        searchQuery: "hello world",
         searchSuggestion: "hello world bar",
       }),
       title: ENGINE_NAME,
@@ -108,27 +117,25 @@ add_task(function* multiWordQuery() {
     }],
   });
 
-  yield cleanup();
+  yield cleanUpSuggestions();
 });
 
 add_task(function* suffixMatch() {
   Services.prefs.setBoolPref(SUGGEST_PREF, true);
   Services.prefs.setBoolPref(SUGGEST_ENABLED_PREF, true);
 
-  let oldFn = suggestionsFromSearchString;
-  suggestionsFromSearchString = searchStr => {
+  setSuggestionsFn(searchStr => {
     let prefixes = ["baz", "quux"];
     return prefixes.map(p => p + " " + searchStr);
-  };
+  });
 
-  let searchStr = "hello";
   yield check_autocomplete({
-    search: searchStr,
+    search: "hello",
     matches: [{
       uri: makeActionURI(("searchengine"), {
         engineName: ENGINE_NAME,
-        input: searchStr,
-        searchQuery: searchStr,
+        input: "baz hello",
+        searchQuery: "hello",
         searchSuggestion: "baz hello",
       }),
       title: ENGINE_NAME,
@@ -137,8 +144,8 @@ add_task(function* suffixMatch() {
     }, {
       uri: makeActionURI(("searchengine"), {
         engineName: ENGINE_NAME,
-        input: searchStr,
-        searchQuery: searchStr,
+        input: "quux hello",
+        searchQuery: "hello",
         searchSuggestion: "quux hello",
       }),
       title: ENGINE_NAME,
@@ -147,8 +154,42 @@ add_task(function* suffixMatch() {
     }],
   });
 
-  suggestionsFromSearchString = oldFn;
-  yield cleanup();
+  yield cleanUpSuggestions();
+});
+
+add_task(function* queryIsNotASubstring() {
+  Services.prefs.setBoolPref(SUGGEST_PREF, true);
+
+  setSuggestionsFn(searchStr => {
+    return ["aaa", "bbb"];
+  });
+
+  yield check_autocomplete({
+    search: "hello",
+    matches: [{
+      uri: makeActionURI(("searchengine"), {
+        engineName: ENGINE_NAME,
+        input: "aaa",
+        searchQuery: "hello",
+        searchSuggestion: "aaa",
+      }),
+      title: ENGINE_NAME,
+      style: ["action", "searchengine"],
+      icon: "",
+    }, {
+      uri: makeActionURI(("searchengine"), {
+        engineName: ENGINE_NAME,
+        input: "bbb",
+        searchQuery: "hello",
+        searchSuggestion: "bbb",
+      }),
+      title: ENGINE_NAME,
+      style: ["action", "searchengine"],
+      icon: "",
+    }],
+  });
+
+  yield cleanUpSuggestions();
 });
 
 add_task(function* restrictToken() {
@@ -176,9 +217,8 @@ add_task(function* restrictToken() {
 
   // Do an unrestricted search to make sure everything appears in it, including
   // the visit and bookmark.
-  let searchStr = "hello";
   yield check_autocomplete({
-    search: searchStr,
+    search: "hello",
     matches: [
       {
         uri: NetUtil.newURI("http://example.com/hello-visit"),
@@ -192,8 +232,8 @@ add_task(function* restrictToken() {
       {
         uri: makeActionURI(("searchengine"), {
           engineName: ENGINE_NAME,
-          input: searchStr,
-          searchQuery: searchStr,
+          input: "hello foo",
+          searchQuery: "hello",
           searchSuggestion: "hello foo",
         }),
         title: ENGINE_NAME,
@@ -203,8 +243,8 @@ add_task(function* restrictToken() {
       {
         uri: makeActionURI(("searchengine"), {
           engineName: ENGINE_NAME,
-          input: searchStr,
-          searchQuery: searchStr,
+          input: "hello bar",
+          searchQuery: "hello",
           searchSuggestion: "hello bar",
         }),
         title: ENGINE_NAME,
@@ -215,15 +255,14 @@ add_task(function* restrictToken() {
   });
 
   // Now do a restricted search to make sure only suggestions appear.
-  searchStr = SUGGEST_RESTRICT_TOKEN + " hello";
   yield check_autocomplete({
-    search: searchStr,
+    search: SUGGEST_RESTRICT_TOKEN + " hello",
     matches: [
       {
         uri: makeActionURI(("searchengine"), {
           engineName: ENGINE_NAME,
-          input: searchStr,
-          searchQuery: searchStr,
+          input: "hello foo",
+          searchQuery: "hello",
           searchSuggestion: "hello foo",
         }),
         title: ENGINE_NAME,
@@ -233,8 +272,8 @@ add_task(function* restrictToken() {
       {
         uri: makeActionURI(("searchengine"), {
           engineName: ENGINE_NAME,
-          input: searchStr,
-          searchQuery: searchStr,
+          input: "hello bar",
+          searchQuery: "hello",
           searchSuggestion: "hello bar",
         }),
         title: ENGINE_NAME,
@@ -244,5 +283,5 @@ add_task(function* restrictToken() {
     ],
   });
 
-  yield cleanup();
+  yield cleanUpSuggestions();
 });
diff --git a/toolkit/components/telemetry/Histograms.json b/toolkit/components/telemetry/Histograms.json
index 9195ea884c3..274737a928b 100644
--- a/toolkit/components/telemetry/Histograms.json
+++ b/toolkit/components/telemetry/Histograms.json
@@ -8259,5 +8259,11 @@
     "expires_in_version": "never",
     "kind": "flag",
     "description": "An Attr node that's not namespace-aware and was created from an HTML document is set on a non-HTML element and has a name containing uppercase ASCII chars"
+  },
+  "FENNEC_TITLE_IN_TITLEBAR_ENABLED": {
+    "alert_emails": ["michael.l.comella@gmail.com"],
+    "expires_in_version": "43",
+    "kind": "boolean",
+    "description": "Is the title shown in the url bar (as determined by the titlebar title or url preference)?"
   }
 }
diff --git a/toolkit/content/widgets/autocomplete.xml b/toolkit/content/widgets/autocomplete.xml
index cd566f0bf32..c8da2542642 100644
--- a/toolkit/content/widgets/autocomplete.xml
+++ b/toolkit/content/widgets/autocomplete.xml
@@ -1651,14 +1651,36 @@ extends="chrome://global/content/bindings/popup.xml#popup">
               let engineStr = "- " +
                 this._stringBundle.formatStringFromName("searchWithEngine",
                                                         [engineName], 1);
-              let suggestedPart = "";
+
+              // Make the title by generating an array of pairs and its
+              // corresponding interpolation string (e.g., "%1$S") to pass to
+              // _generateEmphasisPairs.
+              let pairs;
               if (searchSuggestion) {
-                suggestedPart = searchSuggestion.substr(searchQuery.length);
+                // Check if the search query appears in the suggestion.  It may
+                // not.  If it does, then emphasize the query in the suggestion
+                // and otherwise just include the suggestion without emphasis.
+                let idx = searchSuggestion.indexOf(searchQuery);
+                if (idx >= 0) {
+                  pairs = [
+                    [searchSuggestion.substring(0, idx), ""],
+                    [searchQuery, "match"],
+                    [searchSuggestion.substring(idx + searchQuery.length), ""],
+                  ];
+                } else {
+                  pairs = [
+                    [searchSuggestion, ""],
+                  ];
+                }
+              } else {
+                pairs = [
+                  [searchQuery, ""],
+                ];
               }
-              title = this._generateEmphasisPairs(`%1$S${suggestedPart} %2$S`, [
-                                                    [searchQuery, "match"],
-                                                    [engineStr, "selected"],
-                                                  ]);
+              pairs.push([engineStr, "selected"]);
+              let interpStr = pairs.map((pair, i) => `%${i + 1}$S`).join("");
+              title = this._generateEmphasisPairs(interpStr, pairs);
+
               // If this is a default search match, we remove the image so we
               // can style it ourselves with a generic search icon.
               // We don't do this when matching an aliased search engine,
diff --git a/toolkit/content/widgets/browser.xml b/toolkit/content/widgets/browser.xml
index 0f63b73eca1..f65979e42d4 100644
--- a/toolkit/content/widgets/browser.xml
+++ b/toolkit/content/widgets/browser.xml
@@ -1171,6 +1171,9 @@
         ]]>
         </body>
       </method>
+
+      <!-- This will go away if the binding has been removed for some reason. -->
+      <field name="_alive">true</field>
     </implementation>
 
     <handlers>
diff --git a/toolkit/devtools/client/dbg-client.jsm b/toolkit/devtools/client/dbg-client.jsm
index fa9ac65c2a1..4c36ae72daa 100644
--- a/toolkit/devtools/client/dbg-client.jsm
+++ b/toolkit/devtools/client/dbg-client.jsm
@@ -739,6 +739,7 @@ DebuggerClient.prototype = {
 
     let request = new Request(aRequest);
     request.format = "json";
+    request.stack = Components.stack;
     if (aOnResponse) {
       request.on("json-reply", aOnResponse);
     }
@@ -1032,7 +1033,13 @@ DebuggerClient.prototype = {
     }
 
     if (activeRequest) {
-      activeRequest.emit("json-reply", aPacket);
+      let emitReply = () => activeRequest.emit("json-reply", aPacket);
+      if (activeRequest.stack) {
+        Cu.callFunctionWithAsyncStack(emitReply, activeRequest.stack,
+                                      "DevTools RDP");
+      } else {
+        emitReply();
+      }
     }
   },
 
diff --git a/toolkit/devtools/server/protocol.js b/toolkit/devtools/server/protocol.js
index 9073f2bdd83..e7dce7aec68 100644
--- a/toolkit/devtools/server/protocol.js
+++ b/toolkit/devtools/server/protocol.js
@@ -4,7 +4,7 @@
 
 "use strict";
 
-let { Cu } = require("chrome");
+let { Cu, components } = require("chrome");
 let DevToolsUtils = require("devtools/toolkit/DevToolsUtils");
 let Services = require("Services");
 let promise = require("promise");
@@ -1172,7 +1172,8 @@ let Front = Class({
     this._requests.push({
       deferred,
       to: to || this.actorID,
-      type
+      type,
+      stack: components.stack,
     });
     this.send(packet);
     return deferred.promise;
@@ -1209,20 +1210,22 @@ let Front = Class({
       throw err;
     }
 
-    let { deferred } = this._requests.shift();
-    if (packet.error) {
-      // "Protocol error" is here to avoid TBPL heuristics. See also
-      // https://mxr.mozilla.org/webtools-central/source/tbpl/php/inc/GeneralErrorFilter.php
-      let message;
-      if (packet.error && packet.message) {
-        message = "Protocol error (" + packet.error + "): " + packet.message;
+    let { deferred, stack } = this._requests.shift();
+    Cu.callFunctionWithAsyncStack(() => {
+      if (packet.error) {
+        // "Protocol error" is here to avoid TBPL heuristics. See also
+        // https://mxr.mozilla.org/webtools-central/source/tbpl/php/inc/GeneralErrorFilter.php
+        let message;
+        if (packet.error && packet.message) {
+          message = "Protocol error (" + packet.error + "): " + packet.message;
+        } else {
+          message = packet.error;
+        }
+        deferred.reject(message);
       } else {
-        message = packet.error;
+        deferred.resolve(packet);
       }
-      deferred.reject(message);
-    } else {
-      deferred.resolve(packet);
-    }
+    }, stack, "DevTools RDP");
   }
 });
 exports.Front = Front;
diff --git a/toolkit/devtools/server/tests/unit/test_client_request.js b/toolkit/devtools/server/tests/unit/test_client_request.js
index 4a1a5f274c6..870665c16e9 100644
--- a/toolkit/devtools/server/tests/unit/test_client_request.js
+++ b/toolkit/devtools/server/tests/unit/test_client_request.js
@@ -51,6 +51,25 @@ function init()
   });
 }
 
+function checkStack(expectedName) {
+  if (!Services.prefs.getBoolPref("javascript.options.asyncstack")) {
+    do_print("Async stacks are disabled.");
+    return;
+  }
+
+  let stack = Components.stack;
+  while (stack) {
+    do_print(stack.name);
+    if (stack.name == expectedName) {
+      // Reached back to outer function before request
+      ok(true, "Complete stack");
+      return;
+    }
+    stack = stack.asyncCaller || stack.caller;
+  }
+  ok(false, "Incomplete stack");
+}
+
 function test_client_request_callback()
 {
   // Test that DebuggerClient.request accepts a `onResponse` callback as 2nd argument
@@ -60,6 +79,7 @@ function test_client_request_callback()
   }, response => {
     do_check_eq(response.from, gActorId);
     do_check_eq(response.hello, "world");
+    checkStack("test_client_request_callback");
     run_next_test();
   });
 }
@@ -75,6 +95,7 @@ function test_client_request_promise()
   request.then(response => {
     do_check_eq(response.from, gActorId);
     do_check_eq(response.hello, "world");
+    checkStack("test_client_request_promise");
     run_next_test();
   });
 }
@@ -94,6 +115,7 @@ function test_client_request_promise_error()
     do_check_eq(response.from, gActorId);
     do_check_eq(response.error, "code");
     do_check_eq(response.message, "human message");
+    checkStack("test_client_request_promise_error");
     run_next_test();
   });
 }
@@ -108,6 +130,7 @@ function test_client_request_event_emitter()
   request.on("json-reply", reply => {
     do_check_eq(reply.from, gActorId);
     do_check_eq(reply.hello, "world");
+    checkStack("test_client_request_event_emitter");
     run_next_test();
   });
 }
@@ -117,4 +140,3 @@ function close_client() {
     run_next_test()
   });
 }
-
diff --git a/toolkit/devtools/server/tests/unit/test_protocol_stack.js b/toolkit/devtools/server/tests/unit/test_protocol_stack.js
new file mode 100644
index 00000000000..861e82e35a0
--- /dev/null
+++ b/toolkit/devtools/server/tests/unit/test_protocol_stack.js
@@ -0,0 +1,91 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+/**
+ * Client request stacks should span the entire process from before making the
+ * request to handling the reply from the server.  The server frames are not
+ * included, nor can they be in most cases, since the server can be a remote
+ * device.
+ */
+
+let protocol = devtools.require("devtools/server/protocol");
+let {method, Arg, Option, RetVal} = protocol;
+let events = devtools.require("sdk/event/core");
+
+function simpleHello() {
+  return {
+    from: "root",
+    applicationType: "xpcshell-tests",
+    traits: [],
+  };
+}
+
+let RootActor = protocol.ActorClass({
+  typeName: "root",
+  initialize: function(conn) {
+    protocol.Actor.prototype.initialize.call(this, conn);
+    // Root actor owns itself.
+    this.manage(this);
+    this.actorID = "root";
+    this.sequence = 0;
+  },
+
+  sayHello: simpleHello,
+
+  simpleReturn: method(function() {
+    return this.sequence++;
+  }, {
+    response: { value: RetVal() },
+  })
+});
+
+let RootFront = protocol.FrontClass(RootActor, {
+  initialize: function(client) {
+    this.actorID = "root";
+    protocol.Front.prototype.initialize.call(this, client);
+    // Root owns itself.
+    this.manage(this);
+  }
+});
+
+function run_test() {
+  if (!Services.prefs.getBoolPref("javascript.options.asyncstack")) {
+    do_print("Async stacks are disabled.");
+    return;
+  }
+
+  DebuggerServer.createRootActor = RootActor;
+  DebuggerServer.init();
+
+  let trace = connectPipeTracing();
+  let client = new DebuggerClient(trace);
+  let rootClient;
+
+  client.connect(function onConnect() {
+    rootClient = RootFront(client);
+
+    rootClient.simpleReturn().then(() => {
+      let stack = Components.stack;
+      while (stack) {
+        do_print(stack.name);
+        if (stack.name == "onConnect") {
+          // Reached back to outer function before request
+          ok(true, "Complete stack");
+          return;
+        }
+        stack = stack.asyncCaller || stack.caller;
+      }
+      ok(false, "Incomplete stack");
+    }, () => {
+      ok(false, "Request failed unexpectedly");
+    }).then(() => {
+      client.close(() => {
+        do_test_finished();
+      });
+    })
+  });
+
+  do_test_pending();
+}
diff --git a/toolkit/devtools/server/tests/unit/xpcshell.ini b/toolkit/devtools/server/tests/unit/xpcshell.ini
index 5903eb8b302..4214bb5d49d 100644
--- a/toolkit/devtools/server/tests/unit/xpcshell.ini
+++ b/toolkit/devtools/server/tests/unit/xpcshell.ini
@@ -98,6 +98,7 @@ support-files =
 [test_protocol_formtype.js]
 [test_protocol_longstring.js]
 [test_protocol_simple.js]
+[test_protocol_stack.js]
 [test_protocol_unregister.js]
 [test_breakpoint-01.js]
 [test_register_actor.js]
diff --git a/xpfe/appshell/nsContentTreeOwner.cpp b/xpfe/appshell/nsContentTreeOwner.cpp
index fd3a649db52..08111ddb79e 100644
--- a/xpfe/appshell/nsContentTreeOwner.cpp
+++ b/xpfe/appshell/nsContentTreeOwner.cpp
@@ -462,6 +462,24 @@ NS_IMETHODIMP nsContentTreeOwner::ShouldLoadURI(nsIDocShell *aDocShell,
   return NS_OK;
 }
 
+NS_IMETHODIMP
+nsContentTreeOwner::ShouldAddToSessionHistory(nsIDocShell *aDocShell,
+                                              nsIURI *aURI,
+                                              bool *_retval)
+{
+  NS_ENSURE_STATE(mXULWindow);
+
+  nsCOMPtr<nsIXULBrowserWindow> xulBrowserWindow;
+  mXULWindow->GetXULBrowserWindow(getter_AddRefs(xulBrowserWindow));
+
+  if (xulBrowserWindow) {
+    return xulBrowserWindow->ShouldAddToSessionHistory(aDocShell, aURI, _retval);
+  }
+
+  *_retval = true;
+  return NS_OK;
+}
+
 //*****************************************************************************
 // nsContentTreeOwner::nsIWebBrowserChrome2
 //*****************************************************************************   
diff --git a/xpfe/appshell/nsIXULBrowserWindow.idl b/xpfe/appshell/nsIXULBrowserWindow.idl
index de69319f12d..a3e8602731a 100644
--- a/xpfe/appshell/nsIXULBrowserWindow.idl
+++ b/xpfe/appshell/nsIXULBrowserWindow.idl
@@ -19,7 +19,7 @@ interface nsITabParent;
  * internals of the browser area to tell the containing xul window to update
  * its ui. 
  */
-[scriptable, uuid(db89f748-9736-40b2-a172-3928aa1194b2)]
+[scriptable, uuid(8974a499-d49b-43e1-8b32-c9b3ed81be3f)]
 interface nsIXULBrowserWindow : nsISupports
 {
   /**
@@ -62,6 +62,9 @@ interface nsIXULBrowserWindow : nsISupports
   bool shouldLoadURI(in nsIDocShell    aDocShell,
                      in nsIURI         aURI,
                      in nsIURI         aReferrer);
+
+  bool shouldAddToSessionHistory(in nsIDocShell aDocShell,
+                                 in nsIURI      aURI);
   /**
    * Show/hide a tooltip (when the user mouses over a link, say).
    */