Standardize Part3 #115
This commit is contained in:
parent
e6628e56df
commit
7c87abbe78
40
user.js
40
user.js
@ -444,6 +444,7 @@ user_pref("ghacks_user.js.parrot", "0900 syntax error: the parrot's expired!");
|
|||||||
// user_pref("signon.rememberSignons", false);
|
// user_pref("signon.rememberSignons", false);
|
||||||
/* 0902: use a master password (recommended if you save passwords)
|
/* 0902: use a master password (recommended if you save passwords)
|
||||||
* There are no preferences for this. It is all handled internally.
|
* There are no preferences for this. It is all handled internally.
|
||||||
|
* [SETTING] Options>Security>Logins>Use a master password
|
||||||
* [1] https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins ***/
|
* [1] https://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins ***/
|
||||||
/* 0903: set how often Firefox should ask for the master password
|
/* 0903: set how often Firefox should ask for the master password
|
||||||
* 0=the first time (default), 1=every time it's needed, 2=every n minutes (as per the next pref) ***/
|
* 0=the first time (default), 1=every time it's needed, 2=every n minutes (as per the next pref) ***/
|
||||||
@ -464,9 +465,8 @@ user_pref("signon.storeWhenAutocompleteOff", true);
|
|||||||
/* 0907: display warnings for logins on non-secure (non HTTPS) pages
|
/* 0907: display warnings for logins on non-secure (non HTTPS) pages
|
||||||
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 ***/
|
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1217156 ***/
|
||||||
user_pref("security.insecure_password.ui.enabled", true);
|
user_pref("security.insecure_password.ui.enabled", true);
|
||||||
/* 0908: When attempting to fix an entered URL (see 0802: browser.fixup.alternate.enabled),
|
/* 0908: remove user & password info when attempting to fix an entered URL (i.e 0802 is true)
|
||||||
* do not fix an entered password along with it: i.e do not turn ~http://user:password@foo into
|
* e.g //user:password@foo -> //user@(prefix)foo(suffix) NOT //user:password@(prefix)foo(suffix) ***/
|
||||||
* ~http://user:password@(prefix)foo(suffix) but instead ~http://user@(prefix)foo(suffix) ***/
|
|
||||||
user_pref("browser.fixup.hide_user_pass", true);
|
user_pref("browser.fixup.hide_user_pass", true);
|
||||||
/* 0909: disable formless login capture for Password Manager (FF51+) ***/
|
/* 0909: disable formless login capture for Password Manager (FF51+) ***/
|
||||||
user_pref("signon.formlessCapture.enabled", false);
|
user_pref("signon.formlessCapture.enabled", false);
|
||||||
@ -518,8 +518,8 @@ user_pref("browser.sessionstore.max_windows_undo", 0);
|
|||||||
user_pref("browser.sessionstore.privacy_level", 2);
|
user_pref("browser.sessionstore.privacy_level", 2);
|
||||||
/* 1022: disable resuming session from crash [SETUP] ***/
|
/* 1022: disable resuming session from crash [SETUP] ***/
|
||||||
user_pref("browser.sessionstore.resume_from_crash", false);
|
user_pref("browser.sessionstore.resume_from_crash", false);
|
||||||
/* 1023: If you use session restore, increasing the minimal interval between two session save
|
/* 1023: set the minimum interval between session save operations - increasing it
|
||||||
* operations can help on older machines and some websites, as well as reducing writes, see [1]
|
* can help on older machines and some websites, as well as reducing writes, see [1]
|
||||||
* Default is 15000 (15 secs). Try 30000 (30sec), 60000 (1min) etc
|
* Default is 15000 (15 secs). Try 30000 (30sec), 60000 (1min) etc
|
||||||
* [WARNING] This can also affect entries in the "Recently Closed Tabs" feature:
|
* [WARNING] This can also affect entries in the "Recently Closed Tabs" feature:
|
||||||
* i.e the longer the interval the more chance a quick tab open/close won't be captured.
|
* i.e the longer the interval the more chance a quick tab open/close won't be captured.
|
||||||
@ -625,9 +625,11 @@ user_pref("security.ssl.enable_ocsp_stapling", true);
|
|||||||
* It's a trade-off between security (checking) and privacy (leaking info to the CA)
|
* It's a trade-off between security (checking) and privacy (leaking info to the CA)
|
||||||
* [1] https://en.wikipedia.org/wiki/Ocsp ***/
|
* [1] https://en.wikipedia.org/wiki/Ocsp ***/
|
||||||
user_pref("security.OCSP.enabled", 1);
|
user_pref("security.OCSP.enabled", 1);
|
||||||
/* 1212: require certificate revocation check through OCSP protocol
|
/* 1212: enable OCSP revocation. When a CA cannot be reached to validate a cert, Firefox currently
|
||||||
|
* continues the connection. With OCSP revocation, Firefox terminates the connection instead.
|
||||||
* [WARNING] Since FF44 the default is false. If set to true, this may/will cause some
|
* [WARNING] Since FF44 the default is false. If set to true, this may/will cause some
|
||||||
* site breakage. Some users have previously mentioned issues with youtube, microsoft etc ***/
|
* site breakage. Some users have previously mentioned issues with youtube, microsoft etc
|
||||||
|
* [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/
|
||||||
// user_pref("security.OCSP.require", true);
|
// user_pref("security.OCSP.require", true);
|
||||||
/** CERTS / HSTS (HTTP Strict Transport Security) / HPKP (HTTP Public Key Pinning) ***/
|
/** CERTS / HSTS (HTTP Strict Transport Security) / HPKP (HTTP Public Key Pinning) ***/
|
||||||
/* 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+)
|
/* 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+)
|
||||||
@ -718,7 +720,8 @@ user_pref("ghacks_user.js.parrot", "1400 syntax error: the parrot's bereft of li
|
|||||||
* [SETTING] Options>Content>Font & Colors>Advanced>Allow pages to choose...
|
* [SETTING] Options>Content>Font & Colors>Advanced>Allow pages to choose...
|
||||||
* [SETUP] Disabling fonts can uglify the web a fair bit. ***/
|
* [SETUP] Disabling fonts can uglify the web a fair bit. ***/
|
||||||
user_pref("browser.display.use_document_fonts", 0);
|
user_pref("browser.display.use_document_fonts", 0);
|
||||||
/* 1402: enable icon fonts (glyphs) (FF41+) ***/
|
/* 1402: enable icon fonts (glyphs) (FF41+)
|
||||||
|
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=789788 ***/
|
||||||
user_pref("gfx.downloadable_fonts.enabled", true);
|
user_pref("gfx.downloadable_fonts.enabled", true);
|
||||||
/* 1403: disable rendering of SVG OpenType fonts
|
/* 1403: disable rendering of SVG OpenType fonts
|
||||||
* [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/
|
* [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/
|
||||||
@ -868,7 +871,7 @@ user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref)
|
|||||||
user_pref("media.gmp-gmpopenh264.autoupdate", false);
|
user_pref("media.gmp-gmpopenh264.autoupdate", false);
|
||||||
user_pref("media.gmp-manager.url", "data:text/plain,");
|
user_pref("media.gmp-manager.url", "data:text/plain,");
|
||||||
|
|
||||||
/*** 2000: MEDIA / CAMERA / MIKE ***/
|
/*** 2000: MEDIA / CAMERA / MIC ***/
|
||||||
user_pref("ghacks_user.js.parrot", "2000 syntax error: the parrot's snuffed it!");
|
user_pref("ghacks_user.js.parrot", "2000 syntax error: the parrot's snuffed it!");
|
||||||
/* 2001: disable WebRTC (Web Real-Time Communication)
|
/* 2001: disable WebRTC (Web Real-Time Communication)
|
||||||
* [1] https://www.privacytools.io/#webrtc ***/
|
* [1] https://www.privacytools.io/#webrtc ***/
|
||||||
@ -879,10 +882,11 @@ user_pref("media.peerconnection.identity.enabled", false);
|
|||||||
user_pref("media.peerconnection.identity.timeout", 1);
|
user_pref("media.peerconnection.identity.timeout", 1);
|
||||||
user_pref("media.peerconnection.turn.disable", true);
|
user_pref("media.peerconnection.turn.disable", true);
|
||||||
user_pref("media.navigator.video.enabled", false); // video capability for WebRTC
|
user_pref("media.navigator.video.enabled", false); // video capability for WebRTC
|
||||||
/* 2002: pref which improves the WebRTC IP Leak issue, as opposed to completely
|
/* 2002: limit WebRTC IP leaks if using WebRTC
|
||||||
* disabling WebRTC. You still need to enable WebRTC for this to be applicable (FF42+)
|
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1189041
|
||||||
* [1] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/
|
* [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1297416
|
||||||
user_pref("media.peerconnection.ice.default_address_only", true); // (FF41-FF50)
|
* [3] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/
|
||||||
|
user_pref("media.peerconnection.ice.default_address_only", true); // (FF42-FF50)
|
||||||
user_pref("media.peerconnection.ice.no_host", true); // (FF51+)
|
user_pref("media.peerconnection.ice.no_host", true); // (FF51+)
|
||||||
/* 2010: disable WebGL (Web Graphics Library), force bare minimum feature set if used & disable WebGL extensions
|
/* 2010: disable WebGL (Web Graphics Library), force bare minimum feature set if used & disable WebGL extensions
|
||||||
* [1] http://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/
|
* [1] http://www.contextis.com/resources/blog/webgl-new-dimension-browser-exploitation/
|
||||||
@ -896,8 +900,8 @@ user_pref("webgl.disable-fail-if-major-performance-caveat", true);
|
|||||||
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1171228
|
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1171228
|
||||||
* [2] https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug_renderer_info ***/
|
* [2] https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug_renderer_info ***/
|
||||||
user_pref("webgl.enable-debug-renderer-info", false);
|
user_pref("webgl.enable-debug-renderer-info", false);
|
||||||
/* 2012: two more webgl preferences (FF51+) ***/
|
/* 2012: disable two more webgl preferences (FF51+) ***/
|
||||||
user_pref("webgl.dxgl.enabled", false);
|
user_pref("webgl.dxgl.enabled", false); // [WINDOWS]
|
||||||
user_pref("webgl.enable-webgl2", false);
|
user_pref("webgl.enable-webgl2", false);
|
||||||
/* 2021: disable speech recognition
|
/* 2021: disable speech recognition
|
||||||
* [1] https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition
|
* [1] https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition
|
||||||
@ -1045,7 +1049,7 @@ user_pref("full-screen-api.enabled", false);
|
|||||||
* [2] https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/
|
* [2] https://www.mozilla.org/en-US/security/advisories/mfsa2015-50/
|
||||||
* [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 ***/
|
* [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 ***/
|
||||||
user_pref("javascript.options.asmjs", false);
|
user_pref("javascript.options.asmjs", false);
|
||||||
/* 2421: in addition to 2420, these settings will help harden JS against exploits such as CVE-2015-0817
|
/* 2421: disable Ion and baseline JIT to help harden JS against exploits such as CVE-2015-0817
|
||||||
* [WARNING] Causes the odd site issue and there is also a performance loss
|
* [WARNING] Causes the odd site issue and there is also a performance loss
|
||||||
* [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/
|
* [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/
|
||||||
// user_pref("javascript.options.ion", false);
|
// user_pref("javascript.options.ion", false);
|
||||||
@ -1116,7 +1120,7 @@ user_pref("dom.keyboardevent.dispatch_during_composition", false);
|
|||||||
* [NOTE] Changing this option changes BOTH these preferences
|
* [NOTE] Changing this option changes BOTH these preferences
|
||||||
* [WARNING] [SETUP] Affects text rendering (fonts will look different) and impacts video performance
|
* [WARNING] [SETUP] Affects text rendering (fonts will look different) and impacts video performance
|
||||||
* [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/
|
* [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/
|
||||||
user_pref("gfx.direct2d.disabled", true);
|
user_pref("gfx.direct2d.disabled", true); // [WINDOWS]
|
||||||
user_pref("layers.acceleration.disabled", true);
|
user_pref("layers.acceleration.disabled", true);
|
||||||
/* 2509: disable touch events [SETUP]
|
/* 2509: disable touch events [SETUP]
|
||||||
* fingerprinting attack vector - leaks screen res & actual screen coordinates
|
* fingerprinting attack vector - leaks screen res & actual screen coordinates
|
||||||
@ -1292,7 +1296,7 @@ user_pref("extensions.autoDisableScopes", 15);
|
|||||||
* CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
|
* CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
|
||||||
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1255474 ***/
|
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1255474 ***/
|
||||||
user_pref("network.proxy.autoconfig_url.include_path", false);
|
user_pref("network.proxy.autoconfig_url.include_path", false);
|
||||||
/* 2670: close bypassing of CSP via image mime types (FF51+)
|
/* 2670: disable "image/" mime types bypassing CSP (FF51+)
|
||||||
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1288361 ***/
|
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1288361 ***/
|
||||||
user_pref("security.block_script_with_wrong_mime", true);
|
user_pref("security.block_script_with_wrong_mime", true);
|
||||||
/* 2671: disable in-content SVG (Scalable Vector Graphics) (FF53+)
|
/* 2671: disable in-content SVG (Scalable Vector Graphics) (FF53+)
|
||||||
|
Loading…
Reference in New Issue
Block a user